Spyware Fades to a Dull Roar, But Targeted Attacks Loom

News Analysis: Analysts agree that most enterprises have reached a point where they can effectively block many forms of spyware, but targeted attacks at specific companies and the need to further integrate security technologies are both keeping bus

Much as in their battle against unsolicited spam e-mail, enterprises are having success in reducing the impact of spyware programs, but a new breed of targeted attacks combined with a constantly changing array of delivery methods has kept the malicious code on IT administrators radar.

With Internet phone specialist Vonage recently coming under attack from security researchers for its advertising practices, for which it has been accused of funding nefarious adware providers, and social networking site MySpace.com becoming the unsuspecting delivery tool of other malicious code writers, it is clear that spyware remains a real threat.

However, industry experts concede that most large businesses have become sufficiently mature in their efforts at blocking out mainstream spyware attacks.

The challenge for enterprises moving forward, analysts say, will be in warding off spyware attacks crafted by organized criminals that are specifically aimed at their companies, or smaller groups of businesses, and pulling together disparate security technologies to help fight so-called blended threats that use spyware along with other malicious programs to help find new ways onto corporate networks.

Ben Edelman, a well-recognized spyware researcher and consultant based in Cambridge, Mass., said there is debate over whether the volume of spyware programs has been reduced, but he considers those statistics unimportant in the face of more-targeted attacks motivated strictly by hackers ability to generate income.

/zimages/3/28571.gifTo read more about the evolution of attacks, click here.

Another emerging spyware delivery method has arrived in the form of freely distributed Web browser applications that serve primarily to direct end users to sites that harbor spyware, such as the so-called Safety Browser attack unearthed by researchers in May.

"In general there have been small downturns in the number of spyware attacks, but the numbers were also preposterously high as it became such a popular area over the last few years," Edelman said.

"The interesting development of late has been [malware writers] shifting their primary focus to new ways of delivery; the rise of anti-spyware programs and Microsofts distribution of security updates has improved the landscape somewhat, but you also have people finding sound business models for making money off spyware, and they wont stop until the money goes away."

Whereas the spyware programs of days past were largely scatter-shot attacks meant to draw in anyone gullible enough to download their code or visit the Web sites they were hidden on, Edelman said that increasingly organized groups of malware writers are shifting their attentions toward ripping off specific firms, and their customers.

Along with well-known attempts to dupe users of popular sites such as eBay and Google, researchers claim they have come across programs that were aimed at customers of small regional banks and other lesser known businesses.

Real-world examples of such attacks remain hard to come by, as businesses dont often advertise the fact that theyve been attacked, but the problem is indeed growing, said John Pescatore, analyst with Stamford, Conn.-based Gartner.

"The people writing the more targeted code want to install something within a certain company to gather a specific type of information that they can use to make money, from account information to intellectual property," Pescatore said.

"They dont care if they get on a million PCs, they know its potentially better to focus their efforts on one company at a time and push for real results that make them money."

The analyst said that enterprises will also increasingly face blended attacks, such as threats that use spyware to deliver Trojan Horse viruses that mine databases for valuable information.

When combined with efforts to single-out specific businesses, such attacks could become even more dangerous as they are designed with the goal of finding new ways to slip through the cracks of popular anti-virus applications.

To that end, Gartner is telling its clients to move away from stand-alone anti-spyware technologies in favor of tools that are tightly integrated with antivirus and other network security technologies.

If businesses become too convinced that they have become effective at stopping spyware with existing tools, they could become vulnerable to future attacks, Pescatore said.

"The majority of larger enterprises think they have spyware down to a dull roar, as with spam, and theyve bought solutions and are using network prevention tools that have effectively stopped a lot of todays threats," he said.

"But half of these companies are using point products, and it remains to be seen if that can protect them from hybrid attacks; thats why were advocating integrated security applications."

Next Page: Progress against attacks.