The web content filtering company Websense has released it’s annual report Web@Work survey. According to the survey 17% of companies with 100 or more employees have spyware on their network. I would go so far as to hazard a guess that number is far higher. Spyware is fast becoming this decades version of the virus problem of the 90’s. I have noticed that most companies lack the expertise on staff to even know how to find spyware, let alone hunt it down and kill it. This months edition of “Information Security” magazine Ed Skoudis and Tom Liston tackle the problem of antispyware products in his piece “Spy Catchers“. In the course of this article they examine behaviour based spyware products from CA, eSoft, Lavasoft, McAfee, SurfControl, Trend Micro and Webroot. They found that while these tools helped to improve detection they also increased the false positive rate. These tools, based on their findings, have a long way to go before they are mature. This is a fact that is not lost on the makers and users of spyware. I have heard the refrain, “oh, it’s just spyware” and at times I had said as much out of sheer fatigue. But, in all honesty this is a serious problem. The best example of spyware that people can identify with is the Sony debacle. This insidious piece of software did a great service to the public. It helped to raise awareness to the problem of spyware and rootkits. From an article on silicon.com
One reason for this growth in spyware infestation is a massive increase in the number of spyware-making toolkits being sold online, said Camissar, who referred to some research that was conducted in partnership with the Anti-Phishing Working Group, earlier this year.
He said: “In April 2005 there were 77 unique password stealing applications. In the latest March report there were 197. Unique websites hosing keyloggers in the same timeframe have gone up from 260 to 2,157 – almost a 10 times growth.”
Spyware is a very real problem that a lot of companies are slow to wake up to. Imagine if you will, a piece of spyware installed on the CFO’s system because he/she let little Susie use it to surf for pictures of Barney. The next day a keylogger is busy collecting info on the corporate network and emailing the results to some address where there are no extradition agreements. Scary thought? It should be. This type of thing happens everyday in the corporate world to numerous unsuspecting individuals.
[tags]Spyware, Antispyware, Websense, Keylogger, Rootkit[/tags]
Comments