Home » Data Protection » Malware/Cybercrime

Spyware: Scumware Out There

Security vendors big and small are in an arms race to root out spyware and other malicious code, but so far they're all losing.

It gets worse. Skoudis laments the rise of what he calls the "bot-worm vicious cycle." Bots are semiautonomous programs that, once installed on a computer, can act on a behalf of a hacker. When bots consort with worms—programs that spread automatically—the results can be disastrous. We saw this with outbreaks like Bagel, Netsky and Sasser, all worm bots that contained keystroke loggers.

"You see how it all feeds together?" Skoudis says. "Worms spread bots, bots spread worms, and most of them carry spyware now. It's awful when a virus crashes your computer, but now we've got something that doesn't want to break your computer at all. It wants your computer to keep humming along while it spies on you."

Just uninstall? Forget about it. This type of software generally doesn't have an uninstall feature, and it's designed to hide from the uninstall function in the operating system. Some programs can seem to be deleted, but a small part of them remains. The next time the computer is online, the program surreptitiously reinvents itself. Others have multiple programs that watch one another's backs. The software I had appeared as two programs in the Windows Task Manager. I deleted one and another instantly appeared. Its anonymous creator strove for immortality.

"Spyware can be multiple programs watching each other to see if it gets deleted," Meta's Firstbrook says. "It's almost impossible to kill it." The user has to delete files in the right order and also edit the registry—a task for only the most sophisticated users.

Why aren't antivirus programs catching this malware? Killing insidious code, after all, is what they do best. Historically, however, antivirus companies have obliterated code that no one wants, ever. When it comes to spyware, observers say, they just haven't perceived it as a severe enough threat to respond quickly or effectively. "It hasn't been on their radar," Jarocki says. The reasons why are as complicated as the spyware itself.Vendor Arms RaceVincent Gullotto never thought he would be reading EULAs as part of his job. "Viruses don't come with EULAs," says Gullotto, vice president of McAfee's Anti-virus and Vulnerability Emergency Response Team. "If a program does something and tells you all along exactly what it's doing, from our perspective, it's not malicious. It's a program. Frankly, this is a quagmire for any organization to have to get into."

The distinction between software that's always considered bad and software that is sometimes considered bad is crucial. McAfee has dubbed spyware as "potentially unwanted programs," or PUPs—the importance here on the first "P." Potentially. That's because the company ran into legal problems when a version of its antivirus software classified a piece of adware as a virus and zapped it. An adware vendor argued that McAfee was taking away legitimate business.