Progress Against Attacks
Whether or not the business world, and security industry, has made progress in defeating spyware remains very much open for debate. Some experts see the drop-off in attacks as a sign that things may be improving, but others say the complexity of emerging attacks, in particular their use of social tools such as MySpace to market themselves to end users, shows that the battle is only just beginning."To me, this evolution mirrors what went on with spam, its still here more than ever, but companies have gotten things down to a more manageable level," Stiennon said. "But the fact is that the criminal level is growing, this isnt just adware aimed at click fraud anymore. Its about using Web sites to deliver drive-by attacks, which seems a lot more threatening in a lot of ways." Anti-malware applications specialists Face Time Security Labs expanded its online threat resource, SpywareGuide.com, on July 20, in attempt to help inform users about the growing use of instant messaging systems, chat rooms, P2P file sharing services and collaboration software to distribute spyware. Click here to read more about IM attacks. While the sophistication of the programs themselves isnt advancing significantly, the variety of attacks and delivery methods should still be alarming to enterprises and consumers alike, the company said. To truly defeat the people writing the programs, security vendors and business customers need to become as determined as resourceful as the malware authors themselves, said Chris Boyd, the security research manager who runs the site for Foster City, Calif.-based FaceTime. "Companies need to be every bit as vicious and malicious toward the people creating the attacks, and those paying them to do so, as the attackers themselves have been," said Boyd. "We need to punish the affiliates, and anyone the [malware writers] do business with, and try to trace the money trail and shut these people down." "Is it as big a problem as it has ever been? Thats hard to say," he said. "People talk in terms of bigger threats that could materialize but realistically spyware writers are doing the same things theyve done for years, and just adopting new techniques to avoid filters." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
As with e-mail-borne viruses and spam, enterprises will make headway in fighting spyware, but doing so will be a demanding job, and they will never be completely finished with the task, said Richard Stiennon, analyst with research firm IT-Harvest, of Birmingham, Mich.