Spyware is the most rapidly evolving threat on the threat landscape at the moment, and it will continue this way into 2008, said Gerhard Eschelbeck, chief technology officer of Webroot Software, at RSA Europe in London on 23 October.
Spyware is software that covertly gathers information through a user's internet connection without their knowledge for malicious purposes. "It is financially motivated and it takes advantage of human nature," said Eschelbeck. Spyware steals system resources, shows unwanted advertisements and re-directs users through false search results and other hijacks.
"These days spyware is invisible and this is what makes it so dangerous," said Eschelbeck. "Its objective is to stay undetected for as long as impossible, so it can infect the system slowly. These guys are not in it for the fame, they are in it for the money." Spyware will take screen-shots of a user's internet activity in order to collect personal and financial details from that user's PC. "Money feeds the spyware machine - spyware producers display advertisements and earn revenue."
"Tracking the money-flow from spyware is very difficult, and there have been very few successful prosecutions," he said. "It works like this: spyware producers pay web properties commission. Site owners are paid to install spyware onto a user's machine, and software producers are paid to put spyware on their software."
"Spyware is harder to find, and therefore harder to remove [than viruses]", said Eschelbeck. "A spyware signature typically has between 200 and over 500 traces on an infected desktop. These traces require thousands of removal routines to deal with registering entries, watcher programs and processes."
"Drive-by" websites are one of the newest spyware traps. Assuming human error, site addresses such as googkle.com are activated and pre-loaded with spyware. When an unsuspecting user makes a typing error when searching for Google, they will land on the drive-by site. "This is one of the most common ways of getting infected today," said Eschelbeck.
Thirty-four per cent of spyware comes from the US, followed by 14% from the UK, although this does not necessarily mean the spyware was generated in these countries. The reason for this is that both the US and UK are English-speaking and have a large percentage of their population owning computers.
How to avoid spyware
"Spyware still tends to hide in dark sites on the internet - mainly porn and gambling sites," said Eschelbeck, who admitted that to date "there have been no large exploitations of non-Internet Explorer or non-Windows servers".
"I would advise people to buy a solution that gives both anti-virus and anti-spyware protection. There is no point in buying them individually - you should search for the strongest product which gives you both," he said.
Eight tips to avoid spyware
1. Say no to free software. Consider what is trustworthy, popular and well known. Be alert and sensible when choosing what to download for free.
2. Use Firefox or an alternative web server. It does not mean they are more secure than Internet Explorer - just less popular and thus less vulnerable to attack.
3. Patch your system. Do not wait for Microsoft and Tuesday.
4. Avoid questionable sites - use your judgement.
5. Be suspicious of e-mail.
6. Use public kiosks with extreme caution.
7. Keep anti-virus and anti-spyware technology updated.
8. Use non-admin accounts to log in.
Source: Gerhard Eschelbeck, Webroot
This article first appeared on the web-site of Infosecurity magazine, http://www.infosecurity-magazine.com/