Malware evolves. Like real software markets, if the opportunity declines then the purveyors will go elsewhere. Its well known, for example, that there are very few actual viruses anymore. And it looks like adware is headed in the same direction.
Roger Thompson noted it in his blog. After making several other interesting observations about developments in malicious code lately, he notes
I hadnt noticed this, but now that he mentions it I hadnt been hearing much lately about adware. And as he says, the keyloggers and rootkits are all the rage.
Alex Eckelberry, president of Sunbelt Software, which is famous for providing protection against (among many things) adware, agrees that adware installs are on the decline. “Large adware developers (180 Solutions, Direct Revenue, WhenU, eXact, Claria, etc.) have either gotten out of the business or have scaled back their operations. “
Why have they pulled out? Eckelberry cited pressure from governments including the FTC, the threat of legal actions, even pressure from their own investors. Another reason, one which raises some other questions, is “the decline of classic P2P apps which bundled adware like BearShare, Kazaa, etc. in favor of other P2P apps like LimeWire [which has a non-adware model] and BitTorrent.” Amazing, it would seem that users can learn, too.
Some other recent history from Alex:
- Over pressure from their investors and other groups, WhenU moved to a direct, non-affiliate model more than two years ago. This dramatically reduced their installs.
- After years of incessant pressure from their investors and others, Claria got out of the business.
- Direct Revenues business was decimated by Elliot Spitzer.
- 180Solutions is still doing the nasty, but not as prevalent as they used to be.
Sunbelts director of Malware Research Eric Howes points out the end of the era of mass adware installers. There used to be a class of companies—IST, MediaMotor, Pacerd, EliteMediaGroup, DollarRevenue and TopInstalls among them—that made their living repackaging other peoples adware in big packages. This is the “20mb of adware” referred to by Roger Thompson.
According to Howes, only TopInstalls is still in the action. The others have been victim to government scrutiny and the decline of the adware packages they push. Plus, they overplayed their hand through heavy use of the WMF vulnerability in December 2005.
There are technical reasons, too. Windows XP SP2 and now Windows Vista have made it much harder to sneak an install by a user without their approval. This agrees with some statistics that Ive seen from Microsoft, although the claim comes across more credibly from Eric Howes.
Finally, Eckelberry cites “increased user knowledge and protection,” and I have to think theres something to this. Its all part of whats making it harder to get adware installed on the system, and therefore causing a decline in attempts to do so.
Howes says not to write off adware as a threat, and of course hes right. If the opportunity to make money opens up again its clear theres no depth to which these people wont stoop. Their main weapon, user deception, has to remain as potent as ever because you have to let users install programs that they want to install. Yes, even on Vista.
These same people, after all, are responsible for the persistence of the rogue anti-spyware market, also cited by Thompson. Howes, incidentally, maintains a famous list of Rogue/Suspect Anti-Spyware Products & Web Sites.
So do you feel any safer for having less of an adware problem to worry about? I didnt think so.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer