What kind of wireless router do you have? You need to secure use WEP or WPA. Please read the directions on doing so. If it is not secure you'll have to login to the admin account on your router which is probably not secure either. That means anyone "stealing" your signal can also get in. Anyway, you may be able to check the system records. Need more information to really help you out.
Varying speed alone is not enough to say that someone is stealing your internet. you should google for software to sniff out moochers as you call them. Anyways, it would be best to change your password immediately and set your SSID to not be broadcast. Do so only after you have linked up all your devices and configured them to connect to the network even if its not broadcasting.
If you have a wireless router that's unsecured, then someone may be connecting to it and using your internet connection. To find out, access the routers web-interface where you can see how many computers are connected.
To get to the router web interface, consult the manufacturer's website.
If you don't have a wireless router, then it's highly unlikely someon is tapped into your network.