Who’s Watching What You Type?
 by: Robert Palmer

If someone entered your home, uninvited and installed numerous cameras and listening devices in order to monitor your activities, you would quite rightly be outraged. While such a situation, unless you are living in the Big Brother House, would be considered ridiculous, the same cannot be said for the humble home computer.

Recently released research alarmingly shows that home PC’s are increasingly likely to host software which can watch each and every keystroke the user inputs. According to the research compiled from an audit conducted jointly by the software firm, WebRoot and services provider, EarthLink, the average home PC hosts 28 so-called spyware programs.

Whilst the worst examples of spyware are written by virus writers to steal passwords and hijack computers to launch “denial of service” attacks against web-servers, the vast majority are used to collate marketing information and then target advertising according to the end-users web surfing habits.

The WebRoot/EarthLink audit surveyed more than 1.5 million PC’s during the last 12 months and discovered an amazing 41 million incidents of spyware; adware, Trojans, tracking cookies and other undesirable programs.

Most of these programs are loaded into the computer memory when the PC is started up. From here, the program will work silently, often giving no clues as to its existence. However, unexplained browser window pop-up’s, often advertising adult services and mysterious alterations to the browsers homepage setting are more often than not an indication that spyware is present and active on a computer. One particular piece of spyware, which is proving to be very expensive for many home users, is that of Trojan Diallers. Diallers, often without any warning to the end-user, hangs up the current net connection and then automatically reconnects using a Premium Rate telephone number, thus running up huge telephone bills. The activities of companies using this technology as a revenue stream are currently under investigation in the UK by government watchdogs.

A hard-disk and memory overflowing with spyware used to be one of the unfortunate consequences of visiting sex and adult orientated sites; a kind of eSTD. Like most Internet marketing technologies, from the pop-up to the pop-under and the first snowball of Spam, spyware began life serving the adult industry. Then, just like pop-up, spyware filtered through all aspects of ecommerce. In an interview to the BBC, David Moll, CEO of WebRoot, said that spyware has now become so common across the whole of the Internet, that it can be contracted from nearly anywhere.

So-called “drive-by downloads” are now responsible for most infections of spyware. The term “drive-by” refers to the casualness of the infection. By simply visiting an ordinary webpage a user can unwittingly initiate an automatic download of spyware onto their computer. There are no clues and no warnings.

In a recent, carefully controlled and closed demonstration, it took me less than 20 minutes to create a spyware program and embed it into a webpage. Using colleagues who had previously been made aware of the nature of the experiment, I invited them to take a look at this “special” but very ordinary looking webpage. Within seconds of visiting this webpage, the spyware went to work taking a snapshot of their hard disk, a snapshot of their Favourites folder and a copy of their browsing history. Before they had even finished reading the webpage, the spyware was already transferring their information to my server. It’s as easy as that! Equally that same code could be manipulated to perform a total trash of the hard disk or some other equally miserable and criminal act.

Speaking to the BBC, David Moll explained.

"Some (spyware programs) lurk on misspelled URLs and strike those that type faster than their fingers can carry them. As a result you do not end up where you expect to be."

Alarmingly, users do not even need to visit a website to contract spyware. The preview window in Microsoft’s Outlook Express allows emails containing HTML and any other code which can be placed on a normal webpage, to be loaded, without warning. Companies looking to implant spyware using the “drive-by” principal are regularly exploiting this glaringly obvious flaw in the design of Outlook Express.

"If you get one piece of spyware, you will get five because the business model says they pay each other to pass on information about victims," said Mr Moll.

Thankfully anti-spyware/adware programs such as Ad-Aware (free) and WebRoot’s own offering, Spy Sweeper can clean up a PC and even help prevent further infections, but just like anti-virus software, anti-spyware software needs to be kept up-to-date to remain effective.

In addition to providing software solutions to this problem, legislators too are seeking to end this electronic intrusion. In the USA an anti-spyware bill is moving towards approval in Congress. If successfully implemented, this bill will force firms who wish to use spyware to first receive permission from the end-user before it is installed. But even before any new laws come into place, spyware makers are already working on next generation coding which keep their programs intact and operational….perhaps even on your PC.

Related Links:

WebRoot Spyware Audit http://www.webroot.com/services/spyaudit_03.htm

Ad-Aware http://www.lavasoftusa.com/software/adaware/

WebRoot http://www.webroot.com/

About The Author

Robert Palmer is CEO of deskNET Communications www.desknet.co.uk the first affordable alternative to opt-in email marketing and newsletters. With over 20 years professional experience in software development, Robert is a leading architect in the development of the emerging Net technology, One-2-Many Broadcasting software.