How Much Spyware is Really on the Internet?

In a recent study from the University of Washington, they tried to examine exactly how much spyware is on the internet, a large undertaking involving the scanning of over 18 million urls.

Using a crawler, we performed a large-scale, longitudinal study of the Web, sampling both executables and conventional Web pages for malicious objects. Our results show the extent of spyware content. For example, in a May 2005 crawl of 18 million URLs, we found spyware in 13.4% of the 21,200 executables we identified. At the same time, we found scripted ?drive-by download? attacks in 5.9% of the Web pages we processed. Our analysis quantifies the density of spyware, the types of threats, and the most dangerous Web zones in which spyware is likely to be encountered. We also show the frequency with which specific spyware programs were found in the content we crawled. Finally, we measured changes in the density of spyware over time; e.g., our October 2005 crawl saw a substantial reduction in the presence of drive-by download attacks, compared with those we detected in May.1 In the span of just a few years, spyware has become the Internet?s most ?popular? download. A recent scan performed by AOL/NCSA of 329 customers? they found that 80% were infected with spyware programs. More shocking, each infected computer contained an average of 93 spyware components.

This is not really surprising, in the study they mention they only used Lavasoft Adaware to scan their “virtual machines”, and Adaware and some of the other anti-spyware programs include cookies, so they always show some spyware showing up, even though cookies are harmless, although they can gather information.

Their results:

May 2005 18,237,103 URL’s, 2,773 Domains, 21,200 Executables Found, 529 (19.1%) Domains with Executables, 2,834 (13.4%) Infected Executables, 106 (3.8%) Infected domains, 82 Unique Spyware Programs Found.

October 2005 21,855,363 URL’s, 2,532 Domains Found, 23,694 Executables Found, 497 (19.6%) Domains with Executables, 1,294 (5.5%) Infected Executables, 111 (4.4%) Infected domains, 89 Unique Spyware Programs Found.

Overall, we found that as of October 2005, approximately 1 in 20 of the executable files we crawled contained spyware, an indication of the extent of the spyware problem on the internet.

Here is the top ten list of spyware laden sites in their study:

Results from the May 2005 scan: 1,776 WhenU 364 191 180Solutions 236 136 EzuLa 214 118 Marketscore 143 116 BroadCastPC 67 111 Claria 44 38 VX2 41 37 Favoriteman 36 36 Ebates MoneyMaker 31 30 NavExcel 24

Results from the October 2005 scan: 503 WhenU 340 64 Marketscore 47 137 Claria 41 107 BroadCastPC 37 50 Aurora 36 30 FOne 35 27 Zango 34 27 EzuLa 33 27 Web3000 32 23 180Solutions 25

Note that the top 10 spyware program lists exclude data from the outlier, which contained 1,776 instances of ?Tur-boDownload? and 1,354 of ?WhenU? in the May crawl.

Remember people, their is no such thing as FREE on the internet, if you observe the list above, obviously if you are downloading screensavers, games and other programs that don’t cost you any money, you will end up paying for them with a slower computer, more popups and tons more spyware. Even a site like has plenty of executables containing spyware, as this is the only way some of these “programs” can make any money. Also, you are practically guaranteed spyware if you go looking for “FREE” copies of programs you know you should be paying for. Check out the whole study in this pdf.

ZDNet add’s:

According to the PDF, adult sites was one of the categories. The other categories were entertainment sites, celebrity, games, kids’ sites, music sites, online news, warez/piracy, screensaver/wallpaper and CNET’s It’s no surprise to me that warez/piracy sites ranked the highest in downloading spyware. In my tests of such sites, just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.