Yesterday, Technology Review, one of the oldest technology magazines in the world, published an interesting article “Spying on Spyware” presenting new facts on parasites. According to this good read and the latest “State of Spyware” quarterly report released by Webroot Software, the reputable anti-spyware company, virus authors and infamous spyware makers consolidate efforts on creating new rapidly spreading and hard to get rid of spyware parasites based on advanced viral technologies. And this is not the distant future. Many complex spyware threats have appeared during last few months. Some of them already became infamous: just look back on numerous EliteBar, VirtuMundo and Look2Me infections.
The use of rootkits becomes a new trend for evil spyware makers. They use rootkits to conceal running processes, registry keys, files and folders, i.e. everything related to certain parasites. Not only the affected users cannot find and simply see such objects, but also neither operating system nor even security-related tools including most old-line antiviruses and anti-spyware programs are able to detect and remove parasites cloaked by rootkits. Furthermore, some rootkits know when they are being scanned and therefore may avoid detection by even the most advanced antivirus tools.
Another new trend is a development of polymorphic spyware parasites similar to those hardly detectable viruses. Such pests do not install files with hard coded names and never run the same processes, but instead drop files with completely random, not recurring names. This technique makes common antivirus and anti-spyware software relying on regular parasite definitions database obsolete: such tools have no appropriate signatures and therefore fail to recognize recent parasites. Moreover, it also complicates the analysis of suspicious files, as the user often cannot find an instance of a filename on the Internet and therefore is not sure whether a file is malicious or not.
And that is not all. Spyware vendors thanks to contributory virus makers began to distribute parasites through various security vulnerabilities including so-called “zero-day bugs” – flaws unknown to the software vendors until the day of the exploitation.
We have to admit that the war against spyware is far from being over and today spyware makers seem to have few advantages over the rivals, i.e. us – regular users and security experts. However, sometimes both users and security-related software vendors themselves are those who help to spread parasites. Users often underestimate how weak their protection is, and antivirus developers refuse to realize threats posed by spyware.