Spyware infections spreading, security expert says
- By Patience Wait
- Jun 05, 2006
MYRTLE BEACH, S.C.'Spyware programs are increasing in number and growing in sophistication to avoid detection, making it harder to guard against infections and more costly to repair their damage, according to a security expert whose company tracks them on a regular basis.
Gerhard Eschelbeck, chief technology officer for Webroot Software Inc. of Mountain View, Calif., told the audience at Techno Security 2006 that through the first quarter of this year his company has identified approximately 427,000 Web sites that host spyware.
In addition, 'there are at least 10 variants for each spyware program identified,' Eschelbeck said, to make them stealthier and harder to detect.
Among the evolving techniques the company spotted are the re-emergence of phishing Trojan horses, and the use of rootkit techniques. For instance, the company found an identity-stealing Trojan on a Web site that 'was programmed to come to life for specific classes of sites, such as banking,' he said. The keylogging code in the Trojan sent the data to an FTP server. Victims came from 120 countries, Eschelback said.
Not all spyware is malicious, he said. Because of the way they track users' site visits, cookies are considered a class of spyware but are not considered harmful. But there has been significant growth in keylogging spyware, including system monitors that look to record passwords, credit card numbers and other sensitive information, then transmit the data back to criminal enterprises.
In a significant switch, during the first quarter of 2006 China was the host country for more than 42 percent of spyware exploits, followed by the United States at almost 18 percent. In the last quarter of 2005, the U.S. was the top host country, with China close behind, Eschelbeck said.
He offered seven tips for avoiding spyware:
- Just say no to free software
- Use the Mozilla Firefox Web browser if possible; there are not many spyware writers using it today
- Always patch known vulnerabilities
- Avoid questionable Web sites
- Be very suspicious of e-mail because it can be 'forged,' and wary of e-mail attachments
- Use public Internet kiosks with extreme caution; many of them are infected with keylogging software; and
- Keep antivirus and anti-spyware software updated.