Spyware and Implementing Network Security

More malicious variants attempt to intercept passwords or credit card numbers as a user enters them into a web form or other application.
The scourge of spyware is going to be here for quite a while, simply because the attacker make so much money from it. An attacker can make a dollar or more per month per infected system by using spyware to inject pop-up ads, Spam and other annoyances. Therefore, attackers have a vested interest to constantly adapt their software and make it ever more stealthy and sticky. Additionally, the stakes are even higher if the attacker can steal credit card or bank account information. What we’ve seen in the past three years is the growth of a spyware industry that spins off millions of dollars. That money is often folded back into research and development for more malicious attacks. This R&amp.D funding makes their software even more powerful and will continue to do so for the foreseeable future.
As spyware continues to threaten the stability of corporate infrastructures, it’s crucial to understand how this malicious software works and how to defend against it. This assignment is a compilation of resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware.

1. Introduction
Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet where it is sometimes called a spybot or tracking software, spyware is programming that is put in someone’s computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Some common examples of spyware are CoolWebSearch (CWS), Gator (GAIN), 180search Assistant ISTbar/AUpdate, Transponder (vx2), Internet Optimizer Blaze Find, Hot as Hell, Advanced Key logger, TIBS Dialer. (Wpi .Edu)
Data collecting programs that are installed with the user’s knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user’s consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called "spyware." As a result, McAfee (the Internet security company) and others now refer to such applications as "potentially unwanted programs" (PUP). (Techmedia)
The cookie is a well-known mechanism for storing information about an Internet user on their own computer. If a Web site stores information about you in a cookie that you don’t know about, the cookie can be considered a form of spyware. Cookies can also store