Visit ServerWatch for summaries of server and development tool updates, the latest on server news and trends, and more.

Rethinking the Datacenter Sponsored by HP Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »     Putting the Green into IT Sponsored by HP Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »     Managing the Modern Network Sponsored by HP In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »     Evaluating Software as a Service for Your Business Sponsored by Webroot Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »     Is Your Disaster Recovery Plan Good Enough? Sponsored by HP Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »

Related Articles •Robbing the (Data) Bank •Survey: Workers Say It's Easy to Steal Data •Report: Insiders Wreaking Havoc on Corporate Security •Identity Theft Losses Expected to Hit $2 Trillion by 2005 •Time to Get Tough About Email Security

eSecurity Glossary biometrics encryption keylogger malware phishing RFID security spyware virus worm Search for more eSecurity terms ...

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Nothing is Secret with Spyware Lurking in PCs
June 26, 2003
By Sharon Gaudin

A company CFO sits alone in his office writing up a counter-offer for an acquisition he's trying to push through. Down the hall, a clerk in accounting goes onto the company intranet to check a few problematic direct deposit accounts. And a few floors below, a software engineer adds a few more lines of code to a new piece of software.

They all think they're alone. A security guard stands in the lobby. They all used ID badges to get into the building that morning. Their office doors are closed.

But they're not alone. Not really.

They're every keystroke is being tracked. Every open application is being viewed. Every password copied and stored.

Like many corporate employees, they're being plagued by spyware. And they're not even aware that the problem is out there.

Spyware bots are generally defined as software modules that are surreptitiously deposited on PCs. Much like a Trojan, the spyware allows unauthorized people to monitor Web surfing behavior, giving them information about what Web sites the user visits, what they view, and what they buy. Spyware also can track keystrokes, steal passwords, 'listen in' on instant messaging conversation, and spy on open applications. Some spyware even allows unauthorized users to take control of the PC.

''My bets are that every single PC in the world is infected,'' says Jim Hurley, vice president and managing director of security and privacy practice at the Aberdeen Group, a Boston-based analyst firm. ''It's embedded so deep in the software that most people never know it exists... There's nothing in the average environment to stop this stuff right now. People don't know it exists so they don't even know they're at risk.''

Some spyware is embedded in software -- mostly freeware -- downloaded from the Web. Other spyware bots can be installed directly on a corporate PC -- say, by a disgruntled employee looking to sell information, or a contractor working for a competitor.

And it's a hidden problem that is escalating in size.

Hurley says Aberdeen has been tracking spyware since 1999. Back then, there were probably five or 10 spyware bots. In January or Februrary of this year, they counted 5,800. Today, he says they've logged more than 7,000.

''We've dealt with several companies and some of them have figured that they've had losses in the millions,'' says Grey McKenzie, founder of Panama City, Fla.-based SpyCop Inc., a company with both freeware and commercial software to detect and delete spyware. ''One company found that employees put spyware on the system and used intelligence to make bids against them. They were always losing contracts and didn't understand why. You can't even imagine the damage that can be done. It's insidious.''

Firewalls and and anti-virus software, which IT managers use to keep worms and viruses at bay, do not catch spyware. Special spyware detection software needs to be used. SpyCop, Zone Labs, Inc., and PestPatrol Inc., are players in the market.

Analysts note the relationship between spyware and adware, which are definitely akin to each other. Adware, generally downloaded in freeware, software upgrades and even electronic cards, gets into a system and then monitors search terms, buying and surfing habits, and even shoots pop-up ads onto the screen.

Both forms are considered intrusive and problematic, though neither are illegal.

''You don't know what's going on but all of a sudden there's all this information about you going to a central server that analyzes you and learns about you,'' says Dan Woolley, a vice president at SilentRunner, a network security company. ''Once the information is harvested, it's very valuable and can easily be sold. It's dangerous technology.''

Woolley says spyware can steal a great deal of personal information, but it's dangerous from a corporate perspective, as well. Critical data could be flying out the door without anyone knowing about it.

''If a company was not being judicious about what they were doing, someone could glean quite a bit of information off of them,'' adds Woolley. ''Would you let a stranger come into your office and watch you and all your people? You wouldn't let them sit there and take notes about your business add day long, would you?''

Tools:

Add www.esecurityplanet.com to your favorites Add www.esecurityplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Five Trends for Application Development. Download Your Complimentary Report. Exclusive. Act Now.
Sophos Whitepaper: Liberating the Inbox--How to Make Email Safe and Productive Again
Learn about expanding business opportunities for the reseller channel. Visit IT Channel Planet.
Stay up to date! Get real-time news and reviews about the latest innovations in internet technology.