White Paper | Biggest Annoyance and Growing Challenge: Spyware and Malware
A comprehensive study out of the University of Washington, “A Crawler-based Study of Spyware on the Web,” warns that the extensive proliferation of covert and malicious spyware is posing an increasingly significant threat for internet users.
Considering that the International Legal Technology Association’s 2005 Technology Survey found that spyware now exceeds spam as the biggest annoyance of law firms, this is not good news. The ITLA survey found that 32 percent of respondents identified spyware as their biggest annoyance, followed by spam (19 percent) and security updates (17 percent).
Some of these nuisance programs get onto PCs via e-mail messages that hide the spyware in attachments but others are bundled in with popular software, such as file-sharing programs, and some install automatically if a user visits a booby-trapped Website.
Before we get into this subject, it is important to realize the distinction between “spyware” and “malware.” Spyware keeps tabs on what Web users do and reports those findings, but the reporting is not always for a malicious intent. In contrast, malware is bad by definition. It seeks information that is useful for identity theft, for example, or is used as a method to attack other systems.
In conducting the study, the researchers used a computer program called a Web crawler to scour the Internet, visiting sites to look for programs that covertly enter the computers of unwitting Web surfers to perform tasks ranging from spamming advertising products to gathering personal information, redirecting Web browsers or even using a victim’s modem to call expensive toll numbers.
“We wanted to look at it from an Internet-wide perspective – what proportion of Web sites out there are trying to infect people,” Hank Levy, professor and holder of the Wissner/Slivka Chair in the UW Department of Computer Science and Engineering and one of the study’s authors is quoted as saying. “If our numbers are even close to representative for Web areas frequented by users, then the spyware threat is extensive.”
The team conducted two searches, one in May and the other in October, examining more than 20 million Web address. They also did additional “crawls” of 45,000 Web addresses in eight subject categories, looking for drive-by download attacks.
In May, it found that 13.4 percent of the 21,200 executable files it found bore spyware, and 3.4 percent of the domains it accessed contained “drive-by download” attacks which exploited known security flaws in attempts to install spyware and malware. However, by October 2005, the frequency of sites carrying “drive-by download” attacks had dropped to 1.6 percent of the domains surveyed.
The reduction may in part be attributed to the wider adoption of anti-spyware tools, automated patch programs such as Windows Update and the recent spate of civil lawsuits brought against spyware distributors.
Game and celebrity Websites appeared to pose the greatest risk. Within these, they found that more than one in 20 executable files contained piggybacked spyware. In addition on average, one in 62 internet domains were found to perform drive-by download attacks – a method for forcing spyware on users who simply visit a Web site.
While most of those were relatively benign “adware” programs, about 14 percent of the spyware contained potentially malicious functions.
The report warned that the consequences of a spyware infection “run the gamut from annoying to catastrophic.” On the annoying end, where most spyware falls, the stealthy programs can inundate a victim with pop-up advertisements. More malicious programs steal passwords and financial information. In a worst-case scenario, spyware could render a victim’s computer useless.
Meanwhile, there is also news that five computer security firms are collaborating on a common naming system for spyware and will co-produce tools to remove the malicious software. The initiative will see ICSA Labs, McAfee, Symantec, Thompson Cyber Security Labs and Trend Micro join forces to tackle spyware.
The companies hope to remove some of the current confusion caused by anti-spyware firms managing their own labelling and removal methods. The group said collaboration was needed as the amount of spyware in circulation was rising by 50 to 100 percent per year.
What should your law firm do to protect against spyware?
One approach is Web filtering, by either some special software or an appliance, that filters Web content as users surf the Web. It prevents the user from visiting sites that might install spyware.
Sometimes, something as simple as a pop-up blocker can help, since many pieces of spyware install by popping up a box and trying to get the user to click a link.
Another approach that has been used is a piece of software that disables the user’s ability to save any files on their local hard drives. If anything gets on the hard drive, a restart of the system gets the PC right back where it was before the bad stuff got there. Of course, such a tool also removes documents or other files that are locally saved,. If this type of tool is used, users must save their work to a location where it will be preserved.
Finally, don't overlook policies. The PCs the users use, and the bandwidth they consume, belong to the company they work for. A good corporate policy on Internet use is an excellent first step, although some firms prefer not to impose these kinds of policies on their employees.
