Aladdin Uncovers Increase In Crime-Related Spyware
|
|
|
|
|
Aladdin Knowledge Systems, well known for its Software Digital Rights Management (DRM) and USB-based authentication solutions, has unveiled results from a two-month analysis of the top 2000 known spyware threats.
Conducted by the company's eSafe Content Security Response Team (CSRT), the study found that a staggering 15 per cent of spyware threats actually steal passwords and log keystrokes, while also attempting to steal logged-on user names, the hash of administrator passwords, instant messaging usage and e-mail addresses.
The study illustrates that a growing amount of spyware is specifically designed for identity theft and continues to compromise both personal and commercial privacy, with potentially dangerous effects for large organisations in need of protecting proprietary information.
Around 15 percent of spyware threats send private information gathered from the end user currently logged on to the infected system: logging the user's keystrokes, logged-on user name, hash of administrator passwords, e-mail addresses, contacts, instant messengers login and usage, and more.
Twenty five percent of spyware sends information gathered from the victim's operating system, including the computer (host) name, domain name, logs of all processes running in memory, installed programs, security applications, client's internal IP address, OS version, the existence and versions of service packs and security updates, TCP ports the spyware is listening to, Computer Security Identifier (SID), default browser's homepage, browser plug-ins, etc.
Sixty percent of spyware transmits gathered commercial-value information about the end user's browsing habits. This includes keywords used in search engines, browsing habits and ratings of frequently visited Web sites, shopping reports, and so on.
Aladdin eSafe CSRT recommends organisations take the following steps in order to more proactively protect against dangerous spyware: enumerate the network to determine the amount of spyware on the desktops to help evaluate the need for anti-spyware products; plan multi-layer spyware protection, which should include appropriate solutions to cover the flow path of spyware; and implement solutions beginning with the gateway, the clear point of entrance for infection and point of exit for spyware communications.
BIOS, Sep 14, 05 | Print | Send | Comments (0) | Posted In Security
Related Articles
Defending In Depth
Cyber Security & Other Games
Second Life, Second Identity?
Don't Choke In The Name Of Security
A Baker's Dozen Of Security Bytes
Patching Up Security
Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7
More...
|