Spyware is a type of malware Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch- that is installed on computers A computer is a programmable machine that receives input, stores and manipulates data, and provides output in a useful format and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end user, with no intervening computer operator. This is in contrast to the batch processing or time-sharing models which allowed large expensive mainframe. Sometimes, however, spywares such as keyloggers Keystroke logging is the practice of tracking(or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based to electromagnetic and acoustic analysis are installed by the owner of a shared, corporate, or public computer Public computers share similar hardware and software components to personal computers, however, the role and function of a public access computer is entirely different. A public access computer is used by many different untrusted individuals throughout the course of the day. The computer must be locked down and secure against both intentional and on purpose in order to secretly monitor other users.

While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information Personally Identifiable Information , as used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content. Hyperlinks present in resources enable users to easily navigate their browsers to activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite to serve billions of users worldwide. It is a network of networks that consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by a broad array of electronic and or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software Privacy-invasive software is a category of computer software that ignores users’ privacy and that is distributed with a specific intent, often of a commercial nature. Three typical examples of privacy-invasive software are adware, spyware and content hijacking programs.

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware Spyware is a type of malware that is installed on computers and collects information about users without their knowledge. The presence of spyware is typically hidden from the user. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, software. Running anti-spyware software has become a widely recognized element of computer security Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended practices for computers, especially those running Microsoft Windows Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer. The US Federal Trade Commission The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act. Its principal mission is the promotion of "consumer protection" and the elimination and prevention of what regulators perceive to be harmfully "anti-competitive" business practices, has placed on the Internet a page of advice to consumers about how to lower the risk of spyware infection, including a list of "do's" and "don'ts."^[1]

History and development

The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980. Users read and post public messages to one or more categories, known as newsgroups. Usenet resembles bulletin board systems (BBS) in most respects, and is the precursor to the various Internet forums that are widely used today; post that poked fun at Microsoft Microsoft Corporation is a multinational computer technology corporation that develops, manufactures, licenses, and supports a wide range of software products for computing devices. Headquartered in Redmond, Washington, USA, its most profitable products are the Microsoft Windows operating system and the Microsoft Office suite of productivity's business model A business model describes the rationale of how an organization creates, delivers, and captures value - economic, social, or other forms of value. The term business model is thus used for a broad range of informal and formal descriptions to represent core aspects of a business, including purpose, offerings, strategies, infrastructure,.^[2] Spyware at first denoted software Computer software, or just software is a general term primarily used for digitally stored data such as computer programs and other kinds of information read and written by computers. Today, this includes data that has not traditionally been associated with computers, such as film, tapes and records. The term was coined in order to contrast to the meant for espionage Espionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, as the legitimate holder of the information may change plans or take other countermeasures once it is known that the information is in unauthorized purposes. However, in early 2000 the founder of Zone Labs Check Point Software Technologies Ltd. is a global provider of IT security solutions. Best known for its firewall and VPN products, Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today the company develops, markets and supports a wide range of software and combined hardware and software, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall ZoneAlarm is a software firewall originally developed by Zone Labs, which was acquired in March 2004 by Check Point. It includes an inbound intrusion detection system, as well as the ability to control which programs can create outbound connections—the latter not available in the Windows XP Service Pack 2 firewall. As of August 2009[update], the.^[3] Since then, "spyware" has taken on its present sense.^[3] According to a 2005 study by AOL AOL Inc. , formerly known as America Online is an American global Internet services and media company. The company was based in Northern Virginia from its founding until 2007. It is currently headquartered at 770 Broadway in Manhattan, New York City. Founded in 1983 as Quantum Computer Services, it has franchised its services to companies in and the National Cyber-Security Alliance, 61 percent of surveyed users' computers had some form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.^[4] As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems In computing, an operating system is an interface between hardware and user, which is responsible for the management and coordination of activities and the sharing of the resources of a computer, that acts as a host for computing applications run on the machine. One of the purposes of an operating system is to handle the resource allocation and. Computers where Internet Explorer Windows Internet Explorer , is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. It has been the most widely used web browser since 1999, attaining a peak of about 95% usage share during 2002 and 2003 with IE5 and IE6 (IE) is the primary browser A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content. Hyperlinks present in resources enable users to easily navigate their browsers to are particularly vulnerable to such attacks not only because IE is the most widely-used,^[5] but because its tight integration with Windows allows spyware access to crucial parts of the operating system.^[5][6]

Before Internet Explorer 7 Windows Internet Explorer 7 is a web browser released by Microsoft in October 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser in more than 5 years. It ships as the default browser in Windows Vista and Windows Server 2008 and is offered as a replacement for Internet was released, the browser would automatically display an installation window for any ActiveX ActiveX is a framework for defining reusable software components that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language used to implement them. A software application can then be composed from one or more of these components in order to provide its functionality component that a website wanted to install. The combination of user naiveté towards malware Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch- and the assumption by Internet Explorer Windows Internet Explorer , is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. It has been the most widely used web browser since 1999, attaining a peak of about 95% usage share during 2002 and 2003 with IE5 and IE6 that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript JavaScript is an object-oriented scripting language used to enable programmatic access to objects within both the client application and other applications. It is primarily used in the form of client-side JavaScript, implemented as an integrated component of the web browser, allowing the development of enhanced user interfaces and dynamic websites, Internet Explorer and Windows to install without user knowledge or permission.

The Windows Registry The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.

