Generating good signatures for the current anti-spyware toolkits and deploying them in a timely fashion is a demanding task. Even if the signatures are up-to-date, signature based detection techniques usually suffer from the inability to detect novel and unknown threats. We believe that behavior-based approaches are capable of overcoming this drawback. To this end, we implemented TQAna. Our tool is based on taint analysis and function call hooking to provide dynamic analysis that is carried out on an emulated system. Taint analysis, as implemented with TQAna, provides the ability to track...