Survey charts spyware’s rise

19 Apr 2004

On average more than 27 pieces of spyware exist on PCs connected to the internet, a new survey claims. The US internet service provider Earthlink found close to 30 million pieces of spyware from a scan of more than one million PCs using the SpyAudit detection program developed by Webroot.

Spyware is a small piece of software code that is hidden on a user’s machine and monitors their actions when online. The program then sends this information, unknown to the user, to another third party or company. Separate research from the Aberdeen Group last year found more than 7,000 discrete spyware applications in existence.

The survey, which was conducted over the first quarter of the year, showed an average of 27.8 cases of spyware per scanned PC. Spyware can arrive on systems by a few different routes: bundled with free software or shareware, through email or instant message, or by someone with access to a user’s computer. Once on a hard drive, it begins reporting the next time the user goes online.

Unlike most software applications, spyware is difficult to detect and can be difficult to remove. Conventional virus scanners do not pick up its presence on a host PC because strictly speaking, such a program is not technically a virus. For similar reasons, software patches can do nothing to eradicate spyware.

Using the SpyAudit detection program developed by US firm Webroot, Earthlink found 5,344,355 installations of adware and 23,826,785 cases of adware cookies. These are the two most common types of spyware, according to Earthlink. Adware is any software application in which advertising banners are displayed while the program is running. It sends data back to a third party without permission. Adware cookies allow a website or software to record a user’s browsing habits without their knowledge or consent.

More disturbingly, the scan also uncovered several cases of system monitor and trojan installations – 184,559 and 184,919 respectively. System monitors keep track of a user’s computer activity and can record virtually everything a user does online. One example of this is a keystroke logger that records every keyboard command.

Trojans are applications that may appear harmless, but allow hackers to gain unrestricted access to computers while users are connected to the internet.

Commenting on the findings, Matt Cobb, EarthLink’s vice president of core applications said: “While most spyware is Adware-related and relatively benign, it’s disturbing that over 300,000 of the more serious System Monitors and Trojans were uncovered. This figure represents how real a threat identity theft or system corruption is for users.”

Hugh Marron, business development director with the Dublin security consultancy IP Options, said that spyware was mainly, but not exclusively, an issue for home users. “In a corporate organisation, their perimeter system would detect anything coming down, although that’s not to say that spyware doesn’t exist in a business environment.” He added that some antivirus software providers are starting to integrate spyware checker features into their programs.

By Gordon Smith