Trend Micro Trend Micro is a global developer of software and services to protect against computer viruses, malware, spam, and Web-based threats. It is headquartered in Tokyo. Trend Micro was founded in 1988 in Los Angeles by Steve Chang, Jenny Chang and Eva Chen. Steve Chang served as Trend Micro's CEO until 2004 when he was succeeded by co-founder Eva Chen, Inc. defines Spyware as "[...] a program that monitors and gathers user information for different purposes.."^[7]

McAfee McAfee, Inc. is an antivirus software and computer security company headquartered in Santa Clara, California. It markets McAfee VirusScan and related security products and services, including the IntruShield, Entercept, and Foundstone brands Inc. defines Spyware as "Software that transmits personal information to a third party without the user's knowledge or consent."^[8]

Comparison

Spyware, adware and tracking

The term adware Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware[citation needed] and can be classified as privacy-invasive software frequently refers to any software which displays advertisements, whether or not the user has consented. Programs such as the Eudora Eudora is an e-mail client used on the Apple Macintosh and Microsoft Windows operating systems. It also supports several palmtop computing platforms, including Newton and the Palm OS. The software was named after American author Eudora Welty, because of her short story Why I Live at the P.O. Eudora was developed by Steve Dorner in 1988, who worked mail client display advertisements as an alternative to shareware The term shareware, popularized by Bob Wallace, refers to proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a periodical such as a registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service.

Most adware is spyware in a different sense than "advertising-supported software," for a different reason: it displays advertisements related to what it finds from spying on the users. Gator Software from Claria Corporation Claria Corporation was a media marketing software company based in Redwood City, California. It was established in 1998 by Denis Coleman. Its name was often used interchangeably with its Gain advertising network, which it claimed serviced over 40 million users. Claria exited the adware business at the end of second quarter 2006., and eventually (formerly GATOR) and Exact Advertising's BargainBuddy are examples. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user receives many pop-up advertisements Pop-up ads or pop-ups are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. It works when certain web sites open a new web browser window to display advertisements. The pop-up window containing an advertisement is usually generated by JavaScript, but can be generated by other means as.

Other spyware behavior, such as reporting on websites the user visits, occurs in the background. The data is used for "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar The Alexa Toolbar, an application produced by Alexa Internet, is a Browser Helper Object for Internet Explorer on Microsoft Windows that is used by Alexa to measure website statistics, an Internet Explorer plug-in published by Amazon.com Amazon.com, Inc. is an American-based multinational electronic commerce company. Headquartered in Seattle, Washington, it is America's largest online retailer, with nearly three times the Internet sales revenue of the runner up, Staples, Inc., as of January 2010, as spyware, and some anti-spyware programs such as Ad-Aware Ad-Aware is an anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user's computer. According to Lavasoft, Ad-Aware detects spyware, viruses, dialers, Trojans, bots, rootkits, data miners, aggressive advertising, parasites, browser hijackers, and tracking components report it as such. Many of these adware distributing companies are backed by millions of dollars of adware-generating revenues. Adware and spyware are similar to viruses in that they can be considered malicious in nature. People are profiting from misleading adware, sometimes known as scareware Scareware comprises several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach is designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics, such as Antivirus 2009 MS Antivirus is a scareware rogue anti-virus which claims to remove bogus virus infections found on a computer running Microsoft Windows. It attempts to get the user to purchases the full version of the software.

Similarly, software bundled with free, advertising-supported programs such as P2P A peer-to-peer, commonly abbreviated to P2P, is any distributed network architecture composed of participants that make a portion of their resources directly available to other network participants, without the need for central coordination instances (such as servers or stable hosts). Peers are both suppliers and consumers of resources, in act as spyware, (and if removed disable the 'parent' program) yet people are willing to download it. This presents a dilemma for proprietors of anti-spyware products whose removal tools may inadvertently disable wanted programs. For example, recent test results show that bundled software (WhenUSave) is ignored by popular anti-spyware program Ad-Aware Ad-Aware is an anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user's computer. According to Lavasoft, Ad-Aware detects spyware, viruses, dialers, Trojans, bots, rootkits, data miners, aggressive advertising, parasites, browser hijackers, and tracking components, (but removed as spyware by most scanners) because it is part of the popular (but recently decommissioned) eDonkey client. To address this dilemma, the Anti-Spyware Coalition The Anti-Spyware Coalition is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies has been working on building consensus within the anti-spyware industry as to what is and isn't acceptable software behavior. To accomplish their goal, this group of anti-spyware companies, academics, and consumer groups have collectively published a series of documents including a definition of spyware, risk model, and best practices document.

Spyware, virus and worm

Unlike viruses A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another when its host is taken to the and worms A computer worm is a self-replicating computer program. It uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some, spyware does not usually self-replicate. Like many recent viruses E-mail spam, also known as junk e-mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail. A common synonym for spam is unsolicited bulk e-mail . Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. "UCE" refers specifically to unsolicited commercial e-, however, spyware—by design—exploits infected computers for commercial gain. Typical tactics include delivery of unsolicited pop-up advertisements, theft of personal information (including financial information such as credit card numbers A bank card number is the primary account number found on credit cards and bank cards. It has a certain amount of internal structure and shares a common numbering scheme. Credit card numbers are a special case of ISO/IEC 7812 bank card numbers), monitoring of Web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.

However, spyware can be dropped as a payload by a worm.

Routes of infection

Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.

Most spyware is installed without users' knowledge. Since they tend not to install software if they know that it will disrupt their working environment and compromise their privacy, spyware deceives users, either by piggybacking on a piece of desirable software such as Kazaa, or by tricking them into installing it (the Trojan horse method). Some "rogue" spyware programs masquerade as security software.

