Spyware threat escalating, expert warns

The perils are many, including programs that can capture sensitive data when an online store asks people to "confirm."

Will Sturgeon Special to CNET News.com

Nov. 10, 2005 4:00 a.m. PT

3 min read

Spyware is becoming increasingly pernicious and sophisticated, according to security experts who are warning that users are still failing to take basic steps to protect themselves against the threat.

It's a problem that should scare big businesses as they face up to the fact that important data could be leaking out of their organizations daily. And yet too many organizations are failing to properly educate or protect their employees, one expert says.

"You'd be surprised at the amount of data these things collect," said Eric Chien, a senior researcher at Symantec.

Chien said techniques such as screen capture, key logging, behavioral analysis and common word recognition are all methods employed by spyware applications to build a profile of a user. Presenting at the Virus Bulletin conference in Dublin, Ireland, Chien also detailed the ways in which spyware can get onto a machine.

"At their most basic, they will be able to find your name, your gender, your age, the amount of time you spend online, what you search for, what you buy and what Web sites you visit," he said.

Chien proved this point by showing the detailed data relayed by one piece of common spyware.

Such applications won't discriminate between personal and corporate data, though the latter tends to be of far higher value.

Chien also showed conference delegates a more advanced spyware application that is programmed to kick in when any one of hundreds of Web sites are visited and certain words encountered on the page.

Such an application, for example, was able to take and relay screenshots whenever the user was on particular retailers' Web sites where the word "confirm" appeared.

"If you're hitting 'confirm,' then what information is going to be visible on that Web page? Credit card number, name, expiry date, billing address, shipping address." Chien said.

Tracking the users
And it gets far more worrying for users. The application is also programmed to start sending screenshots whenever users are on any page of certain banks' Web sites.

Chien said users shouldn't put too much faith in perceptions of security as presented in 'https' style URLs.

"Some of these applications can read all https traffic," said Chien, though the danger exists only when accessing such sites from an infected machine.

In fact, the only way users can be protected against such threats is to ensure spyware doesn't exist on their computers.

That requires a balance of technical and educational approaches.

Companies should all have anti-spyware protection in place on all machines, but users must also realize the threat posed by activities such as installing non-essential software and clicking on pop-ups from unknown or untrustworthy sources.

According to research out today from another security vendor, Trend Micro, around a quarter of employees in the U.S. in both the small business and enterprise sector have fallen victim to spyware while at work.

In total, 87 percent of respondents said they are aware of a threat posed by spyware while 57 percent said they want more education on the threat and 40 percent believe their IT department could be doing more to protect them.

Will Sturgeon of Silicon.com reported from Dublin and London.