By John P. Mello Jr. TechNewsWorld Part of the ECT News Network
04/27/06 7:50 AM PT
Spyware continues to grow on the Web because the Net is becoming an increasing source of entertainment for netizens, according to Ron O'Brien, a senior security analyst with Sophos. "The proliferation of applications on the Internet that resemble entertainment serve as an incentive for people to download them onto their PC without realizing there's this spyware element to them," he said.
Is Your Website Killing Customer Confidence? Your Website's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.
Some 97 percent of Web surfers are just a click away from infecting their computers with adware and spyware, according to anti-malware software maker McAfee, of Santa Clara, Calif.
McAfee came to that conclusion after analyzing 14,464 responses to a spyware quiz taken by consumers at its SiteAdvisor Web site.
"Of the 14,000 people who took the spyware quiz, three percent got perfect scores, 97 percent got at least one wrong," McAfee SiteAdvisor Market Strategist Shane Keats told TechNewsWorld.
"So I think it's fair to say," he continued, "that the vast majority in a typical month of clicking will end up on a Web site that potentially exposes them to spyware."
Wandering Into Dark Alley
The quiz at the site, which has been available since March, presents users with pairs of Web pages from locations on the Net and asks them to choose which is a safe site and which is not. A second part of the test asks users to make similar distinctions among several file-sharing sites.
Keats admitted that he was a bit disconcerted by the study's findings.
"Given the amount of coverage the media has given spyware, we were surprised by the number of people who got multiple answers wrong," he said.
"Folks are overestimating their ability to spot spyware," he maintained. "The bad guys have gotten good at making their sites look very professional, very slick, and it's becoming even harder to know when you're wandering into a dark alley."
Black Chips Exploit Blue Chips
One way malefactors disguise their intentions is by exploiting the brands of companies with blue-chip reputations.
Researchers observed that quiz takers did particularly poor on the comparison of two lyrics sites. "One possible reason," they deduced, "the unsafe site had advertising from well-known brands like Circuit City (NYSE: CC) and Monster.com that may have served to legitimize it."
Keats contended that "almost certainly" these companies don't know how their brands are being abused. He explained that a company will hire an ad agency that acts with its interactive division that hires an online media buyer that works with an affiliate network that works with another ad network and so on.
"They're so many steps removed from the actual placement decision that, realistically, headquarters at any Fortune 500 company probably doesn't know where their brand is appearing," he said.
Massive Project
"A lot of companies don't know you can get spyware by going on a lyrics site," he added. "They think you're only searching for text.
"Because of the way SiteAdvisor does its Web crawl, we can find that stuff out so we can tell people here's a site that you didn't think had spyware, but it really does," he noted.
SiteAdvisor is a massive project mounted by McAfee to analyze and test the behavior of all Web sites on the Internet on an ongoing basis.
The results of that testing can be accessed by consumers by installing a browser plug-in from the SiteAdvisor site.
The plug-in appears as a button on a browser's status line. When a user enters a Web site, the button will change color -- green for a safe site, yellow for proceed with caution and red for a malware site.
A detailed analysis of the site can be viewed by clicking a menu arrow beside the button.
System Level Infection
If detecting a spyware site is hard without the aid of a tool like SiteAdvisor, identifying spyware once it reaches a computer can be even harder, according to Patrick Hinojosa, chief technology officer for Panda Software, a security technologies, products and services company in Glendale, Calif.
He cited instances of spyware masquerading as legitimate system-level files, such as the registering itself as a Layered Systems Provider (LSP) in Windows, to avoid detection.
"Even most power users are not going to know how to inspect the LSP layer and know what should or should not be there," he told TechNewsWorld. "And even if they found something they weren't sure about and they yanked it, it could totally kill their Internet connection indefinitely until they rebuild that stack."
That's Entertainment
Spyware continues to grow on the Web because the Net is becoming an increasing source of entertainment for netizens, according to Ron O'Brien, a senior security analyst with Sophos, a maker of integrated threat management solutions in Lynnfield, Mass.
"The proliferation of applications on the Internet that resemble entertainment serve as an incentive for people to download them onto their PC without realizing there's this spyware element to them," he opined.
Security Firms Bust Malware-for-Sale Racketeers April 20, 2006
"It was a whole business model centered around selling this type of software to criminals," Sam Curry, vice president for product management for eTrust Security Managment said. "The malicious software was created and sold to criminal organizations so they can steal data. It's a lot different from the old days of the virus writer wars of who can gain the most notoriety," he added.
Related Stories
FTC May Wage 'Shame' Campaign Against Adware February 10, 2006
"I think the tide is turning because consumers are more aware than ever and are avoiding freeware sites or at least being more skeptical," said Ari Schwartz, deputy director of the Center for Democracy and Technology. "There's still a lot of work to be done and a lot of unscrupulous marketers and software makers who will continue to engage in spyware and adware distribution."
Spyware Senders Taken Down November 11, 2005
"This is, I think, the turning point in the battle against adware," said Richard Stiennon, vice president of threat research with Webroot. "[Spyware/adware senders have] been scrambling all year to change the way their products behave."
Spyware Group Defines Pesky Software, Sets Vendor Guidelines October 28, 2005
As Cyber-Security month draws to a close, ASC unveiled its final, consensus definition of spyware, which was developed by coalition members including major anti-spyware companies, software developers and public interest groups.
Report: Consumers Changing Online Habits Due to Spyware July 07, 2005
So far, the types of Web sites that users are avoiding are mainly peer-to-peer networks and sites about which they know little. To date, core e-commerce appears to be unaffected by the concerns, with consumers confident that well-known sites -- from eBay to Amazon and with many in between -- are spyware free.
Intermix To Pay $7.5 Million To Settle Spyware Case June 16, 2005
New York Attorney General Eliot Spitzer's case against Intermix had been closely watched because it represented the first effort by law enforcement to crack down on spyware and because Intermix was seen as exhibiting much of the same behavior as hosts of other online marketing companies.
Related News Alerts
More by John P. Mello Jr.
Learning the Way of the Snow Leopard November 23, 2009
When confronted with a new piece of technology, some users will jump right in, but others may want to learn from an expert how to get the most out of it. Class On Demand puts 13 lessons onto a DVD that Mac greenhorns can use straight from their new computers. However, as many vendors operating in the Apple universe have found, one of their biggest rivals may turn out to be Apple itself.
VMware Fuses Performance With Convenience November 16, 2009
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file.
Mouse Meets Multi-Touch November 09, 2009
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing.
Headline Feeds
Talkback: 
