Gallery

State of spyware

Posted on 26 Oct 2006 at 11:39

Davey Winder is intrigued by this year's report on spyware, which reveals some unexpected results

The countries currently hosting the most infected PCs may well come as something of a surprise: ahead of East European and Asian locations, Puerto Rico topped the global spyware infection charts with 42.6 per machine, followed by Algeria (38.4) and Bahrain (35.7). Within Europe, sadly, the UK is top of the flops with an average infection rate of 30.5 per machine, marginally ahead of Ireland on 30.3. The rankings change a little when you get down to specifics, with the Dominican Republic leading the way for trojans, and Yemen way ahead in the prevalence of keyloggers. When it comes to countries where spyware originates, rather than where it infects, there's only one real culprit in the frame: the US. Phileas reports that 68% of all spyware exploits originate from the US, with Germany on 8% and the UK 6% trailing far behind (for now). I suspect that given the penetration of broadband access across Europe during the course of the last year, we'll soon start catching up with the US, which has had a high level of access for many years. Interestingly, the geographical spread was vastly different when it comes to infections at enterprise level: Australia was the worst culprit here with 37.7 spyware infections per PC, followed by Mexico (29.4) and Switzerland (21.4).

Largely thanks to vastly improved detection methods among anti-spyware vendors, system-monitoring infections have dropped from their Q4 2004 high of 21% to just 6% now. But this figure has remained pretty solid since the start of 2005, which Webroot suggests might indicate that malicious spyware like keyloggers remain the modus operandi for the majority of online criminals. Why it should remain even that high given the huge media coverage of ID theft and data privacy issues - and I'm not talking about serious IT publications like PC Pro, but rather television news bulletins and tabloids - is beyond me.

But even worse can be found in the conclusions of the enterprise section of the State of Spyware report, which imply that regulatory compliance and intellectual property protection issues, as well as our constant hammering home of the seriousness of the problem, have proved quite ineffective in the corporate environment, since infection rates remain much the same. Webroot suggests that one reason is the inadequacy of anti-spyware solutions, with enterprises often relying on legacy AV software or perimeter anti-spyware solutions to protect their networks. The fact that the majority of spyware trojans arrive via the desktop PC, and come replete with special code to circumvent detection at the perimeter, seems to have escaped many network admins. Single-layer defence just doesn't cut it, that's the moral of this tale.

Rogue anti-spyware

As if all of this weren't worrying enough, there's more. Rogue antispyware poses as a professional product, often via a highly professional website that's linked to by seemingly genuine search engine adverts. The trouble is, the last thing a rogue application will do is remove spyware from your system, and usually it does the opposite. Although this does vary from application to application, the two main purposes of these rogues are to either install malware or to fleece you of your money, and often both. Since they look like the real thing and can be named confusingly like the real thing, and because adverts for them appear on search engines when you're looking for help with spyware, these rogues can be difficult to spot.

Indeed, the first thing that usually happens at a rogue site, unless they've decided to cut out the foreplay and go straight for the executable download, is that you'll see a scan of your PC taking place. Or rather you think you do, because more than likely it's a scam scan, just a Flash-driven animation or similar that looks like a scan. Not that it matters, because even if it's a real scan the result will be the same: your PC will become riddled with spyware and require the rogue application to remove it. The "Oh look, free stuff" syndrome strikes again here, because those who won't part with £20 for the download might be quite happy to accept a free download to take care of business. This free rogue download will, almost without exception, install a malicious payload as your reward.