Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Many Faces of Spyware

    By
    Paul F. Roberts
    -
    June 21, 2005
    Share
    Facebook
    Twitter
    Linkedin

      They have innocuous-sounding names—ShopAtHomeSelect, CoolWebSearch, Searchex, IEDriver—and are called many things: spyware, adware, scumware or the euphemistic PUPs (for “potentially unwanted programs”). But theres no disputing that, by any label, programs that monitor users online behavior, legally or illegally, are a big business and a big headache for computer users and IT administrators.

      Spyware is a $2 billion-a-year industry, according to Webroot Software Inc., judging from rough estimates of the number of adware installations and the amount of money generated by each installation. Its an industry girded by business relationships that tie legitimate advertisers to online marketing companies, small application vendors, Web site operators and shadowy online groups with iniquitous ties. The industry is a Wild West of aggressive marketing, loose oversight and big profits—all flowing from consumer behavior and the surreptitious programs that track, mine and shape that behavior.

      /zimages/5/28571.gifA drive-by site taps an exploit to infect PCs with malware. Click here to read more.

      Cleaning up the spyware economy will be a challenge, experts say. Enterprises face an explosion of spyware and adware that threatens compliance efforts and intellectual property. As with anti-spam legislation, anti-spyware laws working their way through Congress wont fix the problem by themselves. While regulators and the high-tech industry seek solutions, organized online crime groups are using spyware to fuel an epidemic of identity theft and online fraud.

      At Family Credit Counseling Service, in Rockford, Ill., spyware became a big problem in the last 12 months, said Joshua Beard, a technical support specialist at the nonprofit organization, which provides financial counseling services to individuals.

      “It started with those little search bars that come up, which were an annoyance more than anything,” Beard said. The problem escalated into a major IT headache in the last six months, as the spyware and adware infections multiplied and began causing more damage.

      /zimages/5/28571.gifeWEEKs Editorial Board claims we need a spyware law. Click here to read its view.

      Technicians for the San Lorenzo Unified School District, in California, had a similar story, said Art Cipriano, director of IT. “We were continuously receiving work orders to fix slow computers and getting panic calls of pop-ups taking over computers,” Cipriano said. “Many times, [the computers] were so severely infected we ended up just [reformatting] them.”

      About one-third of application crashes reported to Microsoft Corp., in Redmond, Wash., are caused by spyware, according to Brendan Foley, senior product manager of Microsofts Windows Antispyware group.

      Next Page: The spyware source.

      Page 2

      How does spyware make its way onto all those networks? IT staff at most organizations that have had to battle the pernicious programs, including Family Credit and SLUSD, admit that they dont know.

      Spyware is typically distributed with other programs in installation bundles, such as freeware and computer games. Those bundles might be downloaded directly from an adware vendors Web site or from an affiliate Web site, experts say.

      /zimages/5/28571.gifAdvertisers recoil from dubious online marketing tactics. Click here to read more.

      Direct Revenue LLC, of New York, an online marketing company, has more than 20 million installations of its three ad programs—Aurora, Ceres and SolidPeer—mostly through bundling arrangements with P2P (peer-to-peer) software and “a slew” of other consumer programs, such as instant messaging smiley-face enhancements, Web browser tool bars, and clock and weather programs, downloaded from Direct Revenue affiliate sites, according to J.P. Maheu, Direct Revenues CEO.

      Claria Corp., in Redwood City, Calif., also an online marketer, had software running on 40 million desktops at the end of last year, according to Reed Freeman, Clarias chief privacy officer.

      Bundling relationships benefit both sides. Application vendors such as Kazaa P2P maker Sharman Networks Ltd. collect fees from adware vendors for each installation, and adware vendors, such as Claria, ride the popularity of the third-party software onto users PCs.

      Adware and spyware bundling deals are often too good to ignore, even for companies that might look askance at helping to distribute spyware and adware programs, said Ben Edelman, a Harvard University Law School student and an expert on spyware. “Kazaa comes with stuff because Gator [Claria] pays $1 per install,” Edelman said. “If that was [5 cents], Kazaa would think of something else.”

      The adware money is also enticing to the thousands of small-business owners who operate many of the affiliate Web sites, especially if the site owner doesnt understand the technical details of how adware works, said Anne Fognano of Leesburg, Va., who runs Clevermoms.com, Cleverbabies. com and Cleverdads.com.

      “People who are educated about the problem do the right thing, but there are people who will run anything if it makes a buck,” Fognano said.

