Spyware Is Everywhere
Everyone knows spyware on the Internet is a huge problem. There's tons of malicious software out there solely for the purpose of gleaning information on various users. And they do. A recent study done at the University of Washington explains just how much is out there and it's not pretty. The problem is nearly all of this for Internet Explorer (IE) alone.
The study done by the Department of Computer Science and Engineering at the University of Washington went into great detail and determined 1.5% of the 18 million URLs they crawled exploited flaws in IE. That's one in every 67 websites.
The large-scale, longitudinal study was conducted over the web using a crawler. The crawl sampled both executables and conventional web pages for maliciousness. The study, started in May 2005, found spyware in 13.4% of the 21,200 executables identified. They also found scripted "drive-by-download" attacks in 5.9% web pages processed. The study quantifies the density of spyware, the types of threats, and the most dangerous web zones in which spyware is likely to be encountered.
They also went into the frequency with which specific spyware programs were found and they measure the density of spyware over time, crawling again in October 2005. One thing noticed was the significant reduction in the presence of drive-by download attacks vs. those in May.
The methodology was used conducting the two studies. In each case, they began from scratch, generating lists of crawling seeds from the Google directory and the results of category specific keyword searches. They said each crawl represented a partial view of the web, informed in part by Google's page rankings at that moment in time. That way, they were allowed to follow time-based trends of executable spyware in the Internet.
The biggest limit to this study was AdAware. Once they did all the crawling, they based their information on what AdAware was able to detect as a threat. While there are a number of anti-spyware programs available, many of them do have problems for various reasons. One would be curious to see what other anti-spyware programs would turn up for purposes of the study.
Some information about their research turned up:
Our crawl found a total of 2,834 infected executables in May and 1,294 in October. However, those infected executable contained only 82 (May) and 89 (October) different spyware programs; the total number of distinct spyware threats we encountered is relatively small.
Most spyware programs are rare; during our May 2005 crawl, only 15 spyware programs were found that were present in more than twenty infected executables. However, the most prevalent programs appeared very frequently: we detected 364 executables in October. This data suggests that signature-based anti-spyware techniques should be effective, as relatively few spyware variants are commonly encountered when Web browsing.
The site with the largest number of executables by far was scenicreflections.com with 1,776. Then it drops off to screensave.com at 191, celebrity-wallpaper.com with 136, screensavershot at 118, download.com with 116, gamehouse.com in at 111, galttech at 38, appzplanet.com with 37, megaspace at 36 and download-game.com at 30.
There was an interesting breakdown on the spyware programs. WhenU ranked highest at 364 times observed. 180Solutions (currently dealing with the FTC) had 236. EzuLa had 214, then Marketscore at 143, BroadCastPC at 67, Claria hit 44 and VX2 at 41. The list was rounded out with Favoriteman at 36, Ebates MoneyMaker at 31 and NavExcel at 24.
One thing noted in the study was the IE information. While the numbers were high in the May test, the October numbers dropped off significantly. During the October study, more domains were crawled and overall they had less infectious URLS and infectious domains.
But it does show that IE is getting better. It also shows the sites they visited are also getting better about getting rid of the spyware on their sites. There's still much more work to be done and people need to be more careful than ever about spyware on their computers because it's still out there in droves.
What is Spyware?
Avoiding a Phishing attack
Phishing Flaw in Alternate Browsers
Pharming for Your Identity