Bogus installs expose U.K. users to malware

Security-related tatistics from security vendor Webroot suggest malware distributors are increasingly using “passing off” techniques to get their programs on to the PCs of U.K.-based users.

The idea of passing off, packaging malicious functions with what appear to be legitimate programs, is nothing new. But Webroot’s latest analysis of U.K.-based spyware, Trojans and system monitors, shows that users are now being hit with a range of sometimes self-inflicted woes as a matter of course.

The top three adware programs for October were the Comet Cursor, a browser plug-in that masquerades as a mouse pointer utility, but which also tracks IP addresses and cookies; CoolWebSearch, a Google browser redirection pest that claims to be a way to improve searching; Starware Toolbar, a pop-up blocker that displays its own ads. All would likely have been installed by users who did not understand what they were signing up for.

In the category of ‘system monitors’, the picture is much the same, with many of the top programs mentioned, 007 Spy, Nok-Nok, and Win-Spy Monitor, being programs that claim to have a legitimate purpose, that of monitoring keystrokes on a PC for the purposes of surveillance. These programs don’t necessarily pass themselves off in an inaccurate way, but are open to abuse if installed on a PC without the owner’s knowledge. Even the Trojans noted by Webroot, with Zlob and Trojan.Gen at the head of the list, will likely have found a home by packaging themselves with another apparently useful download.

The figures for October 2007 come from the company’s Phileas bot, an automatic malware tracking system that spiders for web threats in real time, and which can relate these to specific geographical areas. The figures measure threats directed against users, rather than specific reports.

“The technology behind spyware has become so far advanced, and is moving so quickly, that manual detection methods utilised by many security companies and freeware providers can’t keep up with it,” said Webroot’s CEO, Peter Watkins.

That said, the company’s October statistics suggest that most of the malware that affects U.K. users is remarkably old, in some cases years old. The Comet Cursor and Starware have been in circulation since September 2006, while the CoolWebSearch dates back to February 2004, circumstantial evidence that users are sometimes installing malware themselves in a way that circumvents security software.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now