Study Notes Decline in Internet Spyware

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

News from: World

» Topic: Study Notes Decline in Internet Spyware

» Added by: LiveScience Staff

» Date: 6.2.2006

A new study details the extent and seriousness of potentially destructive spyware on the Internet, finding that it is still prevalent but declined significantly.

University of Washington computer scientists sampled more than 20 million Internet sites looking for programs that can covertly enter computers. While most spyware can be a nuisance—generating pop-ups, loading unwanted programs—it can also perform such malicious tasks as gathering personal data or using your modem to dial costly toll numbers.

The study examined popular categories of Web sites including games, news and celebrity sites. Among the findings:

* More 5 percent of executable files contain piggybacked spyware.
* One in 62 Internet domains performs "drive-by download attacks" to force spyware on users who simply visit the site.
* Game and celebrity Web sites appeared to pose the greatest risk for piggybacked spyware, while sites that offer pirated software topped the list for drive-by attacks.

"For unsuspecting users, spyware has become the most 'popular' download on the Internet," said Hank Levy at the university's Department of Computer Science & Engineering.

There is some good news:

The study employed a Web crawler to visit sites and look for spyware. It made two crawls, in May and October last year, and noted a 93 percent reduction in drive-by download attacks. That may be because more people are using anti-spyware tools and employing automated patch programs such as Windows Update. Also, civil lawsuits have been brought against spyware distributors.

Most spyware is relatively benign but can inundate a victim with pop-up advertisements. More malicious programs steal passwords and financial information. In a worst-case scenario, spyware can render a computer useless.

"You should download software only from reputable sources," said University of Washington associate professor Steven Gribble. "And it's a good idea to avoid the more shady areas of the Web."

The research is being presented today at the 13th Annual Network and Distributed System Security Symposium in San Diego.

Source: http://www.livescience.com

	Alert
BSD libc (strfmon) Multiple vulnerabilities - 2008-03-25 Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected BSD systems.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

» PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

» PHP 5.2.5 and prior : *printf() functions Integer Overflow

» PHP 5.2.5 cURL safe_mode bypass