3 min read

Worst Spyware Down, Infected Sites Up

Although the worst kind of spyware declined during the first quarter, anti-spyware vendor Webroot monitored a dramatic increase in the number of Web sites that host spyware.
Although the worst kind of spyware declined during the first quarter, anti-spyware vendor Webroot monitored a dramatic increase in the number of Web sites that host spyware, ready to infect the unwary visitor, the Boulder, Colo.-based company said Monday.

Webroot, which released the results of its for-free spyware auditing tool during 2004 on an ad hoc basis, formalized its data collection in the first official quarterly report to provide a benchmark going forward, said Richard Stiennon, the director of Webroot's threat research team.

"We want to make sure everyone knows that 'Hey, this is a big problem, even if the stats are showing a decline in system monitors,'" said Stiennon.

According to Webroot, the incidence of system monitors -- the most dangerous spyware category that includes key loggers screen grabbers -- dropped by more than half during the first quarter of 2005 compared to the last three months of 2004.

Webroot's auditor found a system monitor on only 7 percent of the consumer and business PCs scanned during the first quarter, a drop of 60 percent for the consumer machines (from 19 percent infected with system monitors in Q4 2004, and an average of 14.75 percent through 2004) and a decrease of 46 percent for corporate systems (from 13 percent in Q4). However, within some enterprises, infection reached the 12 percent mark, said Stiennon.

"The numbers in 2004 were so high that they could only go down," said Stiennon. But he also attributed the drop in system monitors to several other factors, ranging from broad coverage of spyware and identity theft in the media to anti-virus firms focusing on detecting and deleting spyware-bearing Trojans.

Although the system monitor numbers are encouraging, the reality, said Stiennon, is that spyware will remain a pernicious threat through the year. "It's unacceptable that one in fifteen PCs has a key logger."

Another indicator of rough times, he said, is the number of sites that host spyware. The myth that users "catch" spyware by visiting only a few alternate sites, said Stiennon, is bogus: Webroot's proprietary spyware crawler, dubbed "Phileas," has detected over 220,000 Web sites infected with some sort of spyware. From January to March 2005, Webroot's data showed an increase of 34 percent in the number of malicious sites found that hosted spyware.

"The rapid rise is the strongest indicator that the writers and distributors of malicious adware and other threats are expending considerable effort to infect users with their products," concluded Webroot's report.

The driving force behind that effort is, as always, money, Stiennon said. According to Webroot's analysis and estimates, the adware business -- often dismissed as the lesser evil in the overall spyware category -- generates $2 billion annually from pop-up ads, hijacking home pages, and redirecting searches.

That's more than one-fifth the total amount spent last year on legitimate Internet-based advertising, which totaled $9.6 billion in 2004, according to numbers published last week by the Interactive Advertising Bureau.

"The amount of money to be made in adware and spyware guarantees they'll grow over the next 12 to 18 months," said Stiennon.