March 27, 2006
Spyware And Adware Continue To Plague PCs
Page 1 of 3
The characters who create and distribute spyware eventually reach a crossroads. Some clean up their acts, present themselves as adware aficionados, and do their best to legitimize questionable marketing techniques. Others continue their shady work on the sly. One major player reached a dead end: Adware pusher Claria last week revealed plans to exit the controversial business.
Efforts to control the parasitic code are widening as watchdog groups employ new tactics and law enforcement cracks down on suspects. The Center for Democracy and Technology last week issued a report that points the finger not just at adware distributors, but also at nearly a dozen of their clients, including Club Med Americas, NetZero, and ProFlowers. "These advertisers see the benefits of advertising with these companies that engage in unfair and deceptive practices, but they haven't seen the downside," says Ari Schwartz, deputy director of the nonprofit public policy group.
StopBadware.org, a new watchdog group, last week added four popular programs to its "badware" list: file-sharing program Kazaa, spyware removal software SpyAxe, download manager MediaPipe, and Screensaver.com's Waterfalls 3 screensaver. And the Los Angeles City Attorney's office revealed that it filed the first criminal spyware case in California, charging three people with running companies that distributed spyware in the guise of legitimate software tools.
IT departments have been fighting spyware and adware--they're different, but both troublesome--for several years, and there's something to show for their efforts: Fewer machines are getting infected. While spyware infected 81% of consumer PCs last year, that's down from 91% in 2004, according to anti-spyware vendor Webroot, which scanned more than 2 million PCs to arrive at those findings.
That's progress, but there were setbacks, too. The average spyware count on each machine climbed in 2005, to 25 instances, and the programs are increasingly malicious, with more Trojan horses than before.
It's not just a consumer problem. Spyware was reported by 80% of respondents last year in an FBI survey of 2,066 companies.
Spyware also is growing in seriousness and complexity, as miscreants use the embedded code to pilfer funds and steal data that can be sold. Adware tends to be less sinister, but it's problematic in other ways, slowing PCs and clogging networks with the traffic it generates. "I know there's a major difference functionally," says Scott Larsen, IS manager at the online group travel agency Groople. "Obviously, the repercussions of spyware versus adware are different. But they're one and the same in one respect: I don't want them on my box."
A year ago, the IT team at Groople found spyware on at least one of its PCs every day or two and spent part of most days digging it out. The company installed anti-spyware software from Trend Micro and Microsoft at its Internet gateway and on PCs and laptops, at a cost of about $10,000. Spyware infestations have dropped to one every two weeks, and staffers now spend only an hour every few weeks getting rid of it.
An average company spends more than $1.5 million a year getting rid of the junk, according to a study of more than 600 IT managers conducted last summer by research firm NewDiligence for security software vendor FaceTime Communications. Worldwide business spending on anti-spyware software will jump from $214 million this year to nearly $1.4 billion by 2010, predicts research firm Radicati Group.
Spyware purveyors are part of a shadowy underworld. Israeli authorities this month indicted a couple for creating Trojan horse software and selling it to private detective agencies to spy on the business rivals of their clients. Victims included an automobile importer, public relations firm, and television company, according to published reports.
Israeli officials allege Michael Haefrati crafted the malware--a variant of a keystroke-logging program called Hotword, according to Dave Cole, director of Symantec Security Response--and provided technical support while his wife Ruth marketed it to private investigators and at times inserted the virus into victims' computers herself. The indictment suggests that the couple, whose company, Target-Eva, was registered to operate in Israel, the United Kingdom, and the United States, tried to market the software to legitimate security agencies as early as 2000 but began selling it illicitly after private investigators two years ago solicited them to modify Hotword.
There's also the example set by spyware purveyor Carlos Enrique Perez-Melara, who was indicted last summer for distributing a program called Loverspy. Here's how it worked, according to the indictment: For $89, a buyer could get Loverspy through a Texas Web site, which directed people to servers in Perez-Melara's San Diego apartment. On the site, people selected an innocuous-looking electronic greeting card featuring puppies, kittens, or flowers that contained the malware. Purchasers could send the E-card to as many as five E-mail addresses. When the targets opened the E-card, Loverspy would be secretly installed on their PCs.
According to the Justice Department, all activities on the PCs--E-mail, Web site visits, passwords entered--were captured and forwarded on to the purchasers, either directly or through Perez-Melara's servers. Loverspy gave purchasers the ability to remotely control the victims' PCs, including accessing, changing, and deleting files, even turning on Webcams connected to them. The government contends that more than 1,000 people bought Loverspy and installed it on 2,000 computers. A person who received spam touting the product tipped off authorities. The indictment also charged four purchasers of Loverspy with computer hacking. No trial date has been set for Perez-Melara, who's on the lam in El Salvador.
Spyware can even be a threat to personal safety, as stalkers use keystroke loggers, says Schwartz of the Center for Democracy and Technology, which led the formation of the Anti-Spyware Coalition, a group that includes America Online, Microsoft, and Symantec. He cites a recent case in Michigan where a batterer secretly installed keystroke-logging software on his estranged wife's computer and tracked her and their kids by reading her E-mail and viewing her online activities. "He followed them from battered women's shelter to battered women's shelter," Schwartz says. "That's kind of the worst-case scenario."