There are a number of services and software systems that mail sites and users can use to reduce the load of spam on their systems and mailboxes. Some of these depend upon rejecting email from Internet sites known or likely to send spam. Others rely on automatically analyzing the content of email messages and weeding out those which resemble spam. These two approaches are sometimes termed blocking and filtering.

Blocking and filtering each have their advocates and advantages. While both reduce the amount of spam delivered to users’ mailboxes, blocking does much more to alleviate the bandwidth cost of spam, since spam can be rejected before the message is transmitted to the recipient’s mail server. Filtering tends to be more thorough, since it can examine all the details of a message. Many modern spam filtering systems take advantage of machine learning techniques, which vastly improve their accuracy over manual methods. However, some people find filtering intrusive to privacy, and many mail administrators prefer blocking to deny access to their systems from sites tolerant of spammers.

DNSBLs

DNS-based Blackhole Lists, or DNSBLs, are used for heuristic filtering and blocking. A site publishes lists (typically of IP addresses) via the DNS, in such a way that mail servers can easily be set to reject mail from those sources. There are literally scores of DNSBLs, each of which reflects different policies: some list sites known to emit spam; others list open mail relays or proxies; others list ISPs known to support spam. Other DNS-based anti-spam systems list known good (“white”) or bad (“black”) IPs domains or URLs, including RHSBLs and URIBLs. For history, details, and examples of DNSBLs, see DNSBL.

Content-based filtering

Until recently, content filtering techniques relied on mail administrators specifying lists of words or regular expressions disallowed in mail messages. Thus, if a site receives spam advertising “herbal Viagra”, the administrator might place these words in the filter configuration. The mail server would thence reject any message containing the phrase.

Content based filtering can also filter based on content other than the words and phrases that make up the body of the message. Primarily, this means looking at the header of the email, the part of the message that contains information about the message, and not the body text of the message. Spammers will often spoof fields in the header in order to hide their identities, or to try to make the email look more legitimate than it is; many of these spoofing methods can be detected. Also, spam sending software often produces a header that violates the RFC 2822 standard on how the email header is supposed to be formed.

Disadvantages of this static filtering are threefold: First, it is time-consuming to maintain. Second, it is prone to false positives. Third, these false positives are not equally distributed: manual content filtering is prone to reject legitimate messages on topics related to products advertised in spam. A system administrator who attempts to reject spam messages which advertise mortgage refinancing may easily inadvertently block legitimate mail on the same subject.

Finally, spammers can change the phrases and spellings they use, or employ methods to try to trip up phrase detectors. This means more work for the administrator. However, it also has some advantages for the spam fighter. If the spammer starts spelling “Viagra” as “V1agra” or “Via_gra”, it makes it harder for the spammer’s intended audience to read their messages. If they try to trip up the phrase detector, by, for example, inserting an invisible-to-the-user HTML comment in the middle of a word (“Via<!—->gra”), this sleight of hand is itself easily detectable, and is a good indication that the message is spam. And if they send spam that consists entirely of images, so that anti-spam software can’t analyze the words and phrases in the message, the fact that there is no readable text in the body can be detected.

However, content filtering can also be implemented by examining the URLs present (i.e. spamvertised) in an email message. This form of content filtering is much harder to disguise as the URLs must resolve to a valid domain name. Extracting a list of such links and comparing them to published sources of spamvertised domains is a simple and reliable way to eliminate a large percentage of spam via content analysis.

Statistical filtering

Statistical filtering was first proposed in 1998 by Mehran Sahami et al., at the AAAI-98 Workshop on Learning for Text Categorization. A statistical filter is a kind of document classification system, and a number of machine learning researchers have turned their attention to the problem. Statistical filtering was popularized by Paul Graham’s influential 2002 article A Plan for Spam, which proposed the use of naive Bayes classifiers to predict whether messages are spam or not – based on collections of spam and nonspam (“ham”) email submitted by users. [1]

Statistical filtering, once set up, requires no maintenance per se: instead, users mark messages as spam or nonspam and the filtering software learns from these judgements. Thus, a statistical filter does not reflect the software author’s or administrator’s biases as to content, but it does reflect the user’s biases as to content; a biochemist who is researching Viagra won’t have messages containing the word “Viagra” flagged as spam, because “Viagra” will show up often in his or her legitimate messages. A statistical filter can also respond quickly to changes in spam content, without administrative intervention.

