A security firm named the top 10 spyware threats this week, saying that the secretly installed software poses an "insidious" threat to consumers and corporations alike.
Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause.
"We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness."
Each of the 10 spyware programs cited by Webroot was spotted at least 50,000 times in the scans that the vendor runs free of charge on its own website, or in conjunction with EarthLink.
"The people who write this stuff are gaining sophistication in their coding practices as they attempt to evade detection and removal," said Stiennon. "These 10 are the most insidious programs in terms of prevalence and effect."
Some of the software in Webroot's top 10 may be familiar to users, but most is a blur of anonymous titles that don't impart their potential impact.
Among the former is Gator (also known as GAIN), long infamous because it's bundled with the popular Kazaa peer-to-peer file sharing software. Gator/GAIN, said Webroot, made the top 10 list because it spews banner ads based on your surfing habits.
Others on the list, however, are unknown to all but the most dedicated follower of spyware. They include such programs as PurityScan, which puts up pop-up ads and tricks users into installation by claiming to find and delete porn on the PC; CoolWebSearch, which can hijack searches, browser home page, and IE's settings; and Perfect Keylogger, a spy that records all visited sites, keystrokes, and mouse clicks to, for instance, divine passwords, account numbers, and other sensitive information.
The rest of the list is fleshed out with the likes of n-CASE and KeenValue (adware), TIBS Dialer (software the usurps the modem and dials toll numbers, typically porn pay-by-the-minute phone sites), Transponder and ISTbar/AUpdate (spyware posing as browser assistants), and Internet Optimizer, which hijacks web errors and redirects them to its own site.
"It's our goal to inform internet users of the ramifications of having potentially unwanted programs on their systems," said Stiennon, adding that, "it's their choice to keep or remove these programs. We're just making sure they have that information so they are making knowledgeable decisions."
Webroot isn't the only ranker or rater of behind the scenes spyware. Computer Associates, which earlier this year purchased Webroot rival PestPatrol, recently added a spyware-only section to its online alert centre, where it regularly lists the top five threats based on the number of reports it receives from users.
It's current list puts Kazaa at the top, with GameSpy Arcade, Download Accelerators Plus, Ezula, and Adopt.Hotbar.com rounding out the five.
Spyware plagues both consumers and corporations, according to data from analysts. In a recent survey done by IDC, for instance, enterprise users labelled spyware as the fourth biggest threat to their company's security. They're reacting to the problem by spending money on additional security, a trend that will grow dramatically in the next several years.
According to IDC, anti-spyware software revenues will reach approximately US$31 million in 2004, but skyrocket by nearly 10 times to US$305 million in 2008.
Copyright (c) 2004 CMP Media LLC