The distributor of spyware usually presents the program as a useful utility—for instance as a "Web accelerator" or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, Bonzi Buddy, a program bundled with spyware^[9] and targeted at children, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!^[10]

Spyware can also come bundled with other software. The user downloads a program and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software. In other cases, spyware authors have repackaged desirable freeware with installers that slipstream spyware.

Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Sun Microsystems Java runtime.

The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment and scriptability make it an obvious point of attack into Windows. Internet Explorer also serves as a point of attachment for spyware in the form of Browser Helper Objects, which modify the browser's behavior to add toolbars or to redirect traffic.

In a few cases, a worm or virus has delivered a spyware payload. Some attackers used the Spybot worm to install spyware that put pornographic pop-ups on the infected system's screen.^[11] By directing traffic to ads set up to channel funds to the spyware authors, they profit personally.

Effects and behaviors

A spyware program is rarely alone on a computer: an affected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes, are also common. Spyware, which interferes with networking software commonly causes difficulty connecting to the Internet.

In some infections, the spyware is not even evident. Users assume in those situations that the issues relate to hardware, Windows installation problems, or another infection. Some owners of badly infected systems resort to contacting technical support experts, or even buying a new computer because the existing system "has become too slow". Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.

Only rarely does a single piece of software render a computer unusable. Rather, a computer is likely to have multiple infections. The cumulative effect, and the interactions between spyware components, causes the symptoms commonly reported by users: a computer, which slows to a crawl, overwhelmed by the many parasitic processes running on it. Moreover, some types of spyware disable software firewalls and anti-virus software, and/or reduce browser security settings, thus opening the system to further opportunistic infections, much like an immune deficiency disease. Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances make it even more likely that users will take action to remove the programs. One spyware maker, Avenue Media, even sued a competitor, Direct Revenue, over this; the two later settled with an agreement not to disable each others' products.^[12]

Some other types of spyware use rootkit like techniques to prevent detection, and thus removal. Targetsoft, for instance, modifies the "Winsock" Windows Sockets files. The deletion of the spyware-infected file "inetadpt.dll" will interrupt normal networking usage.

A typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs (intentionally or not) has unrestricted access to the system. As with other operating systems, Windows users too are able to follow the principle of least privilege and use non-administrator least user access accounts, or to reduce the privileges of specific vulnerable Internet-facing proceses such as Internet Explorer (through the use of tools such as DropMyRights). However as this is not a default configuration, few users do this.

In Windows Vista, by default, a computer administrator runs everything under limited user privileges. When a program requires administrative privileges, Vista will prompt the user with an allow/deny pop-up (see User Account Control). This improves on the design used by previous versions of Windows.

Advertisements

Many spyware programs display advertisements. Some programs simply display pop-up ads on a regular basis; for instance, one every several minutes, or one when the user opens a new browser window. Others display ads in response to specific sites that the user visits. Spyware operators present this feature as desirable to advertisers, who may buy ad placement in pop-ups displayed when the user visits a particular site. It is also one of the purposes for which spyware programs gather information on user behavior.

Many users complain about irritating or offensive advertisements as well. As with many banner ads, many spyware advertisements use animation or flickering banners which can be visually distracting and annoying to users. Pop-up ads for pornography often display indiscriminately. Links to these sites may be added to the browser window, history or search function. When children are the users, this could possibly violate anti-pornography laws in some jurisdictions.

A number of spyware programs break the boundaries of illegality; variations of “Zlob.Trojan” and “Trojan-Downloader.Win32.INService” have been known to show undesirable child pornography, key gens, cracks and illegal software pop-up ads which violate child pornography and copyright laws. ^{[13][14][15][16]}

A further issue in the case of some spyware programs has to do with the replacement of banner ads on viewed web sites. Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site's own advertisements (which fund the site) with advertisements that instead fund the spyware operator. This cuts into the margins of advertising-funded Web sites.

"Stealware" and affiliate fraud

A few spyware vendors, notably 180 Solutions, have written what the New York Times has dubbed "stealware", and what spyware researcher Ben Edelman terms affiliate fraud, a form of click fraud. Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.

Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity—replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract.^[17]

Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators such as 180 Solutions have been terminated from affiliate networks including LinkShare and ShareSale.^{[citation needed]}

Identity theft and fraud

In one case, spyware has been closely associated with identity theft.^[18] In August 2005, researchers from security software firm Sunbelt Software suspected the creators of the common CoolWebSearch spyware had used it to transmit "chat sessions, user names, passwords, bank information, etc.",^[19] however it turned out that "it actually (was) its own sophisticated criminal little trojan that's independent of CWS."^[20] This case is currently under investigation by the FBI.

The Federal Trade Commission estimates that 27.3 million Americans have been victims of identity theft, and that financial losses from identity theft totaled nearly $48 billion for businesses and financial institutions and at least $5 billion in out-of-pocket expenses for individuals.^[21]

Spyware-makers may commit wire fraud with dialer program spyware. These can reset a modem to dial up a premium-rate telephone number instead of the usual ISP. Connecting to these suspicious numbers involves long-distance or overseas charges which invariably result in high call costs. Dialers are ineffective on computers that do not have a modem, or are not connected to a telephone line.