      But pay-per-install commissions are also fueling a scourge of sites that execute drive-by downloads, depositing wares on users computers without warning or consent, said David Moll, CEO of anti-spyware company Webroot Software, in Boulder, Colo. Drive-by-download sites use software exploits, often targeting holes in Microsofts porous Internet Explorer browser, to push Java and ActiveX code to vulnerable machines, Moll said.

      Often, those sites install software that is clearly malicious, such as Trojan horse back-door programs, viruses and keyloggers. Just as often, however, legitimate adware programs are part of the package, anti-spyware experts say.

      An analysis in April of one drive-by-download site showed how Java code was used to silently install a gaggle of adware from 180Solutions and its competitor, Integrated Search Technologies, including such ad-delivery wares as 180Search Assistant, ISTbar, PowerScan and SideFind, all without displaying end-user licensing agreements, according to a post on Spywareguide. com by Jan Hertsens and Wayne Porter.

      With networks of thousands or tens of thousands of affiliates, online marketers said its hard to stay on top of all sites distributing their wares. That lack of oversight may already be breeding shadow networks of corrupt affiliates, experts warn.

      Roger Thompson, director of malicious-content research at Computer Associates International Inc., of Islandia, N.Y., said he has noted the appearance, in recent months, of complex networks of shell Web sites that he believes are designed to pull in Web surfers from Internet search engines and download malicious code.

      The collections of hundreds or even thousands of registered Web domains, which Thompson likens to “spiders nests,” all link to one IP address that uses exploits, such as the Internet Explorer iFrame exploit, to install malicious code, often with different bundles of programs each day, he said.

      Thompson said he believes that adware vendors are benefiting from the drive-by downloads and that commissions from the adware vendors could be channeled to shadowy, possibly criminal, groups that sponsor the Web pages. “There are so many people involved, and the sites change so often—with new partners every day—its very hard to tell where its all going,” he said.

      Widespread distributions of adware and spyware pose a major problem for companies in such regulated industries as financial services and health care, said Webroots Moll. “How can a financial services company be compliant with [the] Gramm-Leach-Bliley [Act] if they have keyloggers on their machines?” he asked. “How can a health care institution be compliant with HIPAA [Health Insurance Portability and Accountability Act] if they have Trojans?”

      Next Page: Seeking help.

      Page 3

      Executives at leading online marketing companies said their affiliate agreements prohibit drive-by downloads or installations that arent specifically user-authorized. “I can tell you we have a strict set of rules [about disclosure], and were removing distributors who are found to not be in compliance with our policies,” said Direct Revenues Maheu. Direct Revenue said it has terminated contracts with six distributor partners in the last 12 months, but it declined to name the partners, citing “legal reasons.”

      180Solutions is policing its network of 7,000 to 10,000 affiliate sites, according to Dan Todd, 180s president and co-founder, although the company declined to list specific actions it has taken, aside from a single July 2004 lawsuit against Aztec Marketing Solutions Ltd., which accused the affiliate of using drive-by downloads.

      But pressure from outside the adware industry is the most likely agent of change in the spyware business. Two federal anti-spyware bills covering certain installation, removal and monitoring behaviors, as well as disclosure requirements, recently passed the U.S. House of Representatives, and lawmakers are optimistic that some anti-spyware legislation may be signed into law by years end, according to Rep. Mary Bono, R-Calif., who co-authored HR 29, also called the Spy Act.

      Other players in the adware and spyware food chain are also taking steps to cut down on the prevalence of the programs. Commission Junction Inc., a 70,000-member Web site affiliate network based in Santa Barbara, Calif., recently banned 180Solutions affiliates from its network and told members they could not distribute third-party software without explicit approval from Commission Junction, according to company officials.

      LinkShare Corp., another affiliate marketing network, is also asking affiliates to reapply so that their sites can be vetted, said Shawn Collins of Summit, N.J., an authority on affiliate networking. Still, IT administrators are skeptical that new laws and pressure from advertisers will make much of a difference when it comes to ending the spyware and adware problem. “As with spam, a lot of this stuff comes from overseas,” said Family Credits Beard. “You cant really legislate whats going on.”

      For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Administrators are looking to other means, such as anti-spyware software and switching from such vulnerable platforms as Windows and IE. At the University of Toledo, in Ohio, for example, administrators are encouraging use of browsers other than IE and are evaluating Apple Computer Inc.s new Apple Mini for no other reason than to end spyware infections, said Joe Sawasky, interim CIO at the university.

      Beard said he is exploring the use of the Firefox browser at his organization. “I dont really know if theres a big fix. As long as people keep writing software to get around whats out there trying to block it, there will always be new problems,” he said.

      Check out eWEEK.coms for the latest security news, reviews and analysis.

      Paul F. Roberts
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×