Spyware’s criminal tendency

Spyware first came to light in the past couple of years as a rather annoying new form of junk coming down the internet and clogging up our systems. But new research shows spyware in a more sinister light, increasingly sent with criminal and dangerous intent.

Furthermore, the code is becoming increasingly difficult to remove as its creators adopt ever-more ingenious methods to avoid detection.

A team from Aladdin Knowledge Systems spent two months examining 2,000 of the top spyware threats, and discovered that 15 per cent of them steal passwords and log keystrokes, while also attempting to steal logged-on user names, the hash of administrator passwords, instant messaging usage and email addresses. The researchers concluded that a growing amount of spyware is now specifically designed for identity theft and poses a severe threat.

Sixty per cent of the spyware was viewed as a minor threat, and was mainly used to gather commercially-useful details about consumers' browsing and shopping habits. A further 25 per cent was deemed to pose a moderate threat by gathering full technical details of infected machines – including what security applications were running. The final 15 per cent had clear criminal purposes.

Colin Thompson, VP enterprise solutions at Aladdin, said most companies have still not realised that this personal information can help thieves to hoodwink helpdesk staff into resetting passwords of unsuspecting users. Armed with the personal details, the thieves phone the company's helpdesk and impersonate a user to get a new password.

"Some companies are so vast that this is a very easy thing to do," said Thompson.

Other experts said spyware is concentrating more on corporate data, as it is more valuable and the only way to combat this threat was to have several layers of protection.

"Simple checks and techniques can be applied to the network to stop most spyware coming through," said Andy McKewan, security consultant at Panda Software.

"Also, you need to consider blocking ActiveX controls and suspicious websites. IE can block this stuff, but people very rarely configure this to do so. Or you can use another browser, such as Firefox," said McKewan.