Spammers have attempted to fight statistical filtering by inserting many random but valid “noise” words or sentences into their messages while attempting to hide them from view, making it more likely that the filter will classify the message as neutral. Attempts to hide the noise words include setting them in tiny font or the same colour as the background. However, these noise countermeasures seem to have been largely ineffective.

Software programs that implement statistical filtering include Bogofilter, the e-mail programs Mozilla and Mozilla Thunderbird, and later revisions of SpamAssassin. Another interesting project is CRM114 which hashes phrases and does bayesian classification on the phrases.

There is also the free mail filter POPFile [2] which sorts mail in as many categories as you want (family, friends, co-worker, spam, whatever) with bayesian filtering.

Checksum-based filtering

Checksum-based filter takes advantage of the fact that often, for any individual spammer, all of the messages he or she sends out will be mostly identical, the only differences being web bugs, and when the text of the message contains the recipient’s name or email address. Checksum-based filters strip out everything that might vary between messages, reduce what remains to a checksum, and look that checksum up in a database which collects the checksums of messages that email recipients consider to be spam (some people have a button on their email client which they can click to nominate a message as being spam); if the checksum is in the database, the message is likely to be spam.

The advantage of this type of filtering is that it lets ordinary users help identify spam, and not just administrators, thus vastly increasing the pool of spam fighters. The disadvantage is that spammers can insert unique invisible gibberish — known as hashbusters — into the middle of each of their messages, thus making each message unique and having a different checksum. This leads to an arms race between the developers of the checksum software and the developers of the spam-generating software.

Checksum based filtering methods include:

• Distributed Checksum Clearinghouse
• Vipul’s Razor

Authentication and Reputation (A&R)

A number of systems have been proposed to allow acceptance of email from servers which have authenticated in some fashion as senders of only legitimate email. Many of these systems use the DNS, as do DNSBLs; but rather than being used to list nonconformant sites, the DNS is used to list sites authorized to send email, and (sometimes) to determine the reputation of those sites. Other methods of identifying ham and spam are still used. The A&R allows much ham to be more reliably identified, which allows spam detectors to be made more sensitive without causing more false positive results. The increased sensitivity allows more spam to be identified as such. Also, A&R methods tend to be less resource-intensive than other filtering methods, which can be skipped for messages identified by A&R as ham.

Sender-supported whitelists and tags

There are a small number of organizations which offer IP whitelisting and/or licensed tags that can be placed in email (for a fee) to assure recipients’ systems that the messages thus tagged are not spam. This system relies on legal enforcement of the tag. The intent is for email administrators to whitelist messages bearing the licensed tag.

A potential difficulty with such systems is that the licensing organization makes its money by licensing more senders to use the tag — not by strictly enforcing the rules upon licensees. A concern exists that senders whose messages are more likely to be considered spam who would accrue a greater benefit by using such a tag. The concern is that these factors form a perverse incentive for licensing organizations to be lenient with licensees who have offended. However, the value of a license would drop if it was not strictly enforced, and financial gains due to enforcement of a license itself can providee an additional incentive for strict enforcement. The Habeas mail classing system attempts to further address this issue this by classing email according to origin, purpose, and permission. The purpose is to describe why the email is not likely spam, but permission based email.

Ham passwords

Another approach for countering spam is to use a “ham password”. Systems that use ham passwords ask unrecognised senders to include in their email a password that demonstrates that the email message is a “ham” (not spam) message. Typically the email address and ham password would be described on a web page, and the ham password would be included in the “subject” line of an email address. Ham passwords are often combined with filtering systems, to counter the risk that a filtering system will accidentally identify a ham message as a spam message.

The “plus addressing” technique appends a password to the “username” part of the email address.

Cost-based systems

Since spam occurs primarily because it is so cheap to send, a proposed set of solutions require that senders pay some cost in order to send spam, making it uneconomic.

Stamps

Some gatekeeper such as Microsoft would sell electronic stamps, and keep the proceeds. Or a Micropayment, such as Electronic money would be paid by the sender to the recipient or their ISP, or some other gatekeeper.

