iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Spyware Is Everywhere
Search:
[ insider_reports_insider ]

Spyware Is Everywhere



John Stith
Staff Writer
2006-02-16

SecurityProNews: Insider Reports Insider Reports RSS Feed


Everyone knows spyware on the Internet is a huge problem. There's tons of malicious software out there solely for the purpose of gleaning information on various users. And they do. A recent study done at the University of Washington explains just how much is out there and it's not pretty. The problem is nearly all of this is for Internet Explorer (IE) alone.

Spyware Is Everywhere
Spyware Is Everywhere

The study (pdf) done by the Department of Computer Science and Engineering at the University of Washington went into great detail and determined 1.5% of the 18 million URLs they crawled exploited flaws in IE. That's one in every 67 websites.

The large-scale, longitudinal study was conducted over the web using a crawler. The crawl sampled both executables and conventional web pages for maliciousness. The study, started in May 2005, found spyware in 13.4% of the 21,200 executables identified. They also found scripted "drive-by-download" attacks in 5.9% web pages processed. The study quantifies the density of spyware, the types of threats, and the most dangerous web zones in which spyware is likely to be encountered.

They also went into the frequency with which specific spyware programs were found and they measure the density of spyware over time, crawling again in October 2005. One thing noticed was the significant reduction in the presence of drive-by download attacks vs. those in May.

The methodology was used conducting the two studies. In each case, they began from scratch, generating lists of crawling seeds from the Google directory and the results of category specific keyword searches. They said each crawl represented a partial view of the web, informed in part by Google's page rankings at that moment in time. That way, they were allowed to follow time-based trends of executable spyware in the Internet.

The biggest limit to this study was AdAware. Once they did all the crawling, they based their information on what AdAware was able to detect as a threat. While there are a number of anti-spyware programs available, many of them do have problems for various reasons. One would be curious to see what other anti-spyware programs would turn up for purposes of the study.

Some information about their research turned up:

Our crawl found a total of 2,834 infected executables in May and 1,294 in October. However, thos infected executable contained only 82 (May) and 89 (October) different spyware programs; the total number of distinct spyware threats we encountered is relatively small.

[…]

Most spyware programs are rare; during our May 2005 crawl, only 15 spyware programs were found that were present in more than twenty infected executables. However, the most prevalent programs appeared very frequently: we detected 364 executables in October. This data suggests that signature-based anti-spyware techniques should be effective, as relatively few spyware variants are commonly encountered when Web browsing.

The site with the largest number of executables by far was scenicreflections.com with 1,776. Then it drops off to screensave.com at 191, celebrity-wallpaper.com with 136, screensavershot at 118, download.com with 116, gamehouse.com in at 111, galttech at 38, appzplanet.com with 37, megaspace at 36 and download-game.com at 30.

There was an interesting breakdown on the spyware programs. WhenU ranked highest at 364 times observed. 180Solutions (currently dealing with the FTC) had 236. EzuLa had 214, then Marketscore at 143, BroadCastPC at 67, Claria hit 44 and VX2 at 41. The list was rounded out with Favoriteman at 36, Ebates MoneyMaker at 31 and NavExcel at 24.

One thing noted in the study was the IE information. While the numbers were high in the May test, the October numbers dropped off significantly. During the October study, more domains were crawled and overall they had less infectious URLS and infectious domains.

But it does show that IE is getting better. It also shows the sites they visited are also getting better about getting rid of the spyware on their sites. There's still much more work to be done and people need to be more careful than ever about spyware on their computers because it's still out there in droves.


Add to | DiggThis| Yahoo My Web


About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds