Recent developments in adware and spyware (page 1 of 2)

According to Reuters, a California man was indicted earlier this month on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted adware.

The indictment from a federal grand jury in Seattle also accused Christopher Maxwell, 20, and two unidentified conspirators of crippling Seattle's Northwest Hospital with a "botnet" attack in January 2005.

Authorities said the hospital attack caused $150,000 in damages, shut down the intensive care unit, and disabled doctors' pagers.

If he is convicted, Maxwell will face a maximum 10 years in prison and a $250,000 fine.

Reuters quoted the following statement by U.S. Attorney John McKay: "Some people consider botnets a mere annoyance or inconvenience for consumers, but they are highly destructive. In this case, the impact of the botnet could have been deadly."

Let there be no misunderstanding: adware and spyware are among the fastest-growing risks to consumers and organizations today. This article looks at recent developments in adware and spyware, as well as recommended steps to reduce the risks posed by these programs.

Growing volumes

While adware and spyware are not categorized as malicious code, Symantec monitors them using many of the same methods used for tracking malicious code development and proliferation. This involves an ongoing analysis of reports and data delivered from over 120 million client, server, and gateway email systems, as well as filtration of 25 million email messages per day. Symantec then compiles the most common reports and analyzes them to determine the appropriate categorization.

Adware programs enable the delivery and display of advertising content onto the user's device. This may be done without the user's prior consent or knowledge. It is often, but not always, presented in the form of pop-up windows or bars that appear on the screen.

Adware isn't always a security risk. In some cases, it simply delivers an advertising message to the user's screen. But depending upon its functionality and the context in which it is deployed, adware can constitute a security risk.

According to the latest edition of the Symantec Internet Security Threat Report, during the first six months of 2005, the prevalence of adware increased dramatically over the two previous reporting periods. Between January 1 and June 30, 2004, adware comprised 4 percent of the top 50 programs reported to Symantec. In the second half of 2004, it made up 5 percent of the top 50 programs. Between January 1 and June 30, 2005, however, it made up 8 percent of the top 50 reported programs.

For their part, spyware programs can secretly monitor system activity and either relay the information back to another computer or hold it for subsequent retrieval. In some cases, spyware is used by organizations to monitor Internet usage or by parents to monitor their children's Internet usage. Spyware can be surreptitiously placed on users' systems in order to gather confidential information such as usernames, passwords, banking information, and credit card details. This can be done through keystroke logging and by capturing email and instant messaging traffic.

Spyware is one of the fastest-growing risks, increasing at an estimated rate of 50 to 100 percent year over year, according to some security experts.

The chief offenders

The most frequently reported adware program between January 1 and June 30, 2005 was ShopAtHomeAgent, which accounted for 19 percent of the top 10 adware programs reported.