A majority of corporate and consumer PCs are infested with spyware and it's quickly becoming the top preoccupation of IT professionals. That's the gist of a new report from Webroot Software, which found various forms of spyware in 87% of the machines it scanned in the first quarter of 2005.
"Despite the antispyware tools and legislation out there, we see no relief anytime soon because there's too much money to be made by producing spyware," said Richard Stiennon, vice president of threat research for the Boulder, Colo.-based company. "The status of adware and more malicious forms of spyware is vibrant."
The firm's findings -- unveiled Tuesday in its first quarterly State of Spyware Report -- are similar to other studies in recent months. The National Cyber Security Alliance has found that 80% of all computers are infected, for example. Atlanta-based ISP Earthlink has said an estimated 90% of PCs are infected, and Dell Inc. has said spyware accounts for 12% of all PC help desk calls