Think your PC is safe from hackers, crackers, and snoops? Don't be so sure. According to a report being released this week by EarthLink and security software vendor Webroot, as many as one out of three PCs could contain spyware that can secretly record and transmit sensitive personal information.
Those figures come from EarthLink's SpyAudit, a free Web-based service that helps users discover whether their systems harbor spyware. Since going online in January, SpyAudit has performed 1.5 million audits and uncovered more than 500,000 copies of Trojan horses and secret monitoring software on users' hard drives.
Matt Cobb, vice president of core operations for EarthLink, cautions that the audit figures don't necessarily mean that one of every three computers is compromised. Some machines may contain more than one copy of malware, and the same machines may have undergone several audits, boosting the overall totals.
Still, Webroot CEO David Moll says, "It's clear from looking at these numbers that the fastest growing sectors of spyware are also the most malicious. That spells a troubling future for everyone."
From January through April, SpyAudit also detected more than 7 million copies of adware programs--software that delivers browser pop-up ads--and another 32 million instances of adware-related cookie files. But Trojan horses and system monitors have much greater potential for damage.
A Trojan horse is malicious code that often hides inside more benign applications such as animated cursors or file-sharing software. Once installed on a hard drive, it can used to capture information or turn the computer into a "zombie" machine that can be controlled remotely.
System monitors include keystroke loggers and screen-capture software that secretly record a user's behavior and send that data to a remote location. Keystroke loggers can grab login names, passwords, credit card numbers, and other sensitive information that malware authors can use to break into your online accounts or steal your identity. Other system monitors periodically capture screen shots of your activity and send them on to hackers, who can use them to glean information about you.
"Trojan horses are becoming increasingly prevalent," says Graham Cluley, senior technology consultant for UK-based security vendor Sophos. "In the past you didn't encounter them as often because they didn't spread as viruses do." Now, users can unwittingly download Trojans from Web sites or become infected by worms that open up back doors on their PCs, allowing hackers to slip in and install remote access tools, Cluley says.
In late May, security firms reported the appearance of Korgo, a variant of the Sasser worm that allowed hackers to install keystroke loggers on PCs using Windows 2000 or XP. In April, Microsoft provided a Windows Update that patches the hole exploited by Sasser worms, but millions of machines remain unpatched.
Spyware can be difficult to detect and remove without help. EarthLink offers a version of WebRoot's Spy Sweeper software to its subscribers. Packages like Lavasoft's immensely popular as Ad-Aware or Spybot Search and Destroy can also uncover spies, while antivirus and firewall software can help prevent back doors from being installed on your system.
Cluley notes that while remote access tools can have legitimate uses--such as troubleshooting PCs across a corporate network--they can be terrifying when used with evil intent.
"It's as though there's a ghost sitting in your chair, controlling your machine," Cluley says. "A person could be on the other side of your office or the other side of the world, and it's as though they've broken into your house. Once they've gained that level of control, they can do anything."
EarthLink has recently stepped up its security services. In April the ISP launched ScamBlocker, a free, downloadable toolbar designed to protect surfers from accessing sites known to be used for fraud.