Digital rights management

Some copy-protection technologies have borrowed from spyware. In 2005, Sony BMG Music Entertainment was found to be using rootkits in its XCP digital rights management technology^[22] Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function. Texas Attorney General Greg Abbott filed suit,^[23] and three separate class-action suits were filed.^[24] Sony BMG later provided a workaround on its website to help users remove it.^[25]

Beginning in April 25, 2006, Microsoft's Windows Genuine Advantage Notifications application^[26] installed on most Windows PCs as a "critical security update". While the main purpose of this deliberately non-uninstallable application is making sure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of "phoning home" on a daily basis, like spyware.^[27][28] It can be removed with the RemoveWGA tool.

Personal relationships

Spyware has been used to surreptitiously monitor electronic activities of partners in intimate relationships, generally to uncover evidence of infidelity. At least one software package, Loverspy, was specifically marketed for this purpose. Depending on local laws regarding communal/marital property, observing a partner's online activity without their consent may be illegal; the author of Loverspy and several users of the product were indicted in California in 2005 on charges of wiretapping and various computer crimes.^[29]

Browser cookies

Anti-spyware programs often report Web advertisers' HTTP cookies, the small text files that track browsing activity, as spyware. While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them. [1]

Examples of spyware

These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs which are frequently installed together may be described as parts of the same spyware package, even if they function separately.

• CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.^[30]

• Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.^[31]

• HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.^[32][33]

• Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay.^[34][35] The FTC filed a complaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers."^[36]

• MyWebSearch (of Fun Web Products) has a plugin that displays a search toolbar near the top of a browser window, and it spies to report user search-habits.^[37] MyWebSearch is notable for installing over 210 computer settings, such as over 210 MS Windows registry keys/values.^[38][39] Beyond the browser plugin, it has settings to affect Outlook, email, HTML, XML, etc. Although tools exist to remove MyWebSearch,^[38] it can be hand-deleted in 1 hour, by users familiar with using Regedit to find and delete keys/values (named with "MyWebSearch"). After reboot, the browser returns to the prior display appearance.

• WeatherStudio has a plugin that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove (uninstall) WeatherStudio from a computer, using its own uninstall-program, such as under C:\Program Files\WeatherStudio.^[40] Once WeatherStudio is removed, a browser returns to the prior display appearance, without the need to modify the browser settings.

• Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies (as seen in their [Zango End User License Agreement]).^[17]

• Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to Control Server^{[citation needed]}. Some information can be the search-history, the Websites visited, and even keystrokes.^{[citation needed]} More recently, Zlob has been known to hijack routers set to defaults.^[41]

Legal issues related to spyware

Criminal law

Unauthorized access to a computer is illegal under computer crime laws, such as the U.S. Computer Fraud and Abuse Act, the U.K.'s Computer Misuse Act and similar laws in other countries. Since the owners of computers infected with spyware generally claim that they never authorized the installation, a prima facie reading would suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the authors of other malware, particularly viruses. However, few spyware developers have been prosecuted, and many operate openly as strictly legitimate businesses, though some have faced lawsuits.^[42][43]

Spyware producers argue that, contrary to the users' claims, users do in fact give consent to installations. Spyware that comes bundled with shareware applications may be described in the legalese text of an end-user license agreement (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria claim these demonstrate that users have consented.

Despite the ubiquity of EULAs and of "clickwrap" agreements, under which a single click can be taken as consent to the entire text, relatively little case law has resulted from their use. It has been established in most common law jurisdictions that a clickwrap agreement can be a binding contract in certain circumstances.^[44] This does not, however, mean that every such agreement is a contract or that every term in one is enforceable.

Some jurisdictions, including the U.S. states of Iowa^[45] and Washington,^[46] have passed laws criminalizing some forms of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.

In the United States, lawmakers introduced a bill in 2005 entitled the Internet Spyware Prevention Act, which would imprison creators of spyware.^[47]

Administrative sanctions

US FTC actions

The US Federal Trade Commission has sued Internet marketing organizations under the "unfairness doctrine" ^[48] to make them stop infecting consumers’ PCs with spyware. In one case, that against Seismic Entertainment Productions, the FTC accused the defendants of developing a program that seized control of PCs nationwide, infected them with spyware and other malicious software, bombarded them with a barrage of pop-up advertising for Seismic’s clients, exposed the PCs to security risks, and caused them to malfunction, slow down, and, at times, crash. Seismic then offered to sell the victims an “antispyware” program to fix the computers, and stop the popups and other problems that Seismic had caused. On November 21, 2006, a settlement was entered in federal court under which a $1.75 million judgment was imposed in one case and $1.86 million in another, but the defendants were insolvent^[49]

In a second case, brought against CyberSpy Software LLC, the FTC charged that CyberSpy marketed and sold "RemoteSpy" keylogger spyware to clients who would then secretly monitor unsuspecting consumers’ computers. According to the FTC, Cyberspy touted RemoteSpy as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” The FTC has obtained a temporary order prohibiting the defendants from selling the software and disconnecting from the Internet any of their servers that collect, store, or provide access to information that this software has gathered. The case is still in its preliminary stages. A complaint filed by the Electronic Privacy Information Center (EPIC) brought the RemoteSpy software to the FTC’s attention.^[50]

Netherlands OPTA

An administrative fine, first of its kind in Europe, has been taken by the Independent Authority of Posts and Telecommunications (OPTA) from the Netherlands. It applied fines in total value of Euro 1,000,000 for infecting 22 million computers. The spyware is called DollarRevenue. The law articles which have been violated are art. 4.1 of the Decision on universal service providers and on the interests of end users; the fines have been given based on art. 15.4 taken together with art. 15.10 of the Dutch telecommunications law. A part of these fines has to be paid by the directors of these companies in their own person, i.e. not from the accounts of their companies, but from their personal fortunes.^[51] Since a protest procedure has been taken, the fines will have to be paid after a Dutch law court will take a decision in this case. The culprits maintain that the evidence for violating the two law articles has been obtained illegally. The names of the directors and the names of the companies have not been revealed, since it is not clear that OPTA is allowed to make such information public.^[52]

Civil law

Former New York State Attorney General and former Governor of New York Eliot Spitzer has pursued spyware companies for fraudulent installation of software.^[53] In a suit brought in 2005 by Spitzer, the California firm Intermix Media, Inc. ended up settling by agreeing to pay US$7.5 million and to stop distributing spyware.^[54]

The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers sued Claria for replacing advertisements, but settled out of court.

Courts have not yet had to decide whether advertisers can be held liable for spyware which displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, they have contracted with an advertising agency, which in turn contracts with an online subcontractor who gets paid by the number of "impressions" or appearances of the advertisement. Some major firms such as Dell Computer and Mercedes-Benz have sacked advertising agencies which have run their ads in spyware.^[55]

Libel suits by spyware developers

Litigation has gone both ways. Since "spyware" has become a common pejorative, some makers have filed libel and defamation actions when their products have been so described. In 2003, Gator (now known as Claria) filed suit against the website PC Pitstop for describing its program as "spyware".^[56] PC Pitstop settled, agreeing not to use the word "spyware", but continues to describe harm caused by the Gator/Claria software.^[57] As a result, other antispyware and antivirus companies have also used other terms such as "potentially unwanted programs" or greyware to denote these products.

Remedies and prevention

As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system. For instance, some versions of Vundo cannot be completely removed by Symantec, Microsoft, PC Tools, and others because it infects rootkit, Internet Explorer, and Windows' lsass.exe (Local Security Authority Subsystem Service) with a randomly-filenamed dll (dynamic link library).

Anti-spyware programs

Many programmers and some commercial firms have released products dedicated to remove or block spyware. Steve Gibson's OptOut pioneered a growing category. Programs such as Lavasoft's Ad-Aware SE (free scans for non-commercial users, must pay for other features) and Patrick Kolla's Spybot - Search & Destroy (all features free for non-commercial use) rapidly gained popularity as effective tools to remove, and in some cases intercept, spyware programs. On December 16, 2004, Microsoft acquired the GIANT AntiSpyware software^[58], rebranding it as Windows AntiSpyware beta and releasing it as a free download for Genuine Windows XP and Windows 2003 users. In 2006, Microsoft renamed the beta software to Windows Defender (free), and it was released as a free download in October 2006 and is included as standard with Windows Vista as well as Windows 7.

Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms' home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers real-time protection from them (as it does for viruses).

Recently^[when?], the anti-virus company Grisoft, creator of AVG Anti-Virus, acquired anti-spyware firm Ewido Networks, re-labeling their Ewido anti-spyware program as AVG Anti-Spyware Professional Edition. AVG also used this product to add an integrated anti-spyware solution to some versions of the AVG Anti-Virus family of products, and a freeware AVG Anti-Spyware Free Edition available for private and non-commercial use. This shows a trend by anti virus companies to launch a dedicated solution to spyware and malware. Zone Labs, creator of Zone Alarm firewall have also released an anti-spyware program.

Anti-spyware programs can combat spyware in two ways:

1. They can provide real time protection against the installation of spyware software on your computer. This type of spyware protection works the same way as that of anti-virus protection in that the anti-spyware software scans all incoming network data for spyware software and blocks any threats it comes across.
2. Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed onto your computer. This type of spyware protection is normally much easier to use and more popular. With this spyware protection software you can schedule weekly, daily, or monthly scans of your computer to detect and remove any spyware software that has been installed on your computer. This type of anti-spyware software scans the contents of the windows registry, operating system files, and installed programs on your computer and will provide a list of any threats found, allowing you to choose what you want to delete and what you want to keep.

Such programs inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Because many spyware and adware are installed as a result of browser exploits or user error, using security software (some of which are antispyware, though many are not) to sandbox browsers can also be effective to help restrict any damage done.

Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time protection, blocked the installation of ActiveX-based and other spyware programs.

Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates free. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually.

Not all programs rely on updated definitions. Some programs rely partly (for instance many antispyware programs such as Windows Defender, Spybot's TeaTimer and Spysweeper) or fully (programs falling under the class of HIPS such as BillP's WinPatrol) on historical observation. They watch certain configuration parameters (such as certain portions of the Windows registry or browser configuration) and report any change to the user, without judgment or recommendation. While they do not rely on updated definitions, which may allow them to spot newer spyware, they can offer no guidance. The user is left to determine "what did I just do, and is this configuration change appropriate?"

Windows Defender's SpyNet attempts to alleviate this through offering a community to share information, which helps guide both users, who can look at decisions made by others, and analysts, who can spot fast-spreading spyware. A popular generic spyware removal tool used by those with a certain degree of expertise is HijackThis, which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.

If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree may also work.

A new breed of spyware (Look2Me spyware by NicTechNetworks is a good example) hides inside system-critical processes and start up even in safe mode, see rootkit. With no process to terminate they are harder to detect and remove. Sometimes they do not even leave any on-disk signatures. Rootkit technology is also seeing increasing use,^[59] as is the use of NTFS alternate data streams. Newer spyware programs also have specific countermeasures against well known anti-malware products and may prevent them from running or being installed, or even uninstall them. An example of one that uses all three methods is Gromozon, a new breed of malware. It uses alternate data streams to hide. A rootkit hides it even from alternate data streams scanners and actively stops popular rootkit scanners from running.