Hashcash

Hashcash and similar systems require that a sender pay a computational cost by performing a calculation that the receiver can later verify. Verification must be much faster than performing the calculation, so that the computation slows down a sender but does not significantly impact a receiver. The point is to slow down machines that send most of spam — often millions and millions of them. While every user that wants to send email to a moderate number of recipients suffers just a seconds’ delay, sending millions of emails would take an unaffordable amount of time.

Bonds

As a refinement to stamp systems was the idea of requiring that the micropayment only be retained if the recipient considered the email to be abusive. This addressed the principal objection to stamp systems: popular free legitimate mailing list hosts would be unable to continue to provide their services if they had to pay postage for every message they sent out.

Issues

A difficulty that must be dealt with by most anti-spam methods, including DNSBLs, Authentication and Reputation (A&R), Sender-supported whitelists and tags, Ham passwords, cost-based systems, Heuristic filtering, and Challenge/response systems is that spammers already (illegally) use other people’s computers to send spam. The computers in question are already infected with viruses and spyware operated by the spam senders, in some cases seriously damaging the computer’s responsiveness to the legitimate user. Spam from the legitimate user’s computer can be sent using the user’s and/or system’s identity, list of correspondents, reputation, credentials, stamps, hashcash and/or bonds. The added motivation to steal from such systems in order to abuse these things may simply impel spammers to infect more computers and cause greater damage. On the other hand, this could compel computer users to finally secure their systems, reducing Botnets, which would have myriad other benefits, as they are used for extortion, phishing, and terorrism, as well as spam. Ultimately, any system that holds senders responsible for the mail they send needs to deal with the situation of irresponsible senders that may send both spam and ham.

Heuristic filtering

Heuristic filtering, such as is implemented in the program SpamAssassin, uses some or all of the various tests for spam mentioned above, and assigns a numerical score to each test. Each message is scanned for these patterns, and the applicable scores tallied up. If the total is above a fixed value, the message is rejected or flagged as spam. By ensuring that no single spam test by itself can flag a message as spam, the false positive rate can be greatly reduced. [3]

Tarpits and Honeypots

A tarpit is any server software which intentionally responds pathologically slowly to client commands. A honeypot is a server which attempts to attract attacks. Some mail administrators operate tarpits to impede spammers’ attempts at sending messages, and honeypots to detect the activity of spammers. By running a tarpit which appears to be an open mail relay, or which treats acceptable mail normally and known spam slowly, a site can slow down the rate at which spammers can inject messages into the mail facility.

One tarpit design is the teergrube, whose name is simply German for “tarpit.” This is an ordinary SMTP server which intentionally responds very slowly to commands. Such a system will bog down SMTP client software, as further commands cannot be sent until the server acknowledges the earlier ones. Several SMTP MTAs, including Postfix and Exim, have a teergrube capacity built-in: when confronted with a client session which causes errors such as spam rejections, they will slow down their responding [4]. A similar approach is taken by TarProxy.

Another design for tarpits directly controls the TCP/IP protocol stack, holding the spammer’s network socket open without allowing any traffic over it. By reducing the TCP window size to zero, but continuing to acknowledge packets, the spammer’s process may be tied up indefinitely. This design is more difficult to implement than the former. Aside from anti-spam purposes, it has also been used to absorb attacks from network worms. [5]

As of late 2005 much of the spam sent is through so-called “zombie” systems, of which there are potentially a very large number. This makes the actual effectiveness of tarpits questionable, as there are so many spam sources that slowing just a few has little real effect on the volume of spam received.

Another approach is simply an imitation MTA (open relay honeypot) which gives the appearance of being an open mail relay. Spammers who probe systems for open relay will find such a host and attempt to send mail through it, wasting their time and potentially revealing information about themselves and the source of spam to the unexpected alert entity (in comparison to the anticipated careless or unskilled operator typically in charge of open relay MTA systems) that operates the honeypot. Such a system may simply discard the spam attempts, submit them to DNSBLs, or store them for analysis. It may be possible to examine or analyze the intercepted spam to find information that allows other countermeasures. (One honeypot operator was able to alert a freemail supplier to a large number of accounts that had been created as dropboxes for the receipt of responses to spam. Disabling these dropbox email accounts made the entire spam run, including the spam messages relayed through actual open relays, useless to the spammer: he could not receive any of the responses to the spam sent by gullible customers.) The SMTP honeypot may also selectively deliver relay test messages to give a stronger appearance of open relay (though care is needed here as this means the honeypot itself and the network it is on could end up on spam blacklists). SMTP honeypots of this sort have been suggested as a way that end-users can interfere with spammers’ activities (code: Java [6], Python [7]).

