By Will Sturgeon, 1 March 2005 15:30
NEWS Users are increasingly losing ownership of their PCs with a growing amount of spyware and malicious applications finding their way on to computers in homes and the workplace. Worse still, the infections may go largely undetected.
The issue of spyware has been a major concern so far during 2005 but figures released by Computer Associates show Trojans, diallers, keyloggers and hacker tools also exist on users' PCs in worrying numbers.
Sam Curry, vice president of product management for CA eTrust, told silicon.com: "In all my time I have never seen an increase in the level of a particular threat like we have seen with spyware."
According to CA's findings the average user has 33 traces of adware and four traces of spyware on their machine all of which may be capable of relaying sensitive information about the user to a remote third party.
The findings show how much damage users could unwittingly be doing to their machines and themselves or their businesses if they aren't aware of the risks. Less tech-savvy home users are likely to be most at risk.
The findings all relate to what was discovered on users' machines the first time they ran a scan for pests and spyware.
"Most systems have around 80 or 90 pieces of potentially malicious code on them within a short time of first connecting to the internet," said Curry.
The rest of those 80 or 90 items are made up of a mix of threats from Trojans and diallers to more benign unwelcome guests.
'Below the radar' applications which covertly drop onto users' machines are also used for increasing the effectiveness of future attacks. CA found an average of five traces of spam tools per machine, three firewall killers and traces of nine miscellaneous cracking tools.
One in three users had a keylogger detected on their machine an application which is able to record key strokes and thus can detect passwords or other sensitive data. Hijacking applications are also very common.
The average user has at least two homepage hijackers applications which are often the first to betray the presence of spyware as users notice their homepage changes. Other hijacking tools, such as search hijackers (three of which exist on the average user's PC) will redirect users searching for sites while others will install tool bars or redirect users while they are navigating from one page to another.
Applications such as the notorious CoolWebSearch tool bar - described by Curry as "one of the worst" - and search hijacker commonly take over a user's web session redirecting them to pages they do not request.
"The question end users should be asking, is do they have control of their PC at all times and do they have control of their relationship with the internet?"
Curry believes the answer is a resounding 'no', with more and more systems polluted with spyware and Trojans. Some of it is an irritant but some can aid in identity theft.
Speaking to silicon.com, Steve Purdham, CEO of SurfControl, said the increase in the levels of spyware and Trojans can largely be attributed to spammers 'raising their game'.
"Malicious phishing scams, spyware, Trojans and viruses are all playing a far greater role in the tactics of the spammers now whereas previously it was porn and adverts for Viagra," he said.
Comments
There are 23 comments. Join the discussion
1. cold_ronald
I knew the first time I heard about cookies years ago that if they can write a text file to my HD, they will soon be installing and executing code.
I'm no security expert, but it seems that all scripting should be completely disabled within a browser, in addition to removing the ability for to write out any data (internal browser caching and temp/work files excluded). You're just going to have to remember your passwords and they can store prefs on the server.
Anybody can see where this is all going ... a business / financial model where you'll have to prove you DIDN'T click on something to have money taken out of your account, thank you very much.
My personal solution is the running of 3-4 spyware scanners, current virus signatures, and of course a firewall, and I do any financial business online. PERIOD. In addition, I backup my machine every night. It isn't that hard or expensive. If I can't remove an infection I simply restore back a day, or two (which is rare - boot into safe mode, delete your temp folder contents, and if needed crash explorer after your scanner detects spyware, then remove the spyware).
2. anonymous
Pleasse accompany articles like this with some information on how the average non-techie user can protect against these threats and/or clean up their machines. We need easy to use, cost effective solutions.
3. anonymous
so what can the average user do about it?
(Ed note. There are a great many products out there which will scan and clean your system - obviously such remedies are still slightly retroactive. There are also products which will alert you when some items of code are being downloaded onto your machine. We aren't in the habit of recommending one product over another, though AdAware is a very popular, free software in this area. You may want to check out www.download.com - another CNET property - which offers vendor-agnostic downloads of many, many products - try searching under 'spyware'.)
4. Robert Walter
The government should act, and force the software & PC vendors to sell off the shelf products that are safe for the consumer.
You cannot rely on the less savy user to take steps to protect their PCs, expecially if they have to pay for it.
5. Jon H
The number of keyloggers found is quite worrying. No wonder so many newbies insist that internet shopping isn't safe!
Also, the homepage hijackers tend to go unnoticed - most people seem to think it just happens by accident, they must have clicked on something...
There must be some way of raising the public's awareness of spyware (without panicking them!)
6. anonymous
great that the article articulates a growing and severe problem, but it would also be nice if it gave some ideas about how to deal with the problems caused by malicious programmes.
7. anonymous
We are all aware of the problems with our computer systems being compromised, if this was committed within the conventional work or home environment crimminal charges would be made.
The internet is a positive advantage to all end users, without interupting normal access or undue restrictions when are respective measures to be taken.
A example of this would be with some difficulty when the hacker is traced confiscate there equipment and the premises were operations are carried out. Where this is within the work place or university the latter not possible.
The time for action not talk should be over as critcal data or irreplacable records or personal data is lost. The writer has requested for name to be withheld to avoid being a target for hackers, this already a problem.
8. John Loty
Where is the good news?
Given that we all rely on each other for the internet to work and there are more of us than smammers etc - why can't you co-ordinate a massive workshop brainstorm round robin to get on top of this problem.
The technology is there as is the brain power - it just needs someone like Silicon.com to co-ordinate it!
Good luck - seriously.
- a new chum in the world of IT.
9. Alan Paterson
A friend recently started up his brand new out-of-the-box top of the range laptop with built in wi-fi broadband. 45 seconds later it keeled over with a virus 'probably caught from some hapless geek over the road in Starbucks'...is this a record?
10. peck2000
The Solution? Simple, switch from Internet Exploder to Firefox. My PC "Ad-Aware" app was catching around 25 spywares, adwares and other assorted detritus every session. Since switching to Firefox, the malware has dropped to zero ...
Or buy a Macintosh. None of that garbage can infect a Mac!
11. anonymous
If you think you have spyware/adware/malware try using Lavasoft AdAware or Spybot Search & Destroy to remove it, both are available for free download and use. Don't forget to get the latest updates before you scan and you may have to scan in safe mode to be sure the machine is clean!
12. Phil Blackburn
The average home user has a real problem.
It is true that Ad-aware and Spybot S&D will remove most, although not all, of these parasites. It is also true that there are a huge number of 'spyware removal' products out there on the Internet that do not. Some of them give false positives and rip the user off by getting them to pay for an ineffective product, others even install spyware of their own. How does a home user know which is which?
People complaining about cookies just add to the confusion They are a red-herring for all but the most committed privacy activist, but home users get panicked into buying cookie-cleaners that are no help at all in keeping away the nasty stuff.
The big-name antivirus products are starting to check for spyware, etc, but are not always any good at removing it. FireFox helps (a lot) but is not a full solution.
A large proportion of my work these days is fixing computers crippled by this crud. There is an arms race going on and, from where I sit, the bad guys are winning.
13. Daz
Agree this is a serious problem - I've cleaned yet another PC today - and they are becoming increasingly hard to tackle: Safe mode, hijackthis, spybot, you name it - some of these little b****ds keep coming back. Putting themselves in IE's trusted site list - what a wheeze.
I'm think its time the ISPs took action and started blocking known spyware sites. That would stop the malware download AND the "reporting" for already infected PC's.
Lets face it - these software "Browser Helpers" are not legitimate business tools - they are positively illegal - certainly in many territories.
14. Heat
great article... a few have pointed out that a suggestion on how to prevent this invasion might come in handy...
Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html
Microsoft even has one...
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
15. Phil Lean
Don't underestimate the collateral damage to your PC from deleting this stuff! I trashed a load of work files getting rid of lop.com. Back up!!!
16. anonymous
I totally agree with one of the other comments on here - silicon.com has really missed the beat. If this is the case, then there should be some advice on how to avoid all the spyware i.e. What should people be doing to protect themselves against this threat? What can they do? Some advice would be hugely appreciated I'm sure.
17. Mark Hosey
Why are service providers not providing the required advice and protection? Surely the best place to combat the problem is at the gateway to the internet and not on every individual PC and internet activated device? Protecting individual devices is such an inefficient way of doing it, of course it's hugely profitable for some! Personally I would have no problem with my service provider scanning my communications for known and recognised threats. Of course there is a whole industry out there that would resist such a move, however I feel the problem is so great that legislation is required to force service providers to provide a fast, safe and reliable service in exchange for their fee.
18. John Benfield
I cleaned a PC last week that had 640 items of spyware, malware, Trojans, dialers and keyloggers ect.
Taking precautions against spyware is not difficult. Ad-Aware is a free program that will remove almost all spyware as will Microsoft's beta.
You can also block the download in the first place by adding a pre configured HOST file to your system 32 folder. Visit this site for info http://www.mvps.org/winhelp2002/hosts.htm
You have to pay the price of being denied access to some site and or pages but you will certainly stop the rubbish from getting onto your hard drive. On the same site is information and files to lock and unlock your HOST folder to prevent hackers changing it.
I run three spyware cleaning programs and they very rarely find anything these days.
19. anonymous
Having cleaned my PC of a number of Trojans and hijackers over the weekend, I then had to pay a bill over the internet with a trusted company. I paid by credit card, which meant I had to enter my credit card details.
In order to minimise anyone spotting my key strokes, I closed down my internet connection. I then typed credit card number and the identity number on a word document as one long number. I then copied it. I then connected to the company website and pasted in the number in the relevant boxes, and deleted the relevant suffix and prefix numbers. I think the only keystrokes detectable would have been a couple of pastes and deletions.
Any other suggestions to minimise illegal and unwanted information collection will be welcomed.
20. Joe Whitehead
First, to Phil Blackburn: There is a site called spycheckers.com which does of all things - list good and bad spyware checkers (thus the name)! There are many sites for this. Wildersecurity, javacoolsoftware.com (javacoolsoft.com is fake), and so on... Be aware that some hacks will redirect those pages, so use a clean system to get them to a CD if in doubt!
Next, the hosts file is editible if need be to add your site and if that site hacks your machine then at least you know who did it! There's a product called Protowall and another called Peerguardian that block specific IP addresses and not just hostnames - they're invented for peer-to-peer users who don't want a full firewall program. Protowall can even be set to blink red on the tray when it blocks an address.
Third, Uh keyloggers usually _store_ the information for lator retrieval. Some send the file online while others require the spy to be physically present (like say a parent). MoM is an example of a program people use to see what someone else is doing on a PC.
21. Joseph Farthing
Just to say that we recommend the use of a full firewall *with* PeerGuardian2
thanks :)
Joseph Farthing
News Editor
Methlabs.org (creators of PeerGuardian)
22. daddylurve
Had a Dell for five years, running Win98 and ME - one virus wiped the hard drive, lots of hijackers, trojans, diallers kept coming, getting deleted and coming back.
Sold it, bought a Mac, not one problem. No hacks, trojans, no spyware, nothing.
Liked the peace and quiet so much, got a Mac for work, too. Again, no problems.
Ahhhh.....aint life simple?
23. Paul Frenette
Solution: Mozilla Firefox and an off Internet PC!
Get rid of MS Explorer and then buy or use a cheap PC for online work, and a good PC for off line core work. Sad I know but that's the only way.