White PapersDuring 2005, spyware became the leading threat to safe and secure computing. In response to that threat many enterprises and consumers adopted new anti-spyware products to fight back against the crisis.
This white paper documents the threats in statistical detail, looking at the evolving techniques used by spyware writers to undermine businesses.
page 1P.O. Box 19816Boulder, CO 80308-2816USAToll Free: 800.870.8102Telephone: 303.442.3813Facsimile: 303.442.3846www.webroot.comUntitled DocumentExecutive SummaryDuring 2005, spyware became the leading threat to safe and secure computing. In response to this growing threat, many enterprises and consumers adopted anti-spyware products to fight back against this crisis. Despite this increased anti-spyware adoption rate, new infections, new malware and major security incidents dominated industry news throughout the year. All the while, spyware purveyors began to feel the weight of new anti-spyware legislation passed during 2005 as a number of U.S. states brought charges against these vendors. Also in the United States, the FTC filed actions against several spyware writers attempting to pass their spyware programs off as legitimate anti-spyware solutions. News and IncidentsSecurity analysts may consider 2005 as one of the worst years ever for data security losses. In all, more than 130 different security breaches exposed more than 55 million Americans to a wide range of illegal activities, including the possibility of identity theft. These high-profile breaches continue to affect consumers pockets. ChoicePoint, a data broker firm, and victim of fraud in early 2005, had to adjust its second quarter earnings to cover costs associated with their security breach. Furthermore, in a settlement with the FTC, ChoicePoint agreed to pay 15 million in fines. ChoicePoint isn t alone. Other affected organizations and businesses include: " H&R Block " BJ s Wholesale Club " DSW Shoe Warehouse " University of California " MasterCard " Ford Motor Company " Sam s ClubThe companies mentioned above are only a handful that have been highly publicized in the news for their security breaches over the course of the year, compromising personal information for customers and employees. Following a firestorm of protests and class-action lawsuits, Sony BMG recalled thousands of CDs bundled with rootkit technology designed to prevent piracy. The disputed software reportedly opened customers computers to hackers and viruses. The lawsuits claim that Sony BMG has surreptitiously installed spyware on the CDs. Following these scandals, Microsoft revealed a major vulnerability, a WMF flaw that hackers could use to access and take control of a computer. This unique vulnerability was particularly dangerous because even simple activities such as viewing a Web page were no longer safe. A number of technical Web sites used this flaw and the hacker activity around it to illustrate that security threats have evolved. Threat ResearchSTATE OF SPYWARE2005: THE YEAR IN REVIEWExecutive SummaryDuring 2005, Webroot identified more than 400,000 sites that host spyware. Throughout the year, evading detection and removal became the primary focus of spyware companies and spyware authors. To this end, spyware writers continue to increase their user base by targeting security vulnerabilities and using advanced techniques such as polymorphic code to operate under the radar. As spyware companies strive to create stronger, more persistent programs, there has been an increase in spyware using driver-based technologies. These programs sit at the lowest level of the operating system, embedding themselves deeper than early generations of spyware into the computer with the ability to extensively damage the user s operating system. Current spyware development not only focuses on hiding spyware from the user, but also on implementing auto-updating technology to avoid detection. The constant evolution of threats requires the anti-spyware industry s undivided attention. page 1Untitled DocumentPrivacy. Protection. Peace of mind.Enterprise and ComplianceAs the News and Incidents section reveals, 2005 may go down in history as one of the worst years ever for data security breaches. Stories ripped from the headlines illustrate that corporations could no longer be complacent about the evolving spyware threat. No company is immune, as supported by Webroot SpyAudit data. Unsuspecting companies that feel that they do not need protection from spyware have fallen victim to this evolving threat.Many of these security incidents came to light as a direct result of state legislation requiring corporations to reveal when customer data has been compromised, such as the California security breach notification law. Corporations are now faced with meeting this mandate as well as others, such as the FDIC advisory, HIPAA, Gramm-Leach-Bliley Act and Section 5 of the FTC Act.To maintain compliance with these initiatives, corporations have been forced to rethink their data security measures. Of particular concern is the looming question of how spyware may jeopardize compliance with new laws and regulations. Enterprise FindingsDuring 2005, an increasing number of enterprises found themselves confronting a high number of complex spyware programs, such as system monitors and Trojan horses. The continuous spyware offensive caused many of these enterprises to scramble to stay ahead of these threats. Facing a loss of customer trust that can easily domino into loss of revenue, enterprises now concern themselves with the implications of keystroke loggers on internal computers. Malicious spyware, which includes system monitors and Trojans, is increasing in prevalence within the enterprise. Between Q3 and Q4 2005, Trojan horses increased 9 percent. From Q2 to Q4, system monitors increased 50 percent each quarter.As malicious spyware grows in complexity, it presents a problem for traditional virus detection methods. Most spyware behaves drastically different than viruses. It s important to recognize that anti-virus programs and free anti-spyware solutions are ineffective against these complicated and sophisticated programs. The detection and removal engines used by these programs are unable to root out these insidious programs, which use polymorphic code or rootkit technology to avoid detection. page 2STATE OF SPYWARE2005: THE YEAR IN REVIEWTop ThreatsThe top threats list below displayed the continued use of packing and encryption algorithms. Spyware based on Trojan horse code, a viral installation procedure, or a polymorphic engine requires new detection and removal methodologies to stay ahead of the threat. It s important to note that two of the top 10 programs listed, SpywareStrike and PSGuard, are considered rogue anti-spyware programs. " 180 Search Assistant " EliteBar " PSGuard " Apropos " ISTbar " SurfSideKick " Virtumonde " CoolWebSearch (CWS) " DirectRevenue ABetterInternet " SpywareStrike Untitled DocumentPrivacy. Protection. Peace of mind.Consumer FindingsDespite a high awareness level about spyware, more and more consumers are becoming infected with unwanted programs, particularly with malicious programs such as Trojan horses and system monitors. Home computer users in United States, Thailand and United Kingdom continue have the highest infection rates. While it s difficult to identify just one reason for this increasing spyware infection rate, security analysts point to lowering costs of both personal computers and higher adoption rates of broadband due to lower prices and increased access. As computers become more and more affordable, the rise of multiple computers in each household has increased.In addition, spyware writers frequently modify their programs to avoid detection. To guard against new spyware programs, home computer users must use an anti-spyware program with frequent definition updates. Unfortunately, users who just install an anti-spyware program, but fail to update definitions and versions, aren t as protected as those who update on a frequent basis. Webroot Internet Security SurveyAs indicated by the results of a recent Internet security survey conducted by Webroot, spyware directly costs businesses time and money. Almost two-thirds of survey respondents admitted being infected by spyware. Of those companies that experienced spyware infections, 54 percent reported that spyware triggered business disruptions that caused loss of revenue. Webroot s survey results mirror the results of a recent FBI survey, which shows that nine out of 10 businesses suffered from a computer virus, spyware or other online attack in 2004 or 2005. Many of the attacks occurred at a time when anti-virus programs were used as a standard security tool. Legal and LegislationAfter filing its first spyware case against an alleged spyware operator in October 2004, the FTC stepped up its enforcement activity in 2005 by filing several actions against purported purveyors of spyware and bogus anti-spyware software, as well as actions against companies that, according to the FTC, failed to adequately protect customer data. In 2005, several computer users took matters into their own hands, filing class action lawsuits against companies that allegedly deceptively promote spyware. Given the relative novelty of this approach, the industry is watching these suits closely to see whether they open the floodgates of litigation.By the end of 2005, twelve U.S. states have passed spyware laws eleven of which are already in effect, and one, Nevada, will go into effect January 1, 2007. Enforcement of these new laws in Alaska, Arizona, Arkansas, California, Georgia, Iowa, New Hampshire, Texas, Utah, Virginia and Washington, over the coming months and years will be an indication of their effectiveness. As the state legislatures reconvene for the 2006 session, it is likely that additional states will consider spyware bills over the coming months. page 3STATE OF SPYWARE2005: THE YEAR IN REVIEWUntitled Document 2006. All rights reserved. Webroot Software, Inc. Webroot, the Webroot icon and Phileas are trademarks of Webroot Software, Inc. All other trademarks are properties of their respective owners. NO WARRANTY. The technical information is being delivered to you AS-IS and Webroot Software makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained herein is at the risk of the user. Documentation may include technical or other inaccuracies or typographical errors. Webroot reserves the right to make changes without prior notice. Certain data is available upon request. Privacy. Protection. Peace of mind.ConclusionWith the accelerating spyware threat, what does 2006 hold for those attempting to defend their systems from this scourge? Spyware writers are taking note of the pending U.S. legislation and are routinely routing their malicious programs through other countries like China or Romania where prosecution is difficult. By using advanced encryption techniques along with rootkit technology, the more malicious forms of unwanted software will con-tinue to proliferate. During 2005, consumers and enterprises became more aware of spyware and its growing impact, and many users adopted anti-spyware programs as part of their online arsenal of tools. However, the next step is to ensure that the protection they have adopted is indeed solving their problem, and that they continue to keep their protection software up to date at all times.As the State of Spyware Report for 2005 documents, the overall threat of online security is rising dramatically as spyware continues to target more and more users.About Webroot Software, Inc.Webroot Software, Inc. is the creator and publisher of the award-winning Spy Sweeper line of anti-spyware products for consumers, small businesses and enterprises worldwide. Based in Boulder, Colo., the company is privately held and backed by some of the industry s leading venture capital firms, including Technology Crossover Ventures, Accel Partners and Mayfield. Webroot s software consistently receives top ratings and recommendations by respected third-party media and product reviews, and has been adopted by millions globally. Spy Sweeper and other Webroot products can be found online at www.webroot.com and on the shelves of leading retailers throughout the United States, Europe and Japan. Webroot products are also available as either branded solutions or on an OEM basis. To find out more about Webroot, visit www.webroot.com or call 1-866-612-4227.Check to see how protected your company is against spyware. Take the Webroot SpyAudit today. http://www.webroot.com/sosauditpage 4STATE OF SPYWARE2005: THE YEAR IN REVIEWUntitled Document
