Bugged by Spyware?
by Frank Coggrave - UK Regional Director, Websense - Thursday, 30 October 2003.
Do you know what your company's computers are doing right now? Sure, they're being used to run your business. But what else are they up to behind your back? Are there any other programs running silently in the background, monitoring employee activity and sending confidential information about your company back to other organisations? Unbelievable though it may sound, there's a pretty good chance that this is indeed the case in your company.

According to a recent survey conducted by UK-based security consultancy PanSec, more than 90% of all company PCs are infected with so-called "spyware". This is the term given to software that gets installed without the user's permission and which covertly gathers and transmits data about the usage of the machine.

A report by IT market analysts The Aberdeen Group claims that there are more than 7,000 spyware programs in existence right now, running on millions of corporate and personal computers.

No computer that's linked to the Internet is immune. A spyware program isn't technically a virus so most antivirus scanners don't attempt to stop it. And spyware doesn't exploit bugs in Windows, so installing all the latest Microsoft security patches can't prevent it either.

Spyware gets into a PC by being bundled with legitimate products. If you download and install any of the best-known file sharing applications, for example, you have no choice but to accept the spyware that it also installs and through which the free services are often funded.

Once installed, spyware starts monitoring the way that the computer is used and feeding back the information to the Website operators who sponsored the program's distribution. The site operators want to understand precisely how a visitor travels through their site, and which menu options he or she clicks on. They want to know which other sites are visited, for how long, at what time of day, and which types of adverts get clicked. They want to know which applications are installed on the victim's computer, and where he or she is based (which can be gathered from the user's email address or the phone number programmed into the modem).

The spyware distributors then use all this information to present your staff with adverts for products that they hope you're most likely to buy. And the database of usage statistics also gets sold to other marketing companies and spammers.

But does spyware really matter? What does it matter if everyone knows the intimate details of your staff's surfing or shopping habits? Not only is it an invasion of privacy, it can also be a security risk. Do you really want a collection of large marketing organisations to know everything your employees use the Internet for? For example, if staff are researching new products or sending emails to potential clients, is it really acceptable for details of such activity to be disclosed to all and sundry?

Poorly written spyware programs can, and often do, cause PC crashes and network slowdowns. Sending all this data back to the database also takes time and consumes network bandwidth, thus slowing down your Web surfing and emailing (and costing you money, if you're paying for network bandwidth according to total or peak usage).

And some spyware is particularly malicious. For example a web site called Lover Spy will, for $89, send email to 5 of your current or former partners inviting them to click on a Web page to read an online message about how much you still miss them. When the recipient installs the free program necessary to display the card, it also plants spyware which records all their keystrokes and passwords and emails them to you. It even installs a remote control application allowing you full access to their computer via the Internet.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th