|
 ABSTRACT
While they seem very similar, often using the same tools and techniques, spyware installations are carried out for very different reasons than traditional malware attacks. Consequently, different strategies must be used to fight them. Malware is usually installed by an individual focused on harming a computer system or its owner by damaging operations or stealing data. Spyware's installation is more commercially motivated, involving the coordinated efforts of numerous parties who profit from its exploitation. This paper reviews the tactics used in spyware and related adware campaigns. It also describes the major players involved, from hackers and distributors to online advertising firms and their corporate sponsors and investors. Proposed and existing legislation is analyzed to find which laws can be used most effectively to counteract the commercial and criminal forces driving the spyware industry.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Anti-Spyware Coalition (2006, June 26). Final working report: definitions. Retrieved July 12, 2006 from http://www.antispywarecoalition.org/documents/documents/ASCDefinitionsWorkingReport20060622.pdf
|
| |
2
|
Anti-Spyware Coalition (2006, June 26). Final working report: risk model descriptions. Retrieved July 12, 2006 from http://www.antispywarecoalition.org/documents/documents/ASCRiskModelDescriptionWorkingReport20060622.pdf
|
| |
3
|
Boyd, C. (2006, July 9). Teenagers used to push zango on myspace? Retrieved July 15, 2006 from http://www.vitalsecurity.org/2006/07/teenagers-used-to-push-zango-on.html
|
| |
4
|
Children's Online Privacy Protection Act of 1998, 15 U.S.C. §6501 et seq. Retrieved July 19, 2006 from http://www.law.cornell.edu/uscode/html/uscode15/usc_sec_15_00006501-000-.html
|
| |
5
|
Computer Fraud and Abuse Act of 1986, 18 U.S.C. §1030 et. seq. Retrieved July 19, 2006 from http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030-000-.html
|
| |
6
|
Computer Software Privacy Act of 2004, H.R. 4255, 108th Cong. (2004). Retrieved July 15, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR04255:@@@L&summ2=m&#summary
|
| |
7
|
Edelman, B. (2005). Investors supporting spyware. Retrieved July 16, 2006 from http://www.benedelman.org/spyware/investors/
|
| |
8
|
Edelman, B. (2006, March 31). Advertisers funding direct revenue. Retrieved July 13, 2006 from http://www.benedelman.org/news/033106-1.html
|
| |
9
|
Edelman, B. (2006, March 31). Ad thumbnails. Retrieved July 13, 2006 from http://www.benedelman.org/spyware/images/dr-mar06/
|
| |
10
|
Edelman, B. (n.d.). Cookie-stuffing targeting major affiliate merchants. Retrieved July 15, 2006 from http://www.benedelman.org/cookiestuffing/
|
| |
11
|
Electronic Communications Privacy Act of 1987, 18 U.S.C. §2510 et. seq. Retrieved July 19, 2006 from http://www.law.cornell.edu/uscode/html/uscode 18/usc_sec_18_00002510-000-.html
|
| |
12
|
Enhanced Consumer Protection Against Spyware Act of 2005, S. 1004, 109th Cong. (2005) Retrieved July 17, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d109:SN01004:@@@L&summ2=m&
|
| |
13
|
Federal Trade Commission Act of 1914, 15 U.S.C. § § 41--58, as amended. Retrieved July 12, 2006 from http://www.law.cornell.edu/uscode/html/uscode15/usc_sec_15_00000041-000-.html
|
| |
14
|
Federal Trade Commission v. Seismic Entertainment Productions, Inc., et al., No. 04-cv-377-JD, 2006 U.S. Dist. LEXIS 41573, at *1 (D. NH. June 20, 2006).
