Webroot Enlists Bots To Fight Spyware

March 8, 2008 – 3:51 PM

Anti-spyware company Webroot Software Inc. Monday announced what it claims is the industry’s first automated spyware research system. Called Phileas, the system relies on bots–computer programs that perform tasks in lieu of a person–that continually crawl the Web, looking for spyware, adware, and the sites that host such software. Webroot plans to use the information gathered by Phileas to develop anti-spyware products that can better address new threats.

Like the antivirus industry, anti-spyware companies have traditionally developed signatures to block spyware. These are created by comparing the files on spam-infested machines against those on clean machines.

“That’s very labor intensive,” explains Richard Stiennon, VP of threat research at Webroot. “The name of the game in the anti-spyware business is to somehow have as close to 100% of all spyware identified and signatures written for it as we can get. And that’s an unachievable task because the spyware writers are extremely active. They show up for work in the morning and write new versions of their spyware every day. So you have to find it as soon as it’s out in the wild.”

Automation, he contends, is the answer. He estimates that one hour of automated research equals 10 work-days of manual research. When first tested in October of last year, the company identified more than 20,000 sites that made spyware available. By February, Webroot plans to have more than 100 bots active, scouring up to 10 sites a second.

Microsoft also has included a measure of automation in its new anti-spyware product, which appeared in beta form last week. Windows AntiSpyware includes a community reporting function called SpyNet that shares information about newly discovered threats to better immunize other members of the network.

Stiennon observes that automation is a necessity, given the proliferation of spyware.

“The spyware industry is only going to grow because it’s so tremendously profitable for the spyware writers and distributors,” he says. “So we have to try to find it as quickly as we can.”

http://www.securitypipeline.com/57700512

You must be logged in to post a comment.