As of late 2005 open relay abuse to send spam has greatly declined, resulting in a lowered active effectiveness of open relay honeypots. (Passively, the honeypots or threat of same create an inducement for spammers to not abuse open relays.) Other types of honeypot (below) may still have great effectiveness.

Spammers also abuse open proxies, and open proxy honeypots (proxypots) have had substantial success. Ron Guillmette reported in 2003 that he succeeded in getting over 100 spammer accounts terminated in under 3 months, using his network (of unspecified size) of proxypots. At that time spammers were so careless that they sent spam directly from their servers to the abused open proxy, making determination of the identity of the spammer’s IP address trivial so that it was easy to report the spammer to the ISP in control of that IP address and easy for that ISP to terminate the spammer’s account.

Unlike most other anti-spam techniques tarpits and honeypots work at the relay, proxy, or zombie (collectively, “abuse”) level. They work by targeting spammer behavior rather than targeting spam content. One beneficial fallout from this is that these tools are not required to have any means of distinguishing spam from non-spam. Because they capture spam at the abuse level they are not part of any legitimate email pathway and it can be confidently assumed that what they capture is 100% spam or spam-related (e.g., test messages.) Anti-spam measures at (or after) the destination server level protect specific email addresses but must include code to distinguish spam from non-spam. Anti-spam measures at the abuse level protect whatever the email addresses are that are being targeted by the spam directed through them and are hence non-specific but need no code to distinguish spam from non-spam. The main purpose of abuse-level tools is targeting spam and spammers themselves while the main purpose of server-level tools is to protect speecific email addresses. What abuse-level tools lose in specificity may be more than made up by the inherent simplicity that results from not having to be able to separate valid email from invalid email.

In late 2005 Microsoft announced that it had converted an actual zombie system to a zombie honeypot. One result of this was a lawsuit by Microsoft against about 20 defendants, based on evidence collected by the zombie honeypot.

Note that there is some terminological confusion. Some people refer to “spamtraps” as “honeypots.” In this context a “spamtrap” is an email address created specifically to attract spam. These run at the destination level rather than at the relay, proxy or “spam zombie” level.

Challenge/response systems

Another method which may be used by internet service providers (or by specialized services) to combat spam is to require unknown senders to pass various tests before their messages are delivered. These strategies are termed challenge/response systems or C/R, are currently controversial among email programmers and system administrators.

For a discussion of the advantages and disadvantages of these systems.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

The continuing increase in spam has resulted in rapid growth in the use of spam filter programs: software designed to examine incoming email and separate spam emails from genuine email messages intended for the user.

Unwanted e-mail can be filtered at the desktop, the network email server/email gateway, the Internet Service Provider’s email gateway, or all three locations. While network managers and ISPs can choose hardened email security appliances, services or software designed to interdict both spam and viruses, desktop users are frequently limited to a software-based solution.

A number of commercial spam filtering programs exist and are readily available, but many freeware and shareware spam filters are also available for easy downloading and installation. Spam filters are currently included as standard features in nearly every available email client, though the quality of these built-in filters can be low; for some users, this may necessitate the use of a higher quality filtering solution.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Gaining unauthorized access to a computer is illegal, under computer crime laws such as the United States Computer Fraud and Abuse Act. Since the owners of computers infected with spyware generally claim that they never authorized the installation, a prima facie reading would suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the authors of other malware programs, such as viruses. Nonetheless, few prosecutions of writers of spyware have occurred, and many such producers operate openly as aboveboard businesses. Some have, however, faced lawsuits.

Spyware producers primarily argue in defense of the legality of their acts that, contrary to the users’ claims, users do in fact give consent to the installation of their spyware. Spyware that comes bundled with shareware applications may appear, for instance, described in the legalese text of an end-user license agreement (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria claim that these demonstrate that users have consented to the installation of their software.