|
| |
15
|
Federal Trade Commission. (2005, June). The US SAFE WEB Act: Protecting Consumers from Spam, Spyware, and Fraud. A Legislative Recommendation to Congress. Retrieved July 14, 2006 from http://ftc.gov/reports/ussafeweb/USSAFEWEB.pdf
|
| |
16
|
Federal Trade Commission. (2005, March). Spyware workshop: monitoring software on your personal computer: spyware, adware, and other software: report of the federal trade commission staff. Retrieved July 20, 2006 from http://www.ftc.gov/os/2005/03/050307spywarerpt.pdf
|
| |
17
|
Federal Trade Commission. (2006, May) Court halts spyware operations. Retrieved July 11, 2006 from http://www.ftc.gov/opa/2006/05/seismic.htm
|
| |
18
|
Financial Services Modernization Act (Gramm Leach Bliley Act) of 1999, 15 U.S.C. §6801 et seq. Retrieved July 19, 2006 from http://www.law.cornell.edu/uscode/html/uscode15/usc_sec_15_00006801-000-.html
|
| |
19
|
Hackworth, A. (2005). Spyware. Retrieved July 9, 2006 from http://www.us-cert.gov/reading_room/spywarehome_0905.pdf
|
| |
20
|
Health Insurance Portability and Accountability Act of 1996, Pub. L. 104--191, 110 Stat. 1936. Retrieved July 19, 2006 from http://aspe.hhs.gov/admnsimp/pl104191.htm
|
| |
21
|
Internet Spyware (I-SPY) Prevention Act of 2005, H.R. 744, 109th Cong. (2005). Retrieved July 15, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d109:HR0744:@@@L&summ2=m&#summary
|
| |
22
|
Keizer, G. (2005, August 23). 8 out of 10 Enterprise PCs Spyware Infected. TechWeb Technology News. Retrieved July 15, 2006 from http://www.techweb.com/wire/170000179
|
| |
23
|
Krebs, B. (2006). Hacked ad seen on myspace served spyware to a million. WashingtonPost.com. Retrieved July 15, 2006 from http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_served_adware_to_mo.html
|
| |
24
|
Krebs, B. (2006, February 19) Invasion of the computer snatchers. Washingtonpost.com. Retrieved July 7, 2006 from http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html?sub=AR
|
| |
25
|
Leyden, J. (2005, February 2). Adware-infected PCs net slimeware firms $3 a pop. The Register. Retrieved July 10, 2006 from http://www.theregister.co.uk/2005/02/02/adware_market_esti mate/
|
| |
26
|
Liston, T. (2005) Follow the bouncing malware VII: Afterglow. Retrieved July 13, 2006 from http://isc.sans.org/diary.php?date=2005-07-20
|
| |
27
|
Rabinovitz, J. (2001, August 28). Ad group says gator.com bites into business. The Industry Standard. Retrieved July 20, 2006 from http://www.thestandard.com/article/0,1902,28833,00.html
|
| |
28
|
Securely Protect Yourself Against Cyber Trespass Act (SPY Act) of 2005, H.R. 29, 109th Cong. (2005). Retrieved July 15, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d109:HR0029:@@@L&summ2=m&#summary
|
| |
29
|
Software Principles Yielding Better Levels of Consumer Knowledge Act (SPY BLOCK Act) of 2005, S. 687, 109th Cong. (2005). Retrieved July 15, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d109:SN00687:@@@D&summ2=m&
|
| |
30
|
Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act (U.S. SAFE WEB Act) of 2005, S. 1608, 109th Cong. (2005) Retrieved July 17, 2006 from http://thomas.loc.gov/cgi-bin/bdquery/z?d109:SN01608:@@@D&summ2=m&
|
| |
31
|
Utter, D. (2006, July 6). Zango accused of deceiving myspace users. Security Pro News. Retrieved July 15, 2006 from http://www.securitypronews.com/news/securitynews/spn-45-20060709ZangoAccusedOfDeceivingMySpaceUsers.html
|
INDEX TERMS
Primary Classification:
K.
Computing Milieux
K.4
COMPUTERS AND SOCIETY
K.4.1
Public Policy Issues
Subjects:
Abuse and crime involving computers
Additional Classification:
K.
Computing Milieux
K.4
COMPUTERS AND SOCIETY
K.4.1
Public Policy Issues
Subjects:
Privacy;
Ethics
K.4.2
Social Issues
Subjects:
Abuse and crime involving computers**
General Terms:
Economics,
Legal Aspects,
Management,
Security
Keywords:
adware,
browser hijacking,
bundling,
cookies,
deceptive installations,
dialers,
drive-by downloads,
false anti-spyware,
keyloggers,
online advertisers,
pop-unders,
popups,
spyware,
spyware distributors,
web beacons
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf