corner

State of Spyware Q2 2006

Consumer Report

Spyware incidents continue to make headlines around the globe. As Internet spyware writers become more sophisticated and more cutthroat, home computer users are paying the price.

Security analysts report that Internet spyware writers are stooping to all-time lows when it comes to targeting consumers. Spammers now use Internet spyware to make their e-mail campaigns more successful. There have been reports of crafty spyware writers creating false profiles on MySpace to target the large install base of teenagers and young adults using the popular Web site.

Despite the publicity about the dangers of spyware, infection rates are on the rise. Webroot spyware scan data shows that 89 percent of consumer PCs are infected with spyware. U.S. home computer users are infected with an average of 30 pieces of spyware on their PCs.

Internet spyware writers are constantly modifying their programs and installation methods to avoid detection. They are using rootkits and driver-level technology to hide from anti-spyware programs. Many free anti-spyware programs simply aren't capable of removing spyware programs.

As the Webroot Threat Research team discovered with a particularly malicious program, Trojan-Phisher-Rebery, online criminals use malicious Web sites, common software vulnerabilities, and keylogging software to harvest information from unsuspecting Web surfers.

Not only do free anti-spyware programs offer a false sense of security, so do anti-virus products. Most anti-virus programs do not effectively detect and remove spyware and the more complex adware threats, especially Internet spyware programs that use advanced obfuscation procedures like rotating encryption and compressed algorithms.

To make matters worse, as Internet spyware writers find a way to access a home computer, it's the home computer user who is left holding the bag financially, that is. In many cases, spyware infection can result in identity theft, which can take time and money to recover. Individuals hit with spyware can lose thousands of dollars as their bank accounts and credit cards are pillaged by these online criminals. A Bank of America customer lost almost $90,000 when a Trojan horse captured his password and login information. Bank of America denied responsibility and has refused to reimburse the customer for his loss.

Q2 2006 Overall Findings

Overall Internet spyware infection rates continue to rise for the third straight quarter. The second quarter of 2006 saw an increase in the share of consumer PCs infected with spyware: from 87 percent in Q1 2006 to 89 percent.

internet spyware

This increase in Internet spyware infections suggests that although home computer users are adopting anti-spyware programs, they are choosing inadequate programs to protect their computers or not keeping their programs up-to-date.

Before installing an anti-spyware program, home computer users should evaluate the program's ability to detect and remove spyware, especially malicious programs. In addition, given how quickly spyware programs morph and evolve, the best anti-spyware programs should offer daily defensive definition updates.

Global Infection Rate

During the second quarter of 2006, Puerto Rico had the highest average number of spies detected: 42.6 per scanned PC. Algeria and Bahrain also had high infection rates with 38.4 per scanned PC and 35.7, respectively.

Global Infection Rate

Looking at the 95 countries with 500 or more PCs scanned in Q2 2006, the average number of Internet spyware traces found was 24.5 spies. The United States was above average with 30 spies detected.

European Infection Rates

Internet use continues to increase throughout the European Union, with nearly half of the EU population using the Internet at home or on mobile devices. Spyware sources have targeted this growing population as a new market for their malicious programs.

The United Kingdom, Ireland and Lithuania still have the highest infection rates in European countries. Ireland and the United Kingdom swapped places since Q1 2006. Now the United Kingdom records the highest number of spies per PC in Europe, while Ireland comes in second, followed by Lithuania.

European Infection Rates

Asia Pacific

Consumer PCs in Singapore have the highest number of spies in Asia at 31.5. Australia was second with 25.6 spies per PC, followed by New Zealand with 25.3 spies per PC. Internet use throughout Asia has grown more than 200 percent since 2002 and now accounts for just over 35 percent of the entire world’s Internet use, more than any other region. In Singapore alone, more than two-thirds of the population uses the Internet at home or work. As access to the Internet rises, spyware writers have more users to target.

Asia Pacific

Malicious Spyware

In the second quarter of 2006, Trojan horse infection rates increased to 31 percent, up from 29 percent in Q1. Trojans increased from 1.9 instances on infected PCs to 2.0 instances.

Malicious Spyware

The most common Trojan horse detected was Trojan-Downloader-Zlob, which is a Trojan downloader that may download other threats onto user's computers. According to Webroot spyware scan data, there were more than 1 million counts of this Trojan horse on consumer PCs during Q2 2006.

Global Trojan Horses

During Q2 2006, Dominican Republic had the highest infection rates for Trojans at 1,099 per 1,000 PCs scanned, compared with the worldwide average of 504 Trojan horses.

Global Trojan Horses

System Monitors

Frequently, Internet spyware purveyors rely on Trojans to install sophisticated system monitors to capture personal information, like bank account information or credit card numbers.

Webroot Internet spyware scans revealed that system monitors are present on 6 percent of infected machines during Q2 2006, the same percentage as last quarter. This steady rate may indicate that malicious spyware, like system monitors, remains the modus operandi for a majority of online criminals.

The most common system monitor detected was Perfect Keylogger. Perfect Keylogger is a monitoring tool that records all visited Web sites, keystrokes and mouse clicks. According to Webroot spyware scan data, there were more 43,000 counts of this system monitor during Q2 2006.

System Monitors

Global System Monitors

In the second quarter of 2006, Yemen had the highest infection rates of system monitors with 426 per 1,000 PCs scanned, followed by Vietnam with 356 instances. The world average was 61 system monitors per 1,000 PCs scanned.

Global System Monitors

Adware

Adware continues to be a burden to home computer users. Webroot spyware scans show a steady infection rate of 59 percent. This stable infection rate is yet another indication that home computer users aren't using the best anti-spyware tool available.

Adware
As Internet spyware becomes more sophisticated and cutthroat, computer users are paying the price.
Most anti-virus programs do not effectively detect and remove spyware.