State of Spyware

By | May 12, 2006

Spyware companies and spyware writers continue to refine their malicious programs to evade detection and removal. This refinement includes using new, advanced techniques to infect as many machines as possible while continuing to operate under the radar.

One trend that became apparent in 2005 and continues today involves the implementation of auto-updating technology embedded in spyware programs to avoid detection. This sophisticated skill serves as a reminder that the constant changing of threats requires the anti-spyware industry’s undivided attention.

Trojan and viral procedures in spyware continue their reinvention and implementation. Advanced obfuscation procedures like rotating encryption and compression algorithms are still used by spyware writers on an almost daily basis. Rootkit-like behavior is growing by attempting to hide files from core Windows Application Programming Interfaces (the most direct way for software programs to interact with a Windows system) and detection processes.

Some of the more malicious spyware writers include code to stop detection services for popular virus scanning software. Known spyware is blocking outbound Internet connections from detecting update services for popular scanning engines. By reusing code from viruses and Trojans, spyware has become increasingly difficult to detect.

Phishing Trojans have garnered much press coverage since their inception in the late 1990s. A large amount of the initially released phishing Trojans attempted to steal passwords and serial numbers for commonly used applications and games. Phishing Trojans gradually declined as transport procedures and installation techniques became stale. Now there is a re-emergence of phishing Trojans in the last year, but even more so during the past six months.

Security insiders attribute this spike in phishing Trojans to the released source code for common Trojan downloads and new Trojan phishers. These new phishing Trojans include code updates implementing rootkit-like functionality and advanced obfuscation procedures. The implementation of these new obfuscation procedures makes the collection of secure information (credit card numbers, bank account information, social security numbers, etc.) much easier.

Click here to download the full report

Leave a Reply