The face of spyware is changing as adware infection rates level off and targeted Trojans and system monitors become more prevalent. So says the latest version of Webroot Softwares State of Spyware report.
According to the latest findings, which are based in part on results gleaned anonymously from the free SpyAudit tool on the Webroot Web site, adware infections dropped to 5.5 instances per infected PC, down from 6.9 percent and 6.1 percent in Q1 and Q2, respectively. Fifty-five percent of computers scanned had some form of adware infection.
Webroot officials trace this improvement to several factors. A critical mass of adware infestations on an infected system will debilitate the computer to unusable levels, requiring the user to fix the problem.
However, the downturn is also due to improved behavior from U.S.-based direct marketing companies. Aiming to come into compliance with the many anti-spyware bills before federal and state governments, adware vendors are cleaning up their act, providing easier-to-comprehend end-user license agreements and improved removal tools.
Like weve seen with anti-spam legislation, adware and spyware infestations will not abate solely due to legislative action. Although domestic marketing companies may wither as they are forced to comply with new laws, many threats will continue to find their origin abroad.
On the flip side, Trojan infections on enterprise-based computers increased in Q3 to 1.5 instances per infected machine (up from 1.2 in Q2), while system monitors held steady at 1.2 instances per infected machine. Trojan infections on consumer machines are also up—to 1.7 instances per infected machine.
Adware engines are often not truly malicious but do provide high visibility that an infection is present. Users who suffer from system crashes and performance slowdowns due to multiple adware infections are more likely to do something to remediate the problem—either fix it or report it.
Users infected with stealthier system monitors or Trojan programs, on the other hand, will be less likely to recognize the presence of the threat, particularly as new spyware technologies begin to leverage rootkit technologies that may evade traditional anti-virus detection. Since these applications are specifically designed to steal confidential information, this development is worrisome, indeed.
In a direct shot across the bow of anti-virus companies, Webroots vice president of threat research, Richard Stiennon, claimed that anti-virus products that perform some measure of spyware detection are particularly poor at detecting and cleaning Trojans and system monitors—as low as 20 percent to 40 percent effective at what should be their core competency.
While Ive never fully bought into the gaudy detection numbers provided by various vendors touting their own products, these numbers give me great pause. This summer, eWEEK Labs tests upheld the assertion that anti-virus companies have a lot of work left to do on their spyware detection and cleaning, but Trojans and system monitors should already have been of paramount concern for anit-virus companies—even before the spyware craze shook the nation.
The State of Spyware Report can be downloaded here.
Technical Analyst Andrew Garcia can be reached at [email protected]