Rise In Worst Spyware Shows Phishers At Work

The numbers offer hard evidence to back up suspicions that phishing scammers are turning to deadlier, stealthier spyware to hijack identities and empty bank accounts.

Spyware -- the umbrella term given to software that installs and runs without the user's knowledge -- collects data such as surfing habits, or, more maliciously, records keystrokes in the hope of snagging account passwords or other confidential information.

According to Atlanta-based EarthLink and Boulder, Colo.-based Webroot, the instances of system monitors -- better known as key loggers and screen grabbers -- and Trojan horses soared in the fourth quarter. System monitors logged a 230 percent increase and Trojans jumped by 110 percent over the previous quarter. Both marked record highs for the year in the fourth quarter.

"The huge increase in systems monitors and Trojans on consumer PCs is extremely disconcerting," said David Moll, the chief executive of Webroot, which sells its Spy Sweeper to both consumers and enterprises.

Sponsored post

On average, about 1 in 6 PCs scanned by the EarthLink and Webroot anti-spyware software contains a system monitor. The rate of "infection" by Trojans is about the same.

"It's scary that in the rapidly growing problem of spyware, the worst and most malicious forms are the fastest growing," he said. "You'd expect that the nuisance kind of spyware would be first to spike, but the fact is, spyware is so pervasive that the nuisance category is saturated."

Security analysts have been saying that technically-astute phishers are quitting the practice of setting up bogus Web sites to dupe users into divulging credit card and bank account information, and instead are using spyware to invisibly watch what users enter to access accounts online.

These numbers seem to bear that out.

"This absolutely shows that phishers are turning to spyware," he said. "A lot of the increase is associated with phishing." Calling the numbers "scary stuff," Moll said the rapid rise in the prevalence of key loggers was "harrowing."

"People looking to get personal information out of consumers are shifting to stealthier tactics," agreed Tom Collins, the product manager for EarthLink's core software group.

Moll noted that the practice of "drive-by downloading," in which hackers exploit vulnerabilities in the browser -- usually Microsoft's Internet Explorer -- to infect unwitting surfers, "continues to be a great danger. It's actually the preferred method of spyware writers now."

The trends don't portend well for 2005. Not only did the presence of system monitors climb throughout 2004, but in December, the numbers almost tripled over November's.

"We said in 2003 that spyware was the largest undiagnosed problem on the Internet, and that at some point we would see a spike in the more dangerous types of spyware," said Jerry Grasso, the director of corporate communications for EarthLink. "Even in the first half of the 2004, we were mostly seeing adware and cookies, not the knock-out punch of key loggers.

"These numbers show a rise in the knock-out punch. This is now affecting Grandma."

Moll of Webroot agreed that it's going to get worse. "I've always marveled at the resourcefulness and inventiveness of these people [the spyware writers]. These guys are good. They're crafty."

EarthLink and Webroot collaborate to produce the quarterly SpyAudit report, which is based on data collected as users access free anti-spyware software offered by the ISP and posted on Webroot's Web site.