Some 97 percent of Web surfers are just a click away from infecting their computers with adware and spyware, according to anti-malware software maker McAfee, of Santa Clara, Calif.
McAfee came to that conclusion after analyzing 14,464 responses to a spyware quiz taken by consumers at its SiteAdvisor Web site.
“Of the 14,000 people who took the spyware quiz, three percent got perfect scores, 97 percent got at least one wrong,” McAfee SiteAdvisor Market Strategist Shane Keats told TechNewsWorld.
“So I think it’s fair to say,” he continued, “that the vast majority in a typical month of clicking will end up on a Web site that potentially exposes them to spyware.”
Wandering Into Dark Alley
The quiz at the site, which has been available since March, presents users with pairs of Web pages from locations on the Net and asks them to choose which is a safe site and which is not. A second part of the test asks users to make similar distinctions among several file-sharing sites.
Keats admitted that he was a bit disconcerted by the study’s findings.
“Given the amount of coverage the media has given spyware, we were surprised by the number of people who got multiple answers wrong,” he said.
“Folks are overestimating their ability to spot spyware,” he maintained. “The bad guys have gotten good at making their sites look very professional, very slick, and it’s becoming even harder to know when you’re wandering into a dark alley.”
Black Chips Exploit Blue Chips
One way malefactors disguise their intentions is by exploiting the brands of companies with blue-chip reputations.
Researchers observed that quiz takers did particularly poor on the comparison of two lyrics sites. “One possible reason,” they deduced, “the unsafe site had advertising from well-known brands like Circuit City and Monster.com that may have served to legitimize it.”
Keats contended that “almost certainly” these companies don’t know how their brands are being abused. He explained that a company will hire an ad agency that acts with its interactive division that hires an online media buyer that works with an affiliate network that works with another ad network and so on.
“They’re so many steps removed from the actual placement decision that, realistically, headquarters at any Fortune 500 company probably doesn’t know where their brand is appearing,” he said.
“A lot of companies don’t know you can get spyware by going on a lyrics site,” he added. “They think you’re only searching for text.
“Because of the way SiteAdvisor does its Web crawl, we can find that stuff out so we can tell people here’s a site that you didn’t think had spyware, but it really does,” he noted.
SiteAdvisor is a massive project mounted by McAfee to analyze and test the behavior of all Web sites on the Internet on an ongoing basis.
The results of that testing can be accessed by consumers by installing a browser plug-in from the SiteAdvisor site.
The plug-in appears as a button on a browser’s status line. When a user enters a Web site, the button will change color — green for a safe site, yellow for proceed with caution and red for a malware site.
A detailed analysis of the site can be viewed by clicking a menu arrow beside the button.
System Level Infection
If detecting a spyware site is hard without the aid of a tool like SiteAdvisor, identifying spyware once it reaches a computer can be even harder, according to Patrick Hinojosa, chief technology officer for Panda Software, a security technologies, products and services company in Glendale, Calif.
He cited instances of spyware masquerading as legitimate system-level files, such as the registering itself as a Layered Systems Provider (LSP) in Windows, to avoid detection.
“Even most power users are not going to know how to inspect the LSP layer and know what should or should not be there,” he told TechNewsWorld. “And even if they found something they weren’t sure about and they yanked it, it could totally kill their Internet connection indefinitely until they rebuild that stack.”
Spyware continues to grow on the Web because the Net is becoming an increasing source of entertainment for netizens, according to Ron O’Brien, a senior security analyst with Sophos, a maker of integrated threat management solutions in Lynnfield, Mass.
“The proliferation of applications on the Internet that resemble entertainment serve as an incentive for people to download them onto their PC without realizing there’s this spyware element to them,” he opined.