What mutating spyware reveals about the future of security

Computerworld - According to a July report from the Pew Internet & Americal Life Project, more than 90% of Internet users have changed their online behavior to avoid spyware. That is a remarkably high level of awareness, considering the relative newness of the spyware threat.
The study generally reports on consumer behavior, but as you know, spyware is hardly a stranger to the enterprise. And while it's getting increasing attention from IT managers, it deserves another, closer look. Current developments in spyware engineering foreshadow dangerous challenges for enterprise security. Here's why.
Spyware is literally evolving -- mutating in the wild to avoid detection. This is an ominous trend, and it's getting worse: Cases of mutating spyware have more than doubled since the start of the year. And this is true mutation, unlike simple polymorphism. Impressive though it may sound, a polymorphic threat simply has multiple strains or chooses its name or location at install time, normally from a preset list. Most "mutating" malware in recent years has used these primitive techniques, which even basic signature-based solutions could handle with simple heuristics.
Most of the antispyware products in the field are catching only these weak strains. And though Darwin might have protested invoking natural selection for digital creations, the fittest spyware mutations don't merely survive -- they thrive. With no "predators" to stop them, the mutated spyware often finds an inviting home in the unsuspecting enterprise. This is despite the legions of IT managers who have deployed traditional antispyware products. Unfortunately, these traditional solutions don't work against true mutation, and the IT managers are lulled into a false sense of security. With their guard down, the IT managers prove the old adage that a false sense of security is worse than no security at all.
Why has spyware become such a significant threat so quickly? Money, of course. The riches to be made using many of today's threats -- spyware, spam, even viruses now -- attract serious talent. Indeed, the dirty little secret of the security industry is that the top bad guys are just as smart as the security vendors. Ironically, they share tools and techniques better than most security vendors. And they use the same best practices.

For example, the spyware known as CoolWebSearch is a notorious browser hijacker. There are dozens of variants, some of which actually employ the same auto-update strategy as security products. Auto-updating played a major role in helping the stronger strains stay one step ahead of antispyware products for months. Vendors have been forced to release