Rogue anti-spyware programs

Malicious programmers have released a large number of rogue (fake) anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware—or else, may add more spyware of their own.^[60][61]

The recent^[update] proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them. This software is called rogue software.

It is recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate. Some known offenders include:

On January 26, 2006, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product.^[62] On December 4, 2006, the Washington attorney general announced that Secure Computer had paid $1 million to settle with the state. As of that date, Microsoft's case against Secure Computer remained pending.^[63]

Security practices

To deter spyware, computer users have found several practices useful in addition to installing anti-spyware programs.

Many system operators install a web browser other than IE, such as Opera, Google Chrome or Mozilla Firefox. Though no browser is completely safe, Internet Explorer is at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX.

Some ISPs—particularly colleges and universities—have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it.^[64] Many other educational institutions have taken similar steps. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may more readily attract institutional attention.^{[citation needed]}

Some users install a large hosts file which prevents the user's computer from connecting to known spyware-related web addresses. However, by connecting to the numeric IP address, rather than the domain name, spyware may bypass this sort of protection.

Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. Recently, CNet revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.^{[citation needed]}

The first step to removing spyware is to put a computer on "lockdown". This can be done in various ways, such as using anti-virus software or simply disconnecting the computer from the internet. Disconnecting the internet prevents controllers of the spyware from being able to remotely control or access the computer. The second step to removing the spyware is to locate it and remove it, manually or through use of credible anti-spyware software. During and after lockdown, potentially threatening websites should be avoided.

Programs distributed with spyware

• Bonzi Buddy^[65]
• Dope Wars^[66]
• EDonkey2000^[67]
• Grokster^[68]
• Kazaa^[69]
• Morpheus^[67]
• RadLight^[70]
• Sony's Extended Copy Protection involved the installation of spyware from audio compact discs through autorun. This practice sparked considerable controversy when it was discovered.
• WeatherBug^[71]
• WildTangent^[72] The antispyware program Counterspy used to say that it's okay to keep WildTangent, but it now says that the spyware Winpipe is "possibly distributed with the adware bundler WildTangent or from a threat included in that bundler".^[73]
• SpyEagle is a spyware program that is disguised as an Antivirus program.

Programs formerly distributed with spyware

• AOL Instant Messenger^[72] (AOL Instant Messenger still packages Viewpoint Media Player, and WildTangent)
• DivX (except for the paid version, and the "standard" version without the encoder). DivX announced removal of GAIN software from version 5.2.^[74]
• FlashGet (trial version prior to program being made freeware)^{[75][76][77][78][79][80]}
• magicJack^[81]

See also

• Keyloggers
• Computer insecurity
• Cyber spying
• Defensive computing
• Employee monitoring software
• List of fake anti-spyware programs
• Malware
• Phone home
• Rootkits
• Spy software
• Spy-phishing
• Spyware removal

Notes

1. ^ Spyware:Quick Facts
2. ^ Vossen, Roland (attributed); October 21, 1995; Win 95 Source code in c!! posted to rec.games.programmer; retrieved from groups.google.com November 28, 2006.
3. ^ ^{a b} Wienbar, Sharon. "The Spyware Inferno". News.com. August 13, 2004.
4. ^ "AOL/NCSA Online Safety Study". America Online & The National Cyber Security Alliance. 2005.
5. ^ ^{a b} Spanbauer, Scott. "Is It Time to Ditch IE?". Pcworld.com. September 1, 2004
6. ^ Keizer, Gregg. "Analyzing IE At 10: Integration With OS Smart Or Not?". TechWeb Technology News. August 25, 2005.
7. ^ http://us.trendmicro.com/us/threats/enterprise/glossary/s/spyware/index.php
8. ^ http://www.mcafee.com/us/security_wordbook/spyware.html
9. ^ "Prying Eyes Lurk Inside Your PC; Spyware Spawns Efforts at Control.". The Gale Group, Inc.. http://www.accessmylibrary.com/coms2/summary_0286-7669487_ITM. Retrieved 2008-06-05.
10. ^ Woods, Mark. "Click, you're infected". Protected. F-Secure. http://www.f-secure.com/f-secure/pressroom/protected/prot-1-2006/17-388-2826.shtml. Retrieved 2008-08-29.
11. ^ "Security Response: W32.Spybot.Worm". Symantec.com. Retrieved July 10, 2005.
12. ^ Edelman, Ben; December 7, 2004 (updated February 8, 2005); Direct Revenue Deletes Competitors from Users' Disks; benedelman.com; retrieved November 28, 2006.
13. ^ http://digg.com/security/Warner_Bros_website_distributing_Zango_Spyware_Kiddy_Porn_browser
14. ^ http://www.aic.gov.au/publications/htcb/htcb011.html
15. ^ http://www.2-spyware.com/news/post81.html
16. ^ http://www.castlecops.com/a5863-Child_Porn_Planting_Spyware_Beware.html
17. ^ ^{a b} Edelman, Ben (2004). "The Effect of 180solutions on Affiliate Commissions and Merchants". Benedelman.org. Retrieved November 14, 2006.
18. ^ Ecker, Clint (2005). Massive spyware-based identity theft ring uncovered. Ars Technica, August 5, 2005.
19. ^ Eckelberry, Alex. "Massive identity theft ring", SunbeltBLOG, August 4, 2005.
20. ^ Eckelberry, Alex. "Identity Theft? What to do?", SunbeltBLOG, August 8, 2005.
21. ^ FTC Releases Survey of Identity Theft in U.S. 27.3 Million Victims in Past 5 Years, Billions in Losses for Businesses and Consumers. Federal Trade Commission, September 3, 2003.
22. ^ Russinovich, Mark. "Sony, Rootkits and Digital Rights Management Gone Too Far,", Mark's Blog, October 31, 2005, retrieved November 22, 2006
23. ^ Press release from the Texas Attorney General's office, November 21, 2005; Attorney General Abbott Brings First Enforcement Action In Nation Against Sony BMG For Spyware Violations; retrieved November 28, 2006.
24. ^ "Sony sued over copy-protected CDs; Sony BMG is facing three lawsuits over its controversial anti-piracy software", BBC News, November 10, 2005, retrieved November 22, 2006.
25. ^ Information About XCP Protected CDs, retrieved November 29, 2006.
26. ^ Microsoft.com - Description of the Windows Genuine Advantage Notifications application, retrieved June 13, 2006
27. ^ Weinstein, Lauren. Windows XP update may be classified as 'spyware', Lauren Weinstein's Blog, June 5, 2006, retrieved June 13, 2006
28. ^ Evers, Joris. Microsoft's antipiracy (sic) tool "phones home" daily, ZDNet News, June 7, 2006, retrieved June 13, 2006
29. ^ Creator and Four Users of Loverspy Spyware Program Indicted (August 26, 2005)
30. ^ ""CoolWebSearch". Parasite information database. Archived from the original on 2006-01-06. http://web.archive.org/web/20060106083816/http://www.doxdesk.com/parasite/CoolWebSearch.html. Retrieved 2008-09-04.
31. ^ ""InternetOptimizer". Parasite information database. Archived from the original on 2006-01-06. http://web.archive.org/web/20060106084114/http://www.doxdesk.com/parasite/InternetOptimizer.html. Retrieved 2008-09-04.
32. ^ CA Spyware Information Center - HuntBar
33. ^ What is Huntbar or Search Toolbar?
34. ^ "FTC, Washington Attorney General Sue to Halt Unfair Movieland Downloads". Federal Trade Commission. 2006-08-15. http://www.ftc.gov/opa/2006/08/movieland.htm.
35. ^ "Attorney General McKenna Sues Movieland.com and Associates for Spyware". Washington State Office of the Attorney General. 2006-08-14. http://www.atg.wa.gov/pressrelease.aspx?id=4286.
36. ^ "Complaint for Permanent Injunction and Other Equitable Relief (PDF, 25 pages)". Federal Trade Commission. 2006-08-08. http://www.ftc.gov/os/caselist/0623008/060808movielandcmplt.pdf.
37. ^ "MyWay Searchbar, MyWay SpeedSearch", Adware Report, AdwareReport.com, Gooroo, Inc. 2004, webpage: AdwareRep-062.
38. ^ ^{a b} "MyWebSearch Removal Tool", Exterminate-it.com, 2009, Ext-it-mywebs: lists the folders, files and 210 registry keys/values to be deleted.
39. ^ "Removing My Web Search Bar and Error Message", What the Tech, Geeks to Go, Inc., 2009, webpage: WhatTheTech-MyWeb.
40. ^ "WeatherStudio: Privacy Policy", WeatherStudio.com, 2009, web: WStudio-policy.
41. ^ PCMAG, New Malware changes router settings, PC Magazine, June 13, 2008.
42. ^ "Lawsuit filed against 180solutions". zdnet.com September 13, 2005
43. ^ Hu, Jim. "180solutions sues allies over adware". news.com July 28, 2004
44. ^ Coollawyer; 2001-2006; Privacy Policies, Terms and Conditions, Website Contracts, Website Agreements; coollawyer.com; retrieved November 28, 2006.
45. ^ "". nxtsearch.legis.state.ia.us. Retrieved July 14, 2007.
46. ^ Chapter 19.270 RCW: Computer spyware. apps.leg.wa.gov. Retrieved November 14, 2006
47. ^ Gross, Grant. US lawmakers introduce I-Spy bill. InfoWorld, March 16, 2007, accessed March 24, 2007.
48. ^ See Federal Trade Commission v. Sperry & Hutchinson Trading Stamp Co.
49. ^ FTC Permanently Halts Unlawful Spyware Operations (FTC press release with links to supporting documents); see also FTC cracks down on spyware and PC hijacking, but not true lies, Micro Law, IEEE MICRO (Jan.-Feb. 2005), also available at IEEE Xplore.
