The research sampled more than 20 million internet addresses, looking for the programs that covertly enter the computers of unwitting web surfers to perform tasks ranging from spamming advertising products to gathering personal information, redirecting web browsers or even using a victim's modem to call expensive toll numbers.
The academics examined sites in a set of popular web categories, such as game sites, news sites and celebrity-oriented sites. Within these, they found that more than one in 20 executable files contained piggybacked spyware. In addition on average, one in 62 internet domains were found to perform drive-by download attacks – a method for forcing spyware on users who simply visit a web site.
Game and celebrity websites appeared to pose the greatest risk for piggybacked spyware, while sites that offer pirated software topped the list for drive-by attacks. The density of spyware seemed to drop from spring to fall of last year, but remained "substantial."
"For unsuspecting users, spyware has become the most 'popular' download on the internet," said Hank Levy, professor and holder of the Wissner/Slivka chair in UW's Computer Science & Engineering department and one of the study's authors.
"We wanted to look at it from an internet-wide perspective – what proportion of websites out there are trying to infect people? If our numbers are even close to representative for web areas frequented by users, then the spyware threat is extensive."
The report warned that the consequences of a spyware infection "run the gamut from annoying to catastrophic." On the annoying end, where most spyware falls, the stealthy programs can inundate a victim with pop-up advertisements. More malicious programs steal passwords and financial information. In a worst-case scenario, spyware could render a victim's computer useless.
In conducting the study, the UW researchers – Levy, associate professor Steven Gribble and graduate students Alexander Moshchuk and Tanya Bragin – used a web crawler to scour the internet, visiting sites to look for executable files with piggybacked spyware. The team conducted two searches, one in May and the other in October, examining more than 20 million web address. They also did additional "crawls" of 45,000 web addresses in eight subject categories, looking for drive-by download attacks.
In the first two crawls, the researchers found that approximately one in 20 executable files contained piggybacked spyware. While most of those were relatively benign "adware" programs, about 14 percent of the spyware contained potentially malicious functions.
In terms of drive-by download attacks, the researchers found a 93-percent reduction between May and October – a finding they say may in part be attributed to the wider adoption of anti-spyware tools, automated patch programs such as Windows Update and the recent spate of civil lawsuits brought against spyware distributors.
Despite that drop, the public should still be vigilant, they said. "Plenty of software on the web contains spyware, and many websites are infectious," Gribble said. "If your computer is unprotected, you're quite likely to encounter it."