Big, Bad Threats

RSS and Firefox will be next victims of adware deluge, Webroot's threat-research director says.
By the end of the year, spyware programs will triple in number, put Firefox in their sights, and turn to Really Simple Syndication to distribute key loggers and ad spawners. Richard Stiennon, director of threat research at anti-spyware software vendor Webroot Software Inc., presented these and other predictions at the Gartner IT Security Summit earlier this month.

No. 1 on his list: "The first spyware that targets Firefox will appear" in the first half of this year, Stiennon says. "That means either a spyware writer will take advantage of a vulnerability in Firefox, as others already have in Internet Explorer, or create a site that forces Firefox to invisibly download and install adware or spyware." Test code against Firefox already exists, Stiennon says, adding that he has seen spyware exploits against Firefox that don't work.

In Stiennon's opinion, his most distressing prediction is that spyware will latch onto RSS as a way to distribute ad- and spy-style software. "I'm extremely concerned about this," he says. "Already we're seeing marketers look to RSS. A recent list by marketing types on why RSS is better than E-mail, for example, had 'no more annoying complaints about spam' at No. 8. Where marketers go, adware and spyware writers follow."

Another nasty possibility is that a vulnerability will be found in one of the big blogging services. "If a spyware writer finds a way to inject code into a blogging site--which could take the form of a Simple Object Access Protocol object--most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service's blog RSS feeds is going to get infected." Such an attack could be massive, and because of the automated nature of RSS, extremely fast-acting.

Stiennon also predicts that rootkits, hacker toolkits now used by the most sophisticated worm authors to hide evidence of their malicious code from antivirus scanners, will migrate to spyware this year.

Another prediction is no surprise considering how much space Stiennon has devoted on his blog to a recent incident in Israel, where several companies' executives have been charged with industrial espionage after hiring private investigators who, in turn, used a British programmer's spyware Trojan to infect rivals' computers. "An episode of industrial espionage using spyware will be revealed in the U.S.," Stiennon says. "Without a doubt."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing