The number of companies reporting a spyware infestation has increased by
almost half in the past 12 months, according to a new survey.
In addition, 17 percent of companies with more than 100 employees have
spyware such as a keylogger on their networks, said the authors of the annual
Websense Web@Work survey, published on Tuesday.
"This is almost 50 percent growth in the instances of keyloggers that
organizations are reporting back," said Joel Camissar, a manager for Internet
security specialist Websense. "Despite the organizations' having a 'best of
breed' antivirus, anti-spyware and firewall, we are still detecting a huge
amount of back-channel spyware communication."
Spyware is seen as an increasingly serious security problem, and the U.S.
Federal Trade Commission has pledged to take action against companies that
distribute it. The software is installed on machines without the owner's
knowledge to track their online habits, sometimes via a keylogger,
which records the user's keystrokes.
One reason for the growth in corporate spyware infestation is a massive
increase in the number of spyware-making toolkits being sold online, said
Camissar, who referred to some research that Websense conducted earlier this
year in partnership with the Anti-Phishing Working Group.
"In April 2005, there were 77 unique password-stealing applications. In the
latest March report, there were 197. Unique Web sites hosing keyloggers in the
same time frame have gone up from 260 to 2,157--almost a 10-times growth,"
The Websense survey also discovered that companies did not have much faith in
their staff being able to distinguish between genuine Web sites and phishing
sites, which mimic the online outlets of trusted businesses, such as banks, to
try to trick people into handing over sensitive personal information.
"Forty-seven percent of IT decision makers said their employees have clicked
on phishing e-mails, and 44 percent believe employees cannot accurately identify
phishing sites," Camissar added. "I am surprised that the results are not
showing a larger growth in the number of organizations hit by this kind of threat."