
Users are unwittingly relaying more and more sensitive data...
Published: 11 October 2005 17:10 BST
Spyware is becoming increasingly pernicious and sophisticated, according to security experts who are warning that users are still failing to take basic steps to protect themselves against the threat.
It's a problem which should scare big businesses as they face up to the fact that important data could be leaking out of their organisations daily. And yet too many organisations are failing to properly educate or protect their employees.
-- Eric Chien, senior researcher, Symantec
Eric Chien, a senior researcher at Symantec, said: "You'd be surprised at the amount of data these things collect."
Chien said techniques such as screen capture, key logging, behavioural analysis and common word recognition are all methods employed by spyware applications to build a profile of a user. Presenting at the Virus Bulletin conference in Dublin, Chien also detailed the ways in which spyware can get onto a machine.
He said: "At their most basic, they will be able to find your name, your gender, your age, the amount of time you spend online, what you search for, what you buy and what websites you visit."
Chien proved this point by showing the detailed data relayed by one piece of common spyware.
Such applications won't discriminate between personal and corporate data, though the latter tends to be of a far higher value.
Chien also showed conference delegates a more advanced spyware application which is programmed to kick in when any one of hundreds of websites are visited and certain words encountered on the page.
Such an application for example was able to take and relay screenshots whenever the user was on particular retailers' websites where the word 'confirm' appeared.
Chien said: "If you're hitting 'confirm' then what information is going to be visible on that web page? Credit card number, name, expiry date, billing address, shipping address."
And it gets far more worrying for users. The application is also programmed to start sending screenshots whenever users are on any page of certain banks' websites.
And Chien said users shouldn't put too much faith in perceptions of security as presented in 'https' style URLs.
"Some of these applications can read all https traffic," said Chien, though the danger only exists when accessing such sites from an infected machine.
In fact, the only way users can be protected against such threats is to ensure spyware doesn't exist on their computers.
That requires a balance of technical and educational approaches.
Companies should all have anti-spyware protection in place on all machines but users must also realise the threat posed by activities such as installing non-essential software and clicking on pop-ups from unknown or untrusted sources.
According to research out today from another security vendor, Trend Micro, around a quarter of US employees in both the small business and enterprise sector have fallen foul of spyware while at work.
In total, 87 per cent of respondents said they are aware of a threat posed by spyware while 57 per cent said they want more education on the threat and 40 per cent believe their IT department could be doing more to protect them.
So if you have a good background in 2d and 3d CAD design, have spent time working on machine designs or are from a solid mechanical design history ...
I am currently looking for a Design Engineer to join my clients Design Team in one of the most beautiful parts of the UK. The site is based close to ...
The successful candidate will be furthering what it possible in Machine / Computer Vision. My client is the market leader in the field of 3D motion ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Financial-Software Leader Credits Productivity Boost, Reduced IT Costs to 2007 Software
Staying Ahead of the Curve: Oracle Database 11g vs. Microsoft SQL Server 2005
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?