News

Spyware threats skyrocket for enterprises

• By Jason Turcotte
• June 14, 2006

An Aladdin Knowledge Systems study released this week shows spyware is the fastest-growing threat to enterprises, increasing more rapidly than Trojans, viruses and other risks. And experts believe spyware will stick around.

“It’s not a safe world out there anymore,” says Andrew Jaquith, senior analyst in security solutions and services, The Yankee Group. “Spyware is a durable trend and it’s here to stay.”

The study spearheaded by Aladdin’s Content Security Response Team shows a 213 percent jump in spyware threats, climbing from 1,083 in 2004 to 3,389 in 2005. The number of malicious threats deemed Trojans grew 142 percent, and the industry saw a 56 percent jump in viruses and other threats.

Jaquith said spyware’s stronghold shouldn’t come as a surprise but experts failed to predict just how lucrative it would become. He estimates that for every program claiming to clean up spyware, three or four lie about doing so.

Last March the governor of Utah signed the Spyware Control Act, which bans the installation of the software without the user’s consent. A similar law took effect in California, subjecting violators to $1,000 fines. But few have been reprimanded and, until more states consider regulation, the threats will continue.

“I think it’s important to step back and find out why we have a spyware problem,” Jaquith says. “There haven’t been any guardrails on running applications, essentially.”

Swift-moving spyware has the ability to intercept or control a computer’s operation, without consent from its end user. These malicious threats often engender computer crimes and fraud. And according to a 2005 Aladdin study, 15 percent of spyware threats steal passwords and log keystrokes while attempting to gain access to passwords, user names, e-mail addresses and instant messaging use.

Jaquith says spyware’s success, in part, can be attributed to its widespread targets, affecting every day people – small business owners, enterprises, and even your grandmother.

“Spyware isn’t something that happens to bad people who view porn on their lunch break,” Jaquith said.

And which are the most common threats? Rogue antispyware apps, such as SpyDeleter, SpySpotter and Spyware Cleaner, falsely claim to clean and repair files infected by spyware. A hybrid threat known as Gokar.w infects systems through mail and information theft, and has the capability to send out spam. Gokar.w. infection occurs when an end user browses certain Web pages.

A common image file format known as Windows Meta Files (WMF) is particularly vulnerable to spyware. Last December, it was discovered that a large pool of WMF files had automated the spyware installation process after end users viewed an image on a Web page or through an e-mail.

Though the spyware situation may look bleak, Jaquith says steps can be taken to help parry an attack. Those who invest the most in security are often the most prepared. He says enterprises in the aerospace, defense, investment banking and healthcare industries are better prepared than other sectors.

He suggests using alternate browsers, which, because of less usage, are less vulnerable than Explorer. Enterprises should also supplement antivirus coverage with antispyware tools, implementing more than basic signatures. And companies should lock user paths to prevent administrative rights on employee computers.

According to Aladdin’s report, 2005 yielded a total of 16,623 new pieces of malicious code or an increase of 90 percent from 2004. But the study does offer a silver lining: “although the total numbers have increased, 2005 was characterized by fewer large-scale virus and worm outbreaks than seen in previous years.”