Secret spyware now bugs business users, report finds

14 Oct 2004

Spyware is now an increasing threat to business users and is no longer simply a nuisance suffered by consumers, a new white paper from Sophos has said. The ability of such programs to steal confidential information marks them out as a risk for corporates.

The UK security house has defined spyware as software that secretly transfers information to a third party without a user’s consent or knowledge, having gathered that data covertly from the user’s PC. It can infiltrate a computer either as a virus or as a Trojan hidden within another program.

According to the IT analyst firm IDC, many businesses in the US now class spyware as the fourth highest security threat, behind viruses, worms and employee error. It rated higher than other security risks including spam, hacking and cyber terrorism.

“The fact that spyware can become installed and active on a computer or network without the user’s permission or knowledge makes it a particular threat to businesses, since it can cause harm in a variety of ways if left undetected,” Sophos said. The security software company outlined four distinct ways in which spyware can be a threat: data theft, computer vulnerability, zombie attack and network damage.

A system monitor is a type of spyware that can steal important or confidential information by running in the background, recording what is typed into a keyboard and sending the information to another location. This kind of program can steal financial data, spreadsheets, personnel records, bank account numbers, passwords or any other information typed into the affected computer, said Sophos.

Secondly, Spyware can also download other malicious programs or leave computers vulnerable to hackers. Back-door Trojans can allow hackers unrestricted access to a computer system when it is online and are a particular risk for computers with broadband internet access. These Trojans can allow hackers to take control of a computer in a variety of ways, such as deleting project plans, altering stock records, downloading porn or controlling the user’s mouse and keyboard. “For the IT administrator this kind of attack is potentially worse than a virus, since viruses are at least limited by the set commands in their code and will behave predictably,” said Sophos. “Humans, who have assumed control of a computer system, can react to the information they find and change tactics accordingly, making the threat unpredictable.”

The third element of the spyware threat is its use by spammers; with it, they can hijack a PC and turn it into a ‘zombie’ – a compromised machine such as computer or web server could then become a relay, sending out emails for spammers and making the message appear to be from a legitimate sender. Spyware can also gather email addresses or take information and use it to customise spam emails thereby increasing response rates. Sophos estimates that up to two fifths of spam is being sent from zombie computers.

Network performance can also suffer as a result of a spyware attack, as the software places extra demands on the system. The implications for business could be disruption and decreased productivity while the software remains undetected, in addition to extra time and resources spent on finding and clearing up the problem.

Spyware can become installed on a PC in several ways; by a virus or when a user clicks on a web link or opens an attachment in an email. Most spyware requires some user action to install it on a computer, such as downloading an ostensibly useful or desirable piece of software such as a peer-to-peer file-sharing program that may carry spyware hidden within it.

As a way of preventing the spread of spyware, Sophos recommends that businesses educate their users about the dangers of opening attachments or downloading software from unfamiliar sources. Organisations can also use security software at both the gateway and desktop as a way to protect against spyware.

By Gordon Smith