Spyware poses a significant threat on the Net

February 3, 2006

Spyware is alive and well on the Internet. That's the overall message of a new study by University of Washington computer scientists who sampled more than 20 million Internet addresses, looking for the programs that covertly enter the computers of unwitting Web surfers to perform tasks ranging from advertising products to gathering personal information, redirecting Web browsers, or even using a victim's modem to call expensive toll numbers.

They examined sites in a set of popular Web categories, such as game sites, news sites and celebrity-oriented sites. Within these, they found that:

-- More than one in 20 executable files contained piggybacked spyware.
-- On average, one in 62 Internet domains performed drive-by download attacks – a method for forcing spyware on users who simply visit a Web site.
-- Game and celebrity Web sites appeared to pose the greatest risk for piggybacked spyware, while sites that offer pirated software topped the list for drive-by attacks.
-- The density of spyware seemed to drop from spring to fall of last year, but remained "substantial."

The research is being presented today as the opening paper for the 13th Annual Network and Distributed System Security Symposium in San Diego, Calif.

"For unsuspecting users, spyware has become the most 'popular' download on the Internet," said Hank Levy, professor and holder of the Wissner/Slivka Chair in the UW's Department of Computer Science & Engineering and one of the study's authors. "We wanted to look at it from an Internet-wide perspective – what proportion of Web sites out there are trying to infect people? If our numbers are even close to representative for Web areas frequented by users, then the spyware threat is extensive."

The consequences of a spyware infection run the gamut from annoying to catastrophic.

On the annoying end, where most spyware falls, the stealthy programs can inundate a victim with pop-up advertisements. More malicious programs steal passwords and financial information. Some types of spyware, called Trojan downloaders, can download and install other programs chosen by the attacker. In a worst-case scenario, spyware could render a victim's computer useless.

In conducting the study, the UW researchers – Levy, associate professor Steven Gribble and graduate students Alexander Moshchuk and Tanya Bragin – used a computer program called a Web crawler to scour the Internet, visiting sites to look for executable files with piggybacked spyware. The team conducted two searches, one in May and the other in October, examining more than 20 million Web address. They also did additional "crawls" of 45,000 Web addresses in eight subject categories, looking for drive-by download attacks.

In the first two crawls, the researchers found that approximately one in 20 executable files contained piggybacked spyware. While most of those were relatively benign "adware" programs, about 14 percent of the spyware contained potentially malicious functions.

In terms of drive-by download attacks, the researchers found a 93 percent reduction between May and October – a finding they say may in part be attributed to the wider adoption of anti-spyware tools, automated patch programs such as Windows Update and the recent spate of civil lawsuits brought against spyware distributors.

Despite that drop, the public should still be vigilant, they said.

"Plenty of software on the Web contains spyware, and many Web sites are infectious," Gribble said. "If your computer is unprotected, you're quite likely to encounter it."

There are a few steps that people should take to protect themselves, according to Gribble.

"First, everybody should install one or more anti-spyware programs," he said. "There are several high-quality free or commercial software packages available."

It's also important to keep those tools up-to-date so new threats can't get around one's cyber defenses.

Finally, Gribble said, people need to use common sense.

"You should download software only from reputable sources," he said. "And it's a good idea to avoid the more shady areas of the Web."

Source: University of Washington

Explore further: Hackers test, teach computer pros at Cyber Range

Related Stories

Hackers test, teach computer pros at Cyber Range

January 7, 2015

You won't find this town on a map, but it's a very scary place. In Alphaville, a virtual town used for cyber security training, the banks are robbed on a regular basis, the power plant and water system are under constant ...

Vietnam's 'cyber troops' take fight to US, France

January 20, 2014

Working on her blog in California one day, Vietnamese democracy activist Ngoc Thu sensed something was wrong. It took a moment for a keystroke to register. Cut-and-paste wasn't working. She had "a feeling that somebody was ...

Explainer: What is a virtual private network (VPN)?

June 17, 2013

Have you ever wanted to exist in more than one place at the same time? The laws of physics suggest wormholes through space and time are hypothetical; but wormholes do exist in cyberspace and wonders can be found on the other ...

The dangers of too much Java

January 31, 2013

Justin Cappos, an assistant professor of computer science and engineering at the Polytechnic Institute of NYU-Poly, has long been wary of the security risks inherent in Java, the programming language developed by Sun Microsystems ...

Malicious programmers focus on smartphones, tablets

May 4, 2011

Malicious programmers are always looking for new targets. While smartphones and tablets replace PCs as the gadgets we use for messaging, Web surfing and even doing business, some shady characters are starting to target these ...

Recommended for you

Making nanowires from protein and DNA

September 3, 2015

The ability to custom design biological materials such as protein and DNA opens up technological possibilities that were unimaginable just a few decades ago. For example, synthetic structures made of DNA could one day be ...

Long-sought chiral anomaly detected in crystalline material

September 3, 2015

A study by Princeton researchers presents evidence for a long-sought phenomenon—first theorized in the 1960s and predicted to be found in crystals in 1983—called the "chiral anomaly" in a metallic compound of sodium and ...

Amateur paleontologist finds rare fossil of fish in Arizona

September 3, 2015

Growing up, Stephanie Leco often would dig in her backyard and imagine finding fossils of a tyrannosaurus rex. She was fascinated with the idea of holding something in her hand that was millions of years old and would give ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.