Despite the ubiquity of EULAs and of clickwrap agreements, relatively little case law has resulted from their use. It has been established in most common law jurisdictions that a clickwrap agreements can be a binding contract in certain circumstances. This does not however mean that every clickwrap agreement is a contract or that every term in a clickwrap contract is enforceable. It seems highly likely that many of the purported contract terms presented in clickwrap agreements would be dismissed in most jurisdictions as being contrary to public policy. Many spyware clickwrap agreements appear intentionally ambiguous and excessive in length, with key contract terms made inconspicuous. These are all grounds on which similar agreements have been rejected as contracts of adhesion.

Nor can a contract possibly exist in the case of spyware installed by surreptitious means, such as in a drive-by download where the user receives no opportunity to either agree to or refuse the contract terms.

Some jurisdictions, including the U.S. states of Iowa [1] and Washington [2], have passed laws criminalizing some forms of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.

New York Attorney General Eliot Spitzer has pursued spyware companies for fraudulent installation of software. [9] In a suit brought in 2005 by Spitzer, the California firm Intermix Media, Inc. ended up settling by agreeing to pay $7.5 million and to stop distributing spyware. Intermix’s spyware spread via drive-by download, and deliberately installed itself in ways that made it difficult to remove. ^[1]

Another spyware behavior has attracted lawsuits: the replacement of Web advertisements. In June 2002, a number of large Web publishers sued Claria for replacing advertisements, but settled out of court. Other spyware apart from Claria’s also replaces advertisements, thus diverting revenue from the ad-bearing Web site to the spyware author.

One legal issue not yet pursued involves whether courts can hold advertisers responsible for spyware which displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, the advertised company contracts with an advertising agency, which in turn contracts with an online subcontractor who gets paid by the number of “impressions” or appearances of the advertisement. Some major firms such as Dell Computer and Mercedes-Benz have “fired” advertising agencies which have run their ads in spyware. ^[2]

In a sort of turnabout, a few spyware companies have threatened websites which have posted descriptions of their products. In 2003, Gator (now known as Claria) filed suit against the website PC Pitstop for describing the Gator program as “spyware”. ^[3] PC Pitstop settled, agreeing not to use the word “spyware”, but continues to publish descriptions of the harmful behavior of the Gator/Claria software. [3]

References

1. ↑ Gormley, Michael. “Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general“. Yahoo! News. June 15, 2005.
2. ↑ Gormley, Michael. “Major advertisers caught in spyware net“. Business Week. June 24, 2005.
3. ↑ Festa, Paul. “See you later, anti-Gators?“. News.com. October 22, 2003.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Remedies

Avoid infection

If the initial dialog box is shown, disconnecting from the internet BEFORE closing it may prevent the download and any infection.

Switching to a different browser rather than Internet Explorer may reduce vulnerability to this and other online Trojan threats. Most malware is targeted at Internet Explorer, and thus is written to take advantages in any flaws and loopholes in its programming.

Blocking the site www.winfixer.com in your firewall will prevent the typical infecting download. However, there may be other ways in which the program installs itself.

Removing WinFixer

It should be noted that besides WinFixer itself, there are several other products to be found on the Web that claim to have the ability to stop and uninstall WinFixer. All users are advised to be skeptical, as many of these ‘solutions’ are themselves WinFixer clones.

WinFixer will prompt the user to purchase a licensed copy of the WinFixer software. Making this purchase may solve the problems caused by the application, without removing it. However, buying the license carries certain ethical questions as it will encourage the creators of the program to continue their operations. In addition, there is no proof that the program works, even after purchasing the license. Some users report that purchasing and installing the Winfixer program causes additional serious operating problems. If you have purchased the program with a credit card many urge calling the credit card to reverse the charge citing fraud.

Symantec has published procedures for removing WinFixer manually. This is a tedious process involving registry editing, which should be done with the utmost care. As of January 2006, the better-known antivirus and antispyware software packages do not detect or remove WinFixer infections automatically. Webroot‘s Spy Sweeper does detect and remove WinFixer; the free trial version of Spy Sweeper will remove WinFixer from memory and from your files and registry.

McAfee’s WinFixer information indicates that WinFixer may be classified as legitimate software, however, McAfee’s Vundo information should still aid in your WinFixer removal process. This removal process makes use of Sysinternals’s Process Explorer (download here) to suspend infected critical system processes. (Vundo is malware intended to automatically install WinFixer on your machine, without your consent)

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Because the CAN-SPAM Act of 2003 authorizes an USD 11,000 penalty per violation for spamming each individual recipient, many commercial e-mail marketers within the United States utilize a service or special software that helps ensure compliance with the Act. A variety of older systems exist which do not ensure compliance with the Act. To comply with the Act’s regulation of commercial e-mail, services typically: require users to authenticate their return address and include a valid physical address, provide a one-click unsubscribe feature, and prohibit importing lists of purchased addresses which may not have given valid permission.

In addition to satisfying legal requirements, services such as ConstantContact help customers to set up and manage their own e-mail marketing campaigns. The services provide e-mail templates, automatically handle subscriptions and removals, and generate statistics on how many messages were received and openned, and whether the recipients clicked on any links within the messages.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.

The most direct route by which spyware can infect a computer involves the user installing it. However, users tend not to install software if they know that it will disrupt their working environment and compromise their privacy. So many spyware programs deceive the users, either by piggybacking on a piece of desirable software, or by tricking the users to do something that installs the software without them realizing. Recently, spyware has come to include “rogue anti-spyware” programs, which masquerade as security software while actually doing damage.

Classically, a Trojan horse, by definition, smuggles in something dangerous in the guise of something desirable. Some spyware programs get spread in just this manner. The distributor of spyware presents the program as a useful utility — for instance as a “Web accelerator” or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, Bonzi Buddy, a spyware program targeted at children, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you’ve ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he’s FREE! ^[4]

The BearShare file-trading program, “supported” by WhenU spyware. In order to install BearShare, users must agree to install “the SAVE! bundle” from WhenU. The installer provides only a tiny window in which to read the lengthy license agreement. Although the installer claims otherwise, the software transmits users’ browsing activity to WhenU servers.

^[5]

Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program (for instance, a music program or a file-trading utility) and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software, as with the Gator spyware now marketed by Claria. In other cases, spyware authors have repackaged desirable free software with installers that add spyware.

A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. The Internet Explorer Web browser, by design, prevents websites from initiating an unwanted download. Instead, a user action (such as clicking on a link) must normally trigger a download. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as “Would you like to optimize your Internet access?” with links which look like buttons reading Yes and No. No matter which “button” the user presses, a download starts, placing the spyware on the user’s system. Later versions of Internet Explorer offer fewer avenues for this attack.

Some spyware authors infect a system by attacking security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and install of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a “drive-by download”, which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.

The installation of spyware frequently involves Microsoft’s Internet Explorer. As the most popular Web browser, and with an unfortunate history of security issues, it has become the largest target. Its deep integration with the Windows environment and its scriptability make it an obvious point of attack into Microsoft Windows operating systems. Internet Explorer also serves as a point of attachment for spyware in the form of browser helper objects, which modify the browser’s behavior to add toolbars or to redirect traffic.

In a few cases, a worm or virus has delivered a payload of spyware. For instance, some attackers used the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on the infected system’s screen. ^[6] By directing traffic to ads set up to channel funds to the spyware authors, they can profit even by such clearly illegal behavior.

References

1. ↑ Bonzi.com. http://www.bonzi.com/bonzibuddy/bonzimail.asp.
2. ↑ Edelman, Ben (2005). “WhenU Violates Own Privacy Policy“
3. ↑ “Security Response: W32.Spybot.Worm“. Symantec.com.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

The term adware frequently refers to any software which displays advertisements, whether or not it does so with the user’s consent. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as “adware” in the sense of advertising-supported software, but not as spyware. They do not operate surreptitiously or mislead the user.

Many of the programs frequently classified as spyware function as adware in a different sense: their chief observed behavior consists of displaying advertising. Claria Corporation’s Gator Software and Exact Advertising’s BargainBuddy provide examples of this sort of program. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user experiences a large number of pop-up advertisements.

Other spyware behaviors, such as reporting on websites the user visits, frequently accompany the displaying of advertisements. Monitoring web activity aims at building up a marketing profile on users in order to sell “targeted” advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware (and some anti-spyware programs report it as such) although many users choose to install it.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Application

Adware is software integrated into or bundled with a program. It is usually seen by the programmer as a way to recover programming development costs, and in some cases it may allow the program to be provided to the user free of charge or at a reduced price. The advertising income may allow or motivate the programmer to continue to write, maintain and upgrade the software product.

Some adware is also shareware, and so the word may be used as term of distinction to differentiate between types of shareware software. What differentiates adware from other shareware is that it is primarily advertising-supported. Users may also be given the option to pay for a “registered” or “licensed” copy to do away with the advertisements.

Controversy

There are concerns about adware because it often takes the form of spyware, in which information about the user’s activity is tracked, reported, and often re-sold, often without the knowledge or consent of the user. Of even greater concern is malware, which may interfere with the function of other software applications, in order to force users to visit a particular web site.

It is not uncommon for people to confuse “adware” with “spyware” and “malware”, especially since these concepts overlap. For example, if one user installs “adware” on a computer, and consents to a tracking feature, the “adware” becomes “spyware” when another user visits that computer, and interacts with and is tracked by the “adware” without their consent.

Spyware has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center [1]. Often, spyware applications send the user’s browsing habits to an adserving company, which then targets adverts at the user based on their interests. Kazaa and eXeem are popular programs which incorporate software of this type.

Adware programs other than spyware do not invisibly collect and upload this activity record or personal information when the user of the computer has not expected or approved of the transfer, but some vendors of adware maintain that their application which does this is not also spyware, due to disclosure of program activities: for example, a product vendor may indicate that since somewhere in the product’s Terms of Use there is a clause that third-party software will be included that may collect and may report on computer use, that this Terms of Use disclosure means the product is just adware.

A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. To avoid a backlash, as with the advertising industry in general, creators of adware must balance their attempts to generate revenue with users’ desire to be left alone.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Affiliate Marketing is a popular method of promoting web businesses in which an affiliate is rewarded for every visitor, subscriber and/or customer provided through his efforts. It is a modern variation of the practice of paying finder’s-fees for the introduction of new clients to a business. Compensation may be made based on a certain value for each visit (Pay per click), registrant (Pay per lead), or a commission for each customer or sale (Pay per Sale), or any combination.

The most attractive aspect of affiliate marketing, from the merchant’s viewpoint, is that with this pay for performance model, no payment is due to an affiliate until results are realized.

Some e-commerce sites run their own affiliate programs while other e-commerce vendors use third party services provided by intermediaries to track traffic or sales that are referred from affiliates. Some businesses owe much of their growth and success to this marketing technique, although research has shown in general the increase to be approximately 15-20% of online revenue.

Some advertisers offer multi-tier affiliate programs that distribute commission into a hierarchical referral network of sign-ups and sub-affiliates. In practical terms: publisher “A” signs up the affiliate program with an advertiser and gets rewarded for the agreed activity conducted by a referred visitor. If publisher “A” attracts other publishers (“B”, “C”, etc.) to sign up for the same affiliate program using her sign-up code all future activities by the joining publishers “B” and “C” will result in additional, lower commission for publisher “A”.

Snowballing, this system rewards a chain of hierarchical publishers who may or may not know of each others’ existence, yet generate income for the higher level signup. Most affiliate programs are simply one-tier.

Merchants who are considering adding an affiliate strategy to their online sales channel should research the different technological solutions available to them. Some types of affiliate management solutions include: standalone software, hosted services, shopping carts with affiliate features, and third party affiliate networks.

In its early days many internet users held negative opinions of affiliate marketing due to the tendency of affiliates to use spam to promote the programs in which they were enrolled. As affiliate marketing has matured many affiliate merchants have refined their terms and conditions to prohibit affiliates from spamming.

Currently there is much debate around the affiliate practice of Spamdexing and many affiliates have converted from sending email spam to creating large volumes of autogenerated webpages each devoted to different niche keywords as a way of SEOing their sites with the search engines. This is sometimes referred to as spamming the search engine results. Spam is the biggest threat to organic Search Engines whose goal is to provide quality search results for keywords or phrases entered by their users. Google’s algorithm update dubbed “Big Daddy” in February 2006 which was the final stage of Google’s major update dubbed “Jagger” which started mid-summer 2005 specifically targeted this kind of spam with great success and enabled Google to remove a large amount of mostly computer generated duplicate content from its index.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.