We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Webroot warns of new UK malware tactics

Increase in the use of 'passing off' ploys

Webroot says malware distributors are increasingly using "passing off" techniques to get their programs on to UK PCs.

Passing off involves packaging malicious functions with what appear to be legitimate programs. Webroot said that while the concept is nothing new, its latest analysis of UK-based spyware, Trojans and system monitors, shows that users are now being hit with a range of sometimes self-inflicted woes as a matter of course.

The top three adware programs for October were the Comet Cursor, a browser plug-in that masquerades as a mouse pointer utility, but which also tracks IP addresses and cookies; CoolWebSearch, a Google browser redirection pest that claims to be a way to improve searching; Starware Toolbar, a pop-up blocker that displays its own ads. All would likely have been installed by users who did not understand what they were signing up for.

In the category of 'system monitors', the picture is much the same, with many of the top programs mentioned, 007 Spy, Nok-Nok, and Win-Spy Monitor, being programs that claim to have a legitimate purpose, that of monitoring keystrokes on a PC for the purposes of surveillance. These programs don't necessarily pass themselves off in an inaccurate way, but are open to abuse if installed on a PC without the owner's knowledge.

Even the Trojans noted by Webroot, with Zlob and Trojan.Gen at the head of the list, will likely have found a home by packaging themselves with another apparently useful download.

The figures for October 2007 come from the company's Phileas bot, an automatic malware tracking system that spiders for web threats in real time, and which can relate these to specific geographical areas. The figures measure threats directed against users, rather than specific reports.

"The technology behind spyware has become so far advanced, and is moving so quickly, that manual detection methods utilised by many security companies and freeware providers can't keep up with it," said Webroot's CEO, Peter Watkins.

That said, the company's October statistics suggest that most of the malware that affects UK users is remarkably old, in some cases years old. The Comet Cursor and Starware have been in circulation since September 2006, while the CoolWebSearch dates back to February 2004, circumstantial evidence that users are sometimes installing malware themselves in a way that circumvents security software.

For more PC security news, reviews and tutorials, see Security Advisor


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model