Security experts warn of massive hack attack

Covert monitoring software on sale commercially in the US could give hackers an easy route to stealing user information and passwords, according to European security specialist, Peapod.

Investigator 2.0, developed by software firm WinWhatWhere, is designed to allow companies to monitor staff, checking up on illegal activity or time wasting. It records keystrokes and password information, emailing them back to the administrator without the user's knowledge.

The software has already caused a storm in the US from rights groups angry that it allows spying on users. But according to Phil Ryan, product marketing manager at Peapod, the privacy issues "pale into insignificance next to the security implications".

Ryan claims the application is easy to exploit, providing hackers with a robust base for Trojan Horse attacks. Peapod has already discovered one well-known Slovenian hacker site offering a malicious version of the software.

Ryan explained: "Most other Trojan Horses, like BackOrifice, create a permanent connection so it is easier to detect. This code just sends out messages periodically like any normal PC would."

Graham Cluely, senior technical consultant at Sophos Anti-Virus, played down the threat. "A hacker still needs to force the user to install it on their machine - Trojan Horses don't seem to be a very significant threat in the real world," he claimed.

But Tom Scholtz, senior programme director at the Meta Group, admitted Trojan Horses are still potentially a problem. "We are learning the hard way - it depends how the code is sent. Lots of these tools can be used and abused. It is up to the organisational policy of the company to protect it."

Peapod contacted most major anti-virus and intrusion detection vendors late last week to alert them to the dangers of Investigator 2.0, but by Monday only two had replied. "They should think hard about building extra safeguards," said Ryan. "Anti-virus vendors should be hot on the heels of this."