Got spyware? Join the crowd. Webroot released their State of Spyware Report today and the statistics are more than discouraging. Spyware in the enterprise setting topped 80% and increased 19% in the second quarter. Sites spreading spyware increased 400% and the spyware is more tenacious and malicious than ever. Webroot says their spyware definitions doubled in the same time period. About 80% of home users are infected. Webroot uses a webcrawler dubbed Phileas that controls a set of bots trolling the internet for malware. Newly discovered infected URLs, files and traces are sent back to Webroot to be added to their database. The report says the majority of infected sites are originating in the US with Poland and the Netherlands in 2nd and 3rd place. The 75 page report includes a summary of legislation, both federal and state.
Webroot names their top threats starting with CoolWebSearch, followed by Elite Bar, PowerScan, Look2Me, PurityScan, Clkoptimizer, 180search Assistant, Web Search Toolbar, ISTbar and aBetterInternet in that order. The report includes descriptions of each.
Are Webroot's statistics inflated? Is the problem of spyware overstated? I don't think so. My only area of disagreement with Webroot may be their view of cookies. Page 40 says they "will continue to monitor cookies until a definitive decision is made on whether cookies constitute spyware is determined". I'll save the debate on cookies for another time. I don't consider cookies spyware, but I do consider them a privacy concern.
I wholeheartedly agree that spyware is more malicious and more difficult to remove than ever before. We've seen spyware and adware that resist removal by any ordinary means, hiding from the Windows API through alternative data streams and rootkits. We've recently seen new variants of trojan keyloggers distributed through exploits that steal information from the Windows protected storage area and write that information, including usernames, passwords, social security numbers, credit card numbers, to a text log on a remote web server. They also bypass firewalls and steal information on the Windows clipboard.