How Much Spyware is Really on the Internet?

In a recent study from the University of Washington, they tried to examine exactly how much spyware is on the internet, a large undertaking involving the scanning of over 18 million urls.

Using a crawler, we performed a large-scale, longitudinal study of the Web, sampling both executables and conventional Web pages for malicious objects. Our results show the extent of spyware content. For example, in a May 2005 crawl of 18 million URLs, we found spyware in 13.4% of the 21,200 executables we identified. At the same time, we found scripted ?drive-by download? attacks in 5.9% of the Web pages we processed. Our analysis quantifies the density of spyware, the types of threats, and the most dangerous Web zones in which spyware is likely to be encountered. We also show the frequency with which specific spyware programs were found in the content we crawled. Finally, we measured changes in the density of spyware over time; e.g., our October 2005 crawl saw a substantial reduction in the presence of drive-by download attacks, compared with those we detected in May.1 In the span of just a few years, spyware has become the Internet?s most ?popular? download. A recent scan performed by AOL/NCSA of 329 customers? they found that 80% were infected with spyware programs. More shocking, each infected computer contained an average of 93 spyware components.

This is not really surprising, in the study they mention they only used Lavasoft Adaware to scan their “virtual machines”, and Adaware and some of the other anti-spyware programs include cookies, so they always show some spyware showing up, even though cookies are harmless, although they can gather information.

Their results:

May 2005 18,237,103 URL’s, 2,773 Domains, 21,200 Executables Found, 529 (19.1%) Domains with Executables, 2,834 (13.4%) Infected Executables, 106 (3.8%) Infected domains, 82 Unique Spyware Programs Found.

October 2005 21,855,363 URL’s, 2,532 Domains Found, 23,694 Executables Found, 497 (19.6%) Domains with Executables, 1,294 (5.5%) Infected Executables, 111 (4.4%) Infected domains, 89 Unique Spyware Programs Found.

Overall, we found that as of October 2005, approximately 1 in 20 of the executable files we crawled contained spyware, an indication of the extent of the spyware problem on the internet.

Here is the top ten list of spyware laden sites in their study:

Results from the May 2005 scan:

observedscenicreflections.com 1,776 WhenU 364
screensaver.com 191 180Solutions 236
celebrity-wallpaper.com 136 EzuLa 214
screensavershot.com 118 Marketscore 143
download.com 116 BroadCastPC 67
gamehouse.com 111 Claria 44
galttech.com 38 VX2 41
appzplanet.com 37 Favoriteman 36
megspace.com 36 Ebates MoneyMaker 31
download-game.com 30 NavExcel 24

Results from the October 2005 scan:

observedscenicreflections.com 503 WhenU 340
gamehouse.com 64 Marketscore 47
screensavershot.com 137 Claria 41
screensaver.com 107 BroadCastPC 37
hidownload.com 50 Aurora 36
games.aol.com 30 FOne 35
appzplanet.com 27 Zango 34
dailymp3.com 27 EzuLa 33
free-games.to 27 Web3000 32
galttech.com 23 180Solutions 25

Note that the top 10 spyware program lists exclude data from the outlier sitescenicreflections.com, which contained 1,776 instances of ?Tur-boDownload? and 1,354 of ?WhenU? in the May crawl.

Remember people, their is no such thing as FREE on the internet, if you observe the list above, obviously if you are downloading screensavers, games and other programs that don’t cost you any money, you will end up paying for them with a slower computer, more popups and tons more spyware. Even a site like download.com has plenty of executables containing spyware, as this is the only way some of these “programs” can make any money. Also, you are practically guaranteed spyware if you go looking for “FREE” copies of programs you know you should be paying for. Check out the whole study in this pdf.

ZDNet add’s:

According to the PDF, adult sites was one of the categories. The other categories were entertainment sites, celebrity, games, kids’ sites, music sites, online news, warez/piracy, screensaver/wallpaper and CNET’s download.com. It’s no surprise to me that warez/piracy sites ranked the highest in downloading spyware. In my tests of such sites, just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.