Taxonomy of spyware and empirical study of network drive-by-downloads

Spyware has rapidly become a major security concern in government and corporate networks as well as for home computers. Spyware is able to circumvent common security practices, funneling information to remote parties and consuming system resources with impunity. This malicious software has infiltrated common search engines and Internet sectors generally considered "safe." Making use of browser vulnerabilities, spyware infection is wide-spread. This thesis considers common infection vectors and reviews current definitions in arriving at an improved definition of spyware. It identifies four common activities present in all spyware which lead to multiple behavioral capabilities. An empirical analysis of network drive-by-downloads shows the presence of spyware in bank, online travel, and real estate-related Internet sectors. The impact of system security patch maintenance on spyware susceptibility, and browser differences in the context of drive-by-downloads is also presented.
http://archive.org/details/taxonomyofspywar109452013
Approved for public release; distribution is unlimited.