50. ^ See Court Orders Halt to Sale of Spyware (FTC press release Nov. 17, 2008, with links to supporting documents).
51. ^ OPTA, "Besluit van het college van de Onafhankelijke Post en Telecommunicatie Autoriteit op grond van artikel 15.4 juncto artikel 15.10 van de Telecommunicatiewet tot oplegging van boetes ter zake van overtredingen van het gestelde bij of krachtens de Telecommunicatiewet" from 5 november 2007, http://opta.nl/download/202311+boete+verspreiding+ongewenste+software.pdf
52. ^ According to H. Moll and E. Schouten, "Limburgse ICT-baas blijkt spywarekoning", in NRC Handelsblad, 21 december 2007, the companies are: ECS International, Worldtostart and Media Highway International. Their owners are: Arjan de Raaf and Peter Emonds. Their accomplice having the nickname "Akill" has been arrested in Hamilton, New Zealand, for being the manager of a huge network of zombie computers.
53. ^ Office of New York State Attorney General (2005-04-28). "State Sues Major "Spyware" Distributor". Press release. http://www.oag.state.ny.us/media_center/2005/apr/apr28a_05.html. Retrieved 2008-09-04. "Attorney General Spitzer today sued one of the nation's leading internet marketing companies, alleging that the firm was the source of "spyware" and "adware" that has been secretly installed on millions of home computers."
54. ^ Gormley, Michael. ""Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general"". Yahoo! News. 2005-06-15. Archived from the original on 2005-06-22. http://web.archive.org/web/20050622082027/http://news.yahoo.com/news?tmpl=story&u=/cpress/20050615/ca_pr_on_tc/spitzer_spyware.
55. ^ Gormley, Michael (2005-06-25). "Major advertisers caught in spyware net". USA Today. http://www.usatoday.com/tech/news/computersecurity/2005-06-25-companies-spyware_x.htm. Retrieved 2008-09-04.
56. ^ Festa, Paul. "See you later, anti-Gators?". News.com. October 22, 2003.
57. ^ "Gator Information Center". pcpitstop.com November 14, 2005.
58. ^ "http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx"
59. ^ Roberts, Paul F. "Spyware meets Rootkit Stealth". eweek.com. June 20, 2005.
60. ^ Roberts, Paul F. (2005-05-26). "Spyware-Removal Program Tagged as a Trap". eWeek. http://www.eweek.com/article2/0,1759,1821127,00.asp. Retrieved 2008-09-04.
61. ^ Howes, Eric L. "The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites". Retrieved July 10, 2005.
62. ^ McMillan, Robert. Antispyware Company Sued Under Spyware Law. PC World, January 26, 2006.
63. ^ Leyden, John. Bogus anti-spyware firm fined $1m. The Register, December 5, 2006.
64. ^ Schuster, Steve. ""Blocking Marketscore: Why Cornell Did It". Archived from the original on 2007-02-14. http://web.archive.org/web/20070214111921/http://www.cit.cornell.edu/computer/security/marketscore/MarketScore_rev2.html. ". Cornell University, Office of Information Technologies. March 31, 2005.
65. ^ "Symantec Security Response - Adware.Bonzi". Symantec. Retrieved July 27, 2005.
66. ^ Edelman, Ben (2005). "Claria's Misleading Installation Methods - Dope Wars". Retrieved July 27, 2005
67. ^ ^{a b} Edelman, Ben (2005). "Comparison of Unwanted Software Installed by P2P Programs". Retrieved July 27, 2005.
68. ^ Edelman, Ben (2004). "Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It". Retrieved July 27, 2005
69. ^ Edelman, Ben (2004). "Claria License Agreement Is Fifty Six Pages Long". Retrieved July 27, 2005.
70. ^ "eTrust Spyware Encyclopedia - Radlight 3 PRO". Computer Associates. Retrieved July 27, 2005
71. ^ ""WeatherBug". Parasite information database. Archived from the original on 2005-02-06. http://web.archive.org/web/20050206011153/http://www.doxdesk.com/parasite/WeatherBug.html. Retrieved 2008-09-04.
72. ^ ^{a b} "Adware.WildTangent". Sunbelt Malware Research Labs. 2008-06-12. http://research.sunbeltsoftware.com/threatdisplay.aspx?name=AdWare.WildTangent&threatid=236165. Retrieved 2008-09-04.
73. ^ "Winpipe". Sunbelt Malware Research Labs. 2008-06-12. http://research.sunbelt-software.com/threatdisplay.aspx?name=Winpipe&threatid=15154. Retrieved 2008-09-04.
74. ^ "How Did I Get Gator?". PC Pitstop. Retrieved July 27, 2005.
75. ^ "eTrust Spyware Encyclopedia - FlashGet". Computer Associates. Retrieved July 27, 2005
76. ^ Jotti's malware scan of FlashGet 3.
77. ^ VirusTotal scan of FlashGet 3.
78. ^ Jotti's malware scan of FlashGet 1.96.
79. ^ VirusTotal scan of FlashGet 1.96.
80. ^ Some caution is required since FlashGet 3 EULA makes mention of Third Party Software, but does not name any third party producer of software. However, a scan with SpyBot Search & Destroy, performed on November 20, 2009 after installing FlashGet 3 did not show any malware on an already anti-spyware immunized system (by SpyBot and SpywareBlaster).
81. ^ Gadgets boingboing.net, MagicJack's EULA says it will spy on you and force you into arbitration

External links

• How Spyware Works
• How Spyware And The Weapons Against It Are Evolving — article discussing causes and possible remedies of the spyware problem.
• StopBadware.org — A non-profit group (sponsored by Google, Lenovo, and Sun) that aims to provide "reliable, objective information about downloadable applications".

Categories: Spyware | Malware | Rogue software | Computer network security | Internet advertising and promotion | Espionage techniques | Espionage devices

See Also:

• Spyware

What Links Here:

Recently Viewed Pages:

• Fresh Transparent Proxies: Blogs
• Anonymous Web Proxy
• Thai Lotto: Blogs
• Fresh Elite Anonymous: Blogs
• Www Magicwintip Com: Blogs
• Proxy Lists: Blogs
• Web Search
• Xnxx: Images
• Check Proxies: Blogs
• Proxy Server: Blogs

Most Popular Pages:

• Anonymous Web Proxy
• Home
• American Hot Girls: Images
• Fresh Elite Anonymous: Blogs
• Fresh Transparent Proxies: Blogs
• Socks Lists: Blogs
• Thai Lotto: Blogs
• Spyware: Web Search
• Www Magicwintip Com: Blogs
• Ghalamnews Ir

Related 'Spyware' Searches: