Saturday, February 26, 2005

Spyware: The Next Real Threat (eWeek)

"Your data is at risk and there's nothing we can do right now to stop it," Thompson [Roger Thompson, director of content research security management at Computer Associates International Inc.] said.

He explained that spyware writers use "tricklers" to silently reinstall spyware components after they are removed. "This makes it even worse than the mass-mailers. They change the components frequently and even when you remove registry key entries, the program simply reinstalls it," Thompson warned.

"Remember, a virus is a single program with a single registry key. With spyware, we're talking about thousands of programs with lots of registry keys. We don't even know the motive of the spyware authors. It's very hard to find legitimate use for a spyware program, no matter how hard we try," he added.

He said spyware running on enterprise computers is an "enormous threat" because there is absolutely no knowledge of the kinds of data being transmitted to the mother ship. "They're usually working over Port 80 so nothing is stopping it. The possibility for corporate espionage is enormous."