McAfee warns 'malware is growing up'

Malware and adware are increasingly becoming professional services that are distributed and run at a level that would rival some enterprise applications, security vendor McAfee warns in the latest edition of its Sage security report.

Dabblings in adware and spyware by legitimate advertising companies and an established, lucrative market for malware and security exploits have driven the growth of both fields, said McAfee's security research and communications director David Marcus. 

"More and more valid companies are finding out how powerful [spyware] is," said Marcus.

Once considered the sole domain of rogue underground vendors and advertising scams, spyware and adware have become an ethical gray area that lures many otherwise respected companies.

Some critics charge that adware maker Zango seems to have taken residence in the grey area between legitimate applications and clearly identifiable malware. The company last year settled a lawsuit from the FTC over illegal installations and distribution practices. Earlier this year the attorney general for New York fined Travelocity, Priceline and Cingular for advertising through adware networks.

Marcus pointed out that even Microsoft's Windows Genuine Advantage software is taking a leaf from the spyware book by recording a user's system information and reporting it back to a remote server.

"Many parts of adware are actually legitimate practices," said Marcus.

"You have legitimate online advertising companies that gather data, and a lot of them cross the line."

McAfee predicts that, as attackers start operating in a more professional manner, they will be quick to embrace emerging technologies and target them with new spyware.

RFID technology could be used for relatively innocent applications like tracking shopping patterns for consumers, but in a more threatening scenario it could allow terrorists to identify foreigners through the RFID chip that is embedded in their passports.

Bluetooth may also become an attractive target for spyware. The technology is growing in popularity and many users do not take steps to properly secure the devices.

Mobile devices are becoming targets for malware as well. Last year the first malware for Bluetooth surfaced, along with programs that hijacked smartphones and sent expensive SMS messages.

Marcus credits the quick development to an increasingly streamlined and focused malware industry. The concept of for-profit malware has been firmly entrenched for several years now, turning attention-seeking malware writers into savvy businessmen. As the industry continues to evolve, commercial malware toolkit providers are even adding support offerings, he noted.