Spyware and Adware (eBook)

John Aycock is an associate professor at the University of Calgary in the Department of Computer Science. He received a B.Sc. from the University of Calgary, and an M.Sc. and Ph.D. from the University of Victoria. He researches computer security, focusing on malicious software, spam, and online crime. Dr. Aycock conceived and taught the University's “Computer Viruses and Malware” and “Spam and Spyware” courses.

Contents 8
List of Figures 12
Preface 14
Chapter 1 Introduction 16
1.1 Definitions and History 16
1.2 Motivation 19
Chapter Notes 21
Chapter 2 Getting There 24
2.1 Installation 24
2.1.1 Explicit, Voluntary Installation 24
2.1.2 Drive-by Downloads, User Involvement 25
2.1.3 Drive-by Downloads, No User Involvement 31
2.1.4 Installation via Malware 34
2.2 Startup 35
2.2.1 Application-Specific Startup 35
2.2.2 GUI Startup 36
2.2.3 System Startup 37
2.2.4 Kernel Startup 37
2.2.5 Defenses 38
Chapter Notes 39
Chapter 3Staying There 43
3.1 Avoiding Detection 43
3.1.1 Basic Detection Avoidance 43
3.1.2 Anti-Spyware 46
3.1.3 Advanced Detection Avoidance: Rootkits 47
3.2 Avoiding Uninstall 51
3.2.1 Passive Avoidance 51
3.2.2 Active Avoidance 52
Chapter Notes 54
Chapter 4Keylogging 58
4.1 User Space Keylogging 60
4.1.1 Polling 60
4.1.2 Event Copying 61
4.1.3 Event Monitoring 61
4.2 User Space Keylogging Defenses 62
Chapter Notes 68
Chapter 5 Phoning Home 72
5.1 Push vs. Pull 72
5.2 Finding Home 74
5.3 Steganography 76
5.4 Information Leaking Defenses 79
Chapter Notes 80
Chapter 6 Advertising 84
6.1 Types of Advertisement 84
6.1.1 Banner Advertisement 87
6.1.2 Banner Advertisement with Pull-down Menu 88
6.1.3 Expandable Banner Advertisement 89
6.1.4 Pushdown Banner Advertisement 90
6.1.5 Pop-up Advertisement 90
6.1.6 Pop-under Advertisement 91
6.1.7 Floating Advertisement 92
6.1.8 Tear-back Advertisement 92
6.1.9 In-text Advertisement 93
6.1.10 Transition Advertisement 94
6.1.11 Video Advertisements 95
6.2 Intent and Content 96
Chapter Notes 98
Chapter 7 Advertisement Implementation 103
7.1 Implementation Location 104
7.1.1 Implementation on the User Machine 104
7.1.2 Implementation in the Network 108
7.1.3 Implementation near the User Machine 109
7.1.4 Implementation on the Server 110
7.2 Choosing Keywords 111
7.3 Blocking Advertisements 113
7.3.1 Pop-up Blocking 113
7.3.2 General Advertisement Blocking 114
7.3.3 Blocker Evasion and Blocker Blocking 115
Chapter Notes 116
Chapter 8Tracking Users 122
8.1 Cookies 122
8.1.1 Defenses 127
8.1.2 Other Browser-Related Tracking Methods 128
8.2 User Profiling 129
8.2.1 Cognitive Styles, Mood, and Personality 130
8.2.2 Future Actions 130
8.2.3 Demographic Information 131
8.2.4 Social Networks 131
8.2.5 Real World Activities 132
8.2.6 Physical Location 132
8.2.7 Search Terms and Keywords 133
8.2.8 Disinterests 133
Chapter Notes 134
Chapter 9 Conclusion 138
Chapter Notes 139
References 140
Index 154