In-Depth

Severity of Spyware Attacks Escalates

Despite dedicated software to defend the enterprise, the economics of spyware leads attackers to respond with more complex attacks or attacks aimed at just one company.

• By Mathew Schwartz
• 05/25/2005

Anti-spyware software already dominates enterprises’ security spending plans for the year. Yet despite dedicated software to defend the enterprise, the economics of spyware leads attackers to respond with more complex attacks or attacks aimed at just one company.

For example, attackers recently attempted to steal almost $423 million from Sumitomo Mitsui bank by using spyware. In another case, the Oklahoma state sheriff’s department, which is privy to homeland security information, discovered its PCs were infected with surveillance software. While it eradicated the software, what’s unknown is the extent to which prisoner or confidential national security information was compromised.

Economically speaking, there’s continuing incentive for attackers to use spyware, reports Webroot Software, which released its first-ever “State of Spyware” report. According to the report, “There is a market that derives more than $2 billion annually from pop-up ads, hijacking homepages, redirecting searches, and using host files and DNS poisoning,” and it’s fueled by spyware. In total, this gray market, the report says, may equal 25 percent of the entire online advertising market. In addition, by using spyware, “identity thieves are getting rich breaking into users’ bank and trading accounts, and issuing new credit cards in the names of the victims.”

To counter the increasing use of more virulent forms of spyware, IT managers need to understand the latest spyware threats and how spyware propagates.

For example, just where does spyware come from? Many assume spyware lives on only a handful of sites, especially those offering free tools. Yet Webroot’s research discovered spyware being pushed on 4,294 Web sites, and on almost 90,000 associated Web pages, in March 2005 alone.

Spyware infestations on PCs are also rampant. Based on tests conducted by Webroot during the first three months of 2005 on 35,300 PCs belonging to over 18,000 companies, 87 percent of enterprise PCs have some kind of unwanted program: Trojan software, a system monitor, cookies, or adware.

Even when excluding cookies from those results, over half of PCs still contain at least one type of spyware. That’s still “a very high number, considering a single malicious program can compromise proprietary corporate information,” notes Webroot.

Anti-Spyware Legislation

Lawmakers are moving to help counter the spyware threat. So far, 27 states have introduced legislation to curb it. Arizona, Virginia, and Utah have laws on the books. Even so, Webroot predicts that the U.S. House of Representatives and Senate, which are also at work on legislation, will produce something that “will supercede the legislative action being enacted at the state level.”

Either way, there’s a linguistic problem: how to define spyware? According to Symantec, “given the relative newness of spyware and the wide variety of programs that have been grouped in this category, there has been a great deal of confusion regarding the programs and the security risk they pose to consumers and organizations.” For example, not all Web cookies are malicious—far from it. Some organizations also approve the use remote-control software.

Beyond the wording of laws, another problem involves jurisdiction. For example, even with new U.S. legislation, Webroot says, “We do not believe it will put an end to spyware, as spyware authors are likely to just move their operations outside the United States.” The greatest benefit from legislation, then, may just be the increased awareness it creates of spyware.

Spyware Infections Decline

The good news from the Webroot report is that spyware infections seem to be declining, possibly from the increased use of anti-spyware software. The bad news is that attacks are also growing more sophisticated. “The ingenuity of spyware writers is increasing as they seek to protect and grow their business models, making protection that much more important,” notes Webroot.

Organizations are taking notice. According to Forrester Research, anti-spyware software will be “the most-purchased security technology in 2005,” with 65 percent of companies saying they plan to buy it this year. A majority of those companies also prefer best-of-breed tools, aware that spyware eradication requires a different set of skills than antivirus software. As Eva Chen, CEO of Trend Micro, notes, “Spyware continues to evolve and cause concern and damage, but not all spyware can be handled the way viruses and worms are.”

It’s no surprise, then, that the market for providing anti-spyware software is continuing to heat up. Trend Micro just announced it will acquire anti-spyware provider InterMute, which makes SpySubtract. The move follows Computer Associates’ acquisition of PestPatrol in August 2004, and Microsoft’s acquisition of GIANT Software in December 2004. For Trend Micro, the InterMute acquisition “instantly establishes Trend’s presence in the North American anti-spyware market and gives it an important beachhead in the heated battle for desktop security leadership,” notes Forrester analyst David Friedlander.

Which spyware programs are most popular in the enterprise? In February 2005, Forrester surveyed 145 technology decision-makers in North America. Of companies using anti-spyware on the desktop, 42 percent employed McAfee, and 21 percent used Trend Micro. The InterMute acquisition, then, gives Trend Micro a potential lead on Symantec and McAfee. “Trend is betting on the fact that its competitors’ client security suites aren’t yet fully integrated or functionally mature,” says Friedlander.

For the desktop security market, much revolves around antivirus, as Forrester’s list of the big players suggests: Computer Associates, McAfee, Symantec, Trend Micro. While a number of smaller antivirus providers also exist, Forrester says companies in general prefer security suites. As a result, the aforementioned companies dominate.

Forrester recommends companies adopt anti-spyware software if they haven’t already. For those already having security suites with some anti-spyware capabilities, it will likely be all the protection they need, says Friedlander, even if the anti-spyware software isn’t best of breed. On the other hand, “companies with extremely porous networks and a large number of mobile users can benefit from deploying an additional anti-spyware scanning engine on laptops, in particular.”

Related Articles:

Prosecuting Spyware Makers
http://www.esj.com/Security/article.aspx?EditorialsID=1388

What’s Ahead for Enterprise Anti-Spyware
http://www.esj.com/Security/article.aspx?EditorialsID=1338

Ignorance of Spyware in the Enterprise Still High
http://www.esj.com/Security/article.aspx?EditorialsID=1322