ba-zoo-ra

"So I think it's fair to say," he continued, "that the vast majority in a typical month of clicking will end up on a Web site that potentially exposes them to spyware."

Wandering Into Dark Alley

The quiz at the site, which has been available since March, presents users with pairs of Web pages from locations on the Net and asks them to choose which is a safe site and which is not. A second part of the test asks users to make similar distinctions among several file-sharing sites.

Keats admitted that he was a bit disconcerted by the study's findings.

"Given the amount of coverage the media has given spyware, we were surprised by the number of people who got multiple answers wrong," he said.

"Folks are overestimating their ability to spot spyware," he maintained. "The bad guys have gotten good at making their sites look very professional, very slick, and it's becoming even harder to know when you're wandering into a dark alley."

Black Chips Exploit Blue Chips

One way malefactors disguise their intentions is by exploiting the brands of companies with blue-chip reputations.

Researchers observed that quiz takers did particularly poor on the comparison of two lyrics sites. "One possible reason," they deduced, "the unsafe site had advertising from well-known brands like Circuit City (NYSE: CC) and Monster.com that may have served to legitimize it."

Keats contended that "almost certainly" these companies don't know how their brands are being abused. He explained that a company will hire an ad agency that acts with its interactive division that hires an online media buyer that works with an affiliate network that works with another ad network and so on.

"They're so many steps removed from the actual placement decision that, realistically, headquarters at any Fortune 500 company probably doesn't know where their brand is appearing," he said.

Massive Project

"A lot of companies don't know you can get spyware by going on a lyrics site," he added. "They think you're only searching for text.

"Because of the way SiteAdvisor does its Web crawl, we can find that stuff out so we can tell people here's a site that you didn't think had spyware, but it really does," he noted.

SiteAdvisor is a massive project mounted by McAfee to analyze and test the behavior of all Web sites on the Internet on an ongoing basis.

The results of that testing can be accessed by consumers by installing a browser plug-in from the SiteAdvisor site.

The plug-in appears as a button on a browser's status line. When a user enters a Web site, the button will change color -- green for a safe site, yellow for proceed with caution and red for a malware site.

A detailed analysis of the site can be viewed by clicking a menu arrow beside the button.

System Level Infection

If detecting a spyware site is hard without the aid of a tool like SiteAdvisor, identifying spyware once it reaches a computer can be even harder, according to Patrick Hinojosa, chief technology officer for Panda Software, a security technologies, products and services company in Glendale, Calif.

He cited instances of spyware masquerading as legitimate system-level files, such as the registering itself as a Layered Systems Provider (LSP) in Windows, to avoid detection.

"Even most power users are not going to know how to inspect the LSP layer and know what should or should not be there," he told TechNewsWorld. "And even if they found something they weren't sure about and they yanked it, it could totally kill their Internet connection indefinitely until they rebuild that stack."