Spyware and Implementing Network Security - Essay Example

Spyware & Implementing Network Security to Prevent it Contents . 3 Introduction ...5 2. How spyware attacks 7 3. Methodology......8 4. Literature Review .15 5. Results and Discussion. ..17 6. Conclusion .21 List of References....23 abstract The use of Internet in the daily activities is continuously increased. Moreover, as the demands of the customers change Internet services have also to be developed in order to meet the requirements set by the consumers. Personal information is secretly recorded with a variety of techniques, including logging keystrokes, recording Internet web browsing history, and scanning documents on the computer's hard disk. Purposes range from overtly criminal (theft of passwords and financial details) to the merely annoying (recording Internet search history for targeted advertising, while consuming computer resources). Spyware may collect different types of information. Some variants attempt to track the websites a user visits and then send this information to an advertising agency. More malicious variants attempt to intercept passwords or credit card numbers as a user enters them into a web form or other application. The scourge of spyware is going to be here for quite a while, simply because the attacker make so much money from it. An attacker can make a dollar or more per month per infected system by using spyware to inject pop-up ads, Spam and other annoyances. Therefore, attackers have a vested interest to constantly adapt their software and make it ever more stealthy and sticky. Additionally, the stakes are even higher if the attacker can steal credit card or bank account information. What we've seen in the past three years is the growth of a spyware industry that spins off millions of dollars. That money is often folded back into research and development for more malicious attacks. This R&D funding makes their software even more powerful and will continue to do so for the foreseeable future. As spyware continues to threaten the stability of corporate infrastructures, it's crucial to understand how this malicious software works and how to defend against it. This assignment is a compilation of resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware. 1. Introduction Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet where it is sometimes called a spybot or tracking software, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Some common examples of spyware are CoolWebSearch (CWS), Gator (GAIN), 180search Assistant ISTbar/AUpdate, Transponder (vx2), Internet Optimizer Blaze Find, Hot as Hell, Advanced Key logger, TIBS Dialer. (Wpi .Edu) Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called "spyware." As a result, McAfee (the Internet security company) and others now refer to such applications as "potentially unwanted programs" (PUP). (Techmedia) The cookie is a well-known mechanism for storing information about an Internet user on their own computer. If a Web site stores information about you in a cookie that you don't know about, the cookie can be considered a form of spyware. Cookies can also store personally identifiable information. Personally identifiable information is information that can be used to identify or contact you, such as your name, e-mail address, home or work address, or telephone number. However, a Web site only has access to the personally identifiable information that you provide. (Allangardner.com) Spyware is part of an overall public concern about privacy on the Internet. In the field of computing, the term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware by design exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information including financial information such as credit card numbers; monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. Software that sends information about someone's web surfing habits to its web site. Often quickly installed in computer in combination with a free download selected from the Web, spyware transmits information in the background as we move around the Web. Also known as "parasite software," "scumware," "junkware" and "thiefware," spyware is occasionally installed just by visiting a Web site. (Easton 2004) . The license agreement that everyone accepts without reading may actually state that you are installing spyware and explain what it does. For example, it might say that the program performs anonymous profiling, which means that your habits are being recorded, not you individually. Such software is used to create marketing profiles. There are also spyware programs that keep changing the home page in the browser to a particular Web site or just keep popping up ads all the time. Nevertheless, once you detect spyware, it can be eliminated, albeit with difficulty sometimes. Spyware blockers can detect an invasion of spyware into your computer and have become as popular as antivirus programs. Merchants place ads with spyware advertisers because they feel their promotions are focused. In fact, many feel that the Internet has opened up the most intelligent marketing system the world has ever seen. Merchants say they are targeting prospects who are really interested in their products, and spyware vendors argue that as long as they treat users anonymously, they are not violating privacy. Since spyware and adware are unwanted software, it would seem that antivirus software should detect spyware and Adware as well as viruses and Trojans. Although some security suites provide all these capabilities, antispyware and antivirus modules are typically separate functions. Perhaps, it evolved in different camps because the intent of the software is different. Spyware writers want their software to remain hidden and perform their tasks for months to come. However, Trojans are viruses that are designed to remain hidden in the computer as well, so the two philosophies do overlap. (Wpi.edu) 2. How spyware attacks The spread of spyware has led to the development of an entire anti-spyware industry. Its products remove or disable existing spyware on the computers they are installed on and prevent its installation. However, a number of companies have incorporated forms of spyware into their products. These programs are not considered malware, but are still spyware as they watch and observe for advertising purposes. It is debatable whether such 'legitimate' uses of adware / spyware are malware since the user often has no knowledge of these 'legitimate' programs being installed on his/her computer and is generally unaware that these programs are infringing on his/her privacy. In any case, these programs still use the resources of the host computer without permission. As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. In an estimate based on customer-sent scan logs, Webroot Software, makers of Spy Sweeper, said that 9 out of 10 computers connected to the Internet are infected. Computers where Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks not only because IE is the most widely-used but because its tight integration with Windows allows spyware access to crucial parts of the operating system. ( Piccard Paul, 2006 121) 3. METHOLOGY Spyware, adware and tracking The term adware frequently refers to any software which displays advertisements, whether or not the user has consented. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service. Most spyware is adware in a different sense: it displays advertising. Claria Corporation's Gator Software and Exact Advertising's BargainBuddy are examples. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user receives many pop-up advertisements. (Easton, 2004) Other spyware behavior, such as reporting on websites the user visits, occurs in the background. The data is used for "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware Many users, however, choose to install it. Similarly, software bundled with free, advertising-supported programs such as P2P act as spyware and if removed disable the 'parent' program. Yet people are willing to download it. This presents a dilemma for proprietors of anti-spyware products whose removal tools may inadvertently disable wanted programs. (Kiesler,2003 285). These recent test results show how a bundled software (WhenUSave) is ignored by popular anti spyware program AdAware, (but removed as spyware by most scanners) because it is part of the popular (but recently decommissioned) Edonkey client. (Kiesler,2003 298). Spyware, virus and worm Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses, however, spyware by design exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. Routes of infection Spyware does not directly spread in the manner of a computer virus or worm. Generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. Most spyware is installed without users being aware. Since they tend not to install software if they know that it will disrupt their working environment and compromise their privacy, spyware deceives users, either by piggybacking on a piece of desirable software, or tricking them into installing it. Some "rogue" anti-spyware programs even masquerade as security software. The distributor of spyware usually presents the program as a useful utility or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, a spyware program targeted at children, claims that: "He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!" (Mondal, 2003 57) Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software. In other cases, spyware authors have repackaged desirable free software with installers that add spyware. A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. IE prevents websites from initiating an unwanted download. Instead, it requires a user action, such as clicking on a link. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimise your Internet access" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. ( Sullivan& Dan, 2005 ) Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime. ( Sullivan& Dan, 2005 ) The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment and scriptability make it an obvious point of attack into Windows. Internet Explorer also serves as a point of attachment for spyware in the form of Browser Helper Objects, which modify the browser's behaviour to add toolbars or to redirect traffic. Effects and behaviors A spyware program is rarely alone on a computer: an affected machine can rapidly be infected by many other components. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic, all of which slow the computer down. Stability issues, such as application or system-wide crashes, are also common. Spyware which interferes with networking software commonly causes difficulty connecting to the Internet. In some infections, the spyware is not even evident. Users assume in those situations that the issues relate to hardware, to Windows installation problems, or a virus. Some owners of badly infected systems resort to contacting technical support experts, or even buying a new computer because the existing system has become too slow. Badly infected systems may require a clean reinstall of all their software in order to return to full functionality. Only rarely does a single piece of software render a computer unusable. Rather, a computer will likely have multiple infections. As the 2004 AOL study noted, if a computer has any spyware at all, it typically has dozens of different pieces installed. The cumulative effect, and the interactions between spyware components, cause the symptoms commonly reported by users: a computer which slows to a crawl, overwhelmed by the many parasitic processes running on it. Moreover, some types of spyware disable software firewalls and anti-virus software, and/or reduce browser security settings, thus opening the system to further opportunistic infections, much like an immune deficiency disease. Some spyware has disabled or even removed competing spyware programs, on the grounds that more spyware-related annoyances make it even more likely that users will take action to remove the programs. One spyware maker, Avenue Media, even sued a competitor, Direct Revenue, over this; the two later settled with an agreement not to disable each others' products. Some other types of spyware modify system files so they will be harder to remove. Targetsoft modifies the "Winsock" Windows Sockets files. The deletion of the spyware-infected file "inetadpt.dll" will interrupt normal networking usage. Unlike users of many other operating systems, a typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs intentionally or not has unrestricted access to the system. Spyware, along with other threats, has led some Windows users to move to other platforms such as Linux or Apple Macintosh, which are less attractive targets for malware. This is because these programs are not granted unrestricted access to the operating system and some allege it's partly due to the far smaller number of machines installed with these operating systems making spyware development potentially less profitable for these platforms. Advertisements Many spyware programs display advertisements. Some programs simply display pop-up ads on a regular basis; for instance, one every several minutes, or one when the user opens a new browser window. Others display ads in response to specific sites that the user visits. Spyware operators present this feature as desirable to advertisers, who may buy ad placement in pop-ups displayed when the user visits a particular site. It is also one of the purposes for which spyware programs gather information on user behavior. Pop-ups are one of users' most common complaints about spyware. Many users complain about irritating or offensive advertisements as well. As with many banner ads, many spyware advertisements use animation or flickering banners which can be visually distracting and annoying to users. Pop-up ads for pornography often display indiscriminately. When children are the users, this could possibly violate anti-pornography laws in some jurisdictions. (Jain , Kasturi & Schunck, 2005 ) A further issue in the case of some spyware programs has to do with the replacement of banner ads on viewed web sites. Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site's own advertisements which fund the site with advertisements that instead fund the spyware operator. This cuts into the margins of advertising-funded Web sites. 4. Literature Review "Stealware" and affiliate fraud A few spyware vendors have written what the New York Times has dubbed "stealware", and what spyware-researcher Ben Edelman terms affiliate fraud, also known as click fraud. Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor. Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity-replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, Networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an affiliate who is not party to a contract. Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators have been terminated from affiliate networks. (Easton 2004) Identity theft and fraud In one case, spyware has been closely associated with identity theft. In August 2005, researchers from security software firm Sunbelt Software believed that the makers of the common CoolWebSearch spyware had used it to transmit "chat sessions, user names, passwords, bank information, etc.", but it turned out that "it actually was its own sophisticated criminal little trojan that's independent of CWS. That case aside, identity theft remains theoretically possible as keyloggers are routinely packaged with spyware. Identity thieves have stolen over $24 billion US dollars of account information in the United States alone. Spyware-makers may commit wire fraud with dialer program spyware. These can reset a modem to dial up a premium-rate telephone number instead of the usual ISP. Connecting to these suspicious numbers involves long-distance or overseas charges which invariably result in high charges. Dialers are ineffective on computers that do not have a modem, or are not connected to a telephone line. (Easton, 2004) Spyware and cookies Anti-spyware programs often report Web advertisers' HTTP cookies, the small text files that track browsing activity, as spyware. While they are not inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and so many anti-spyware programs offer to remove them. (Allangardner.com) Additional Measures To safeguard against threat of Spyware, the following measures will be helpful: 1. Increase your security settings on your browser. The higher the settings, the less a potential attacker can accomplish, if he can get in at all. 2. Limit your user rights when online. Using these vulnerabilities, a malicious user can typically only work under the same rights as the legitimate user. Hence, if the legitimate user logs in with only standard user privileges, the malicious user would only be able to obtain those same privileges. In contrast, if the user is logged-in with administrator privileges, the malicious user could potentially gain full control of the user's system. 3. Change your email preferences to: i. disable automatic download when previewing the message ii. block pictures and other Internet content (including HTML) from automatically downloading to your computer 4. Use safe email practices, including abstaining from clicking on any embedded links 5. Abstain from launching attachments that appear to be pictures or other files from an unknown source, as well as from people you know, if the attachment was unexpected. When in doubt, ask the person if they sent you anything, prior to opening any attachment. Security experts suggests that users must take the following measures to protect against these and other attacks additionally. Ensure your system is patched with the most current system update. Ensure your antivirus definitions are up-to-date. 5. Results and Discussion Remedies and prevention As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system. Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system. Anti-spyware programs Many programmers and some commercial firms have released products designed to remove or block spyware. Programs such as Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search & Destroy rapidly gained popularity as effective tools to remove, and in some cases intercept, spyware programs. More recently Microsoft acquired the GIANT AntiSpyware software, rebranding it as Windows AntiSpyware beta and releasing it as a free download for Windows XP and Windows 2003 users. In early spring, 2006, Microsoft renamed the beta software to Windows Defender, and it was released as a free download in October 2006. Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms' home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers real-time protection from them (as it does for viruses). Recently the anti virus company Grisoft, who make the AVG anti virus program, re-labled the Ewido anti spyware program as AVG anti Spyware program. (Techmedia) This shows a trend by anti virus companies to launch a dedicated solution to spyware and malware. Anti-spyware programs can combat spyware in two ways: 1. Real-time protection, which prevents the installation of spyware; 2. Detection and removal, which removes spyware from an infected computer. Writers of anti-spyware programs usually find detection and removal simpler, and many more programs have become available which do so. Such programs inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Because many spyware and adware are installed as a result of browser exploits or user error, using security software to sandbox browsers can also be effective to help restrict any damage done. Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates gratis. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually. (Boutell.com) Not all programs rely on updated definitions. Some programs rely partly or fully on historical observation. They watch certain configuration parameters such as certain portions of the Windows registry or browser configuration and report any change to the user, without judgment or recommendation. While they do not rely on updated definitions, which may allow them to spot newer spyware, they can offer no guidance. The user is left to determine what to do next. Windows Defender's Spynet attempts to alleviate this through offering a community to share information, which helps guide both users, who can look decisions made by others, and analysts, who can spot fast-spreading spyware. A popular generic spyware removal tool used by those with a certain degree of expertise is HijackThis, which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete. Open source anti-spyware programs are also available. One program, wssecure, can detect new processes and change in system files using checksum verification, a technique that can be helpful in detecting spyware that are downloaded automatically due to Windows vulnerabilities. (Feinstein, 2004) If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree can also work. A new breed of spyware is starting to hide inside system-critical processes and start up even in safe mode. With no process to terminate they are harder to detect and remove. Sometimes they do not even leave any on-disk signatures. Rootkit technology is also seeing increasing use as is the use of NTFS alternate data streams. Newer spyware programs also have specific countermeasures against well known anti-malware products and may prevent them from running or being installed, or even uninstall them. An example of one that uses all three methods is Gromozon, a new breed of malware. It uses alternate data streams to hide. A rootkit hides it even from alternate data streams scanners and actively stops popular rootkit scanners from running. (Feinstein, 2004) Fake anti-spyware programs Malicious programmers have released a large number of fake anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware - or worse, may add more spyware of their own. The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them. They are called rogue software. 6. CONCLUSION Spyware programs are a growing threat to corporations today. Reports now show that nearly one in three computers are infected with a Trojan horse or system monitor planted by spyware. These hidden software programs gather and transmit information about a person or organization via the Internet without their knowledge. To deter spyware, computer users have found several practices useful in addition to installing anti-spyware programs. Many system operators install a web browser other than IE, such as Opera or Mozilla Firefox. Although these have also suffered some security vulnerabilities, they are not targeted as much as IE because most users who are likely to fall for spyware are not using them. Though no browser is completely safe, Internet Explorer is at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX. (Techmedia) Some ISPs - particularly colleges and universities - have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. Many other educational institutions have taken similar steps. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may more readily attract institutional attention. (Techmedia) Some users install a large hosts file which prevents the user's computer from connecting to known spyware related web addresses. However, by connecting to the numeric IP address, rather than the domain name, spyware may bypass this sort of protection. Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. With spyware's rapid proliferation, organizations are in critical need of anti-spyware technology. Although many point solutions claim to do the job, the most effective defense involves a fully integrated security system with antivirus and anti-spyware on a single platform. This empowers IT administrators to more efficiently manage a coordinated defense against all forms of malware-including the growing threat of spyware. Reference Anti-spyware. Spyware Doctor Retrieved February 2,2007, from http://anti-spyware-review.toptenreviews.com/spyware-doctor-review.html Boutell.com What are spyware and adware Retrieved February 2,2007, from http://www.boutell.com/newfaq/definitions/spyware.html Cookies. Retrieved February 2,2007, from http://allangardner.com/cookies.htm Easton Andrew. COMPUTER TROUBLESHOOTING. Dorling Ki. 2004. Feinstein Ken. How to Do Everything to Fight Spam, Viruses, Pop-Ups, and Spyware Jul 27, 2004 Jain R, Kasturi R & Schunck BG (2005). Machine vision: McGraw-Hill, New Delhi P.724-750. Kiesler, S. (2003). 'Culture of the Internet' Lawrence Erlbaum Associates. Mahwah, NJ. P. 280 - 301 Microsoft. Antivirus Defense in Depth Guide.17-21 Piccard Paul . (2006).Combating Spyware in the Enterprise. Syngress Publishing.91-130 Mondal, A. S. (2003). 'Mobile IP - Present State and Future', Series in Computer Science, Kluwer Academic/ Plenum Publishers Scott Mueller. Techmedia. Upgrading and Repairing MS Windows Protecting Windows from viruses and spyware. Sullivan& Dan.( 2005).The Definitive Guide to Controlling Malware, Spyware, Phishing, & Spam. Realtimepublishers.com Spywarehunter.PC Tool's Threat Expert Claims to Beat Malware in Minutes. Retrieved February 3,2007, from http://www.spywarehunter.org/ Spyware Frequently Asked Questions (FAQ) .Retrieved February 2,2007, from https://www.wpi.edu/Academics/CCC/Help/Software/spyware.html Read More