Traditional spyware attacks being replaced by more clandestine, malware-style deployments

Tim Wilson, Editor in Chief, Dark Reading, Contributor

January 31, 2008

3 Min Read

WASHINGTON -- Anti-Spyware Coalition Public Workshop 2008 -- Spyware isn't extinct, but it's undergoing a major evolution, experts said here today.

Change was the theme as some of the industry's top spyware experts gathered here to discuss problems and solutions with the technology. The bottom line: Traditional spyware is on the decline, but the threat continues to endanger users as malware authors' tactics become more sophisticated.

The good news is that old-school spyware -- as typified by pop-ups and applets that are obvious and disruptive to the end user -- is dying, the experts said. "Nuisance adware is mostly dead now," said FTC commissioner Jon Leibowitz in his keynote speech. "That's encouraging, because it's rare that we can look at a whole method of attack and say that we're making real progress in stopping it."

About one in every six users harbored spyware on their computers in 2005, but the figures in 2007 were one in 11, said Jeffrey Fox, technology editor at Consumer Reports. "That's still a lot," he said. "About 850,000 users had to replace their computers in 2007 because they had spyware problems they just couldn't resolve. But it happened less in 2007 than in 2006, and it happened less in 2006 than in 2005."

The bad news is that spyware is increasingly being deployed in more clandestine fashion, using methods that are difficult to detect, said David Marcus, security research and communications manager at McAfee's Avert Labs unit. "Spyware is being delivered in more Trojan-like methods now, using a lot of the same distribution methods as other malware," he said. "So you might see a dropoff in traditional spyware, but it's offset by the tremendous increase we've seen in the broader category of malware."

Thanks to crackdowns by law enforcement and a growing negative image associated with pop-ups and "interruption marketing," there is a growing chasm between legitimate online advertising and old-school adware, experts say. Purveyors of spyware now must decide whether they want to be distributors of unwanted software -- and face potential criminal prosecution -- or get the user's permission to install "behavior-based" tools that do limited monitoring of a user's online behavior in order to deliver targeted advertising.

"The field is bifurcating," said Eric Goldman, assistant professor at the Santa Clara University School of Law. "The gray areas are becoming smaller. Adware is now tainted -- it's not seen as a legitimate marketing method. Ultimately, it was a lousy consumer experience, and fewer and fewer companies want to be associated with it. Now the people who distribute spyware are doing it using methods that are harder to detect, because they usually have a more malicious purpose in mind."

It is this latter group that continues to worry the experts, because purveyors of malicious spyware are developing increasingly cunning methods of creating spyware. "There are some new types of malware that are just impossible for an automated software product to remove from a user's machine," said Janie Whitty, administrator of the Lavasoft Online Support Forums. "In fact, we've seen some users crash their machines by loading too many anti-spyware tools, hoping to find some tool that will remove it."

The situation has improved somewhat in recent years, as state and local governments have passed legislation that outlaws the distribution of software that is too difficult to remove. Leibowitz cited several recent cases in which the FTC successfully prosecuted cases against spyware purveyors.

Still, spyware will continue to be deployed, both legitimately and illegitimately, across client machines, predicted Alissa Cooper, a policy analyst at the Center for Democracy and Technology. "Client-side software that monitors end user behavior will always be around," she said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

McAfee Inc. (NYSE: MFE)

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights