Spyware & Adware - How the Bad Guys Profit

Trend MicroTaken from the Trend Micros Weekly Virus Report - March 24, 2006.

Broadly defined, spyware is any software program that surreptitiously monitors and gathers user information. What was once written and installed only by malicious authors seeking to steal users’ personal information, adware has emerged as a new and more prominent form of spyware. A slightly less malicious form of spyware, adware can display pop-up advertisements produced by so-called legitimate adware companies. Adware companies are well funded, to the extent that some have even discussed launching multi-million dollar IPOs.

The current mix of spyware and adware presents a compelling challenge to both computer users and security companies, because of the lack of clarity about what constitutes legitimate marketing techniques ? and is further complicated by the fact that the rules vary widely throughout the world.

A narrow definition of spyware includes programs on a user’s computer that report user behavior, such as keystrokes or Web browsing history. According to this definition, some types of spyware may be used for marketing purposes, while other types are used for the purpose of criminal fraud leading to profit making.

Trend Micro uses both broad and narrow definitions of spyware, according to Anthony Arrott, Trend Micro’s manager of spyware research. “A broad definition of spyware would include adware and Trojan spyware,” he explained. “Anything that interferes with the privacy, productivity, or security of your PC can be called spyware - with the caveat that it is non-propagating. Spyware stays on a system as long as it can without being noticed. Also, while viruses and worms are essentially about vandalism, broad-definition spyware is about monetary gain.”

The story of how the money flows in the spyware cycle involves four contributors or sources. First are the advertisers themselves, and second are the agents they hire to market their products. Third in the spyware food chain is the publishers, the writers of the program ‘payload’, the crimeware or grayware that actually gets delivered to the user’s computer. Fourth are the distributors, who often distribute multiple payloads for a variety of publishers, since they earn their money on a “per install” basis.

Spyware and adware were prevalent trends in 2005. According to Trend Micro’s research,
29 per cent of the total threat landscape for the year was comprised of spyware and adware. 2005 also saw the use of blended threats, in which malware authors initiated multi-trojan attacks ? including worms that drop or download spyware/adware programs onto systems ? to take advantage of marketing programs that pay a small fee per installation.

The trend is likely to continue in 2006 and beyond. Adware-driven campaigns can generate significant amounts of money, and many adware companies are eager to have their products installed in as many PCs as possible. As the threat of spyware and adware continues to grow, it becomes even more critical for computer users to scan any program downloaded through the Internet - including any downloads from P2P networks, via the Web, or any FTP server, regardless of the source - with updated anti-virus and anti-spyware software.

If you would like to scan your computer for worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro’s free, online virus scanner at:

http://housecall.trendmicro.com/