There's an interesting article on Wired about how the FBI used a spyware program to track a teenager who was making bomb threats against a Washington state high school. Also included in the article is a link to the actual affidavit submitted to the 9th U.S. Circuit Court of Appeals.
This is the same court that recently ruled that agencies requesting court orders to obtain IP addresses as well as To/From addresses in e-mail messages do not require probable cause. The FBI stated that none of the monitored communication's content was examined in this particular situation.
The spyware code-named CIPAV (Computer and Internet Protocol Address Verifier) appears to initially reveal all the usual information about the computer it's installed on — for example, IP/MAC addresses, list of open TCP and UDP ports, particulars about the operating system and Internet browser, as well as user information.
Then the application resets to what the FBI spokesperson called a "pen register" mode. This is apparently where the application monitors Internet use by logging the IP addresses of sites visited. This, along with the initial information, is transmitted to a FBI data server at some undisclosed location.
All of the most interesting details were not released by the FBI. Such as what the CIPAV application is really capable of and how it is installed on the suspect's computer.
Going public with this will certainly raise some interest with the EFF as well as with security companies that develop applications to prevent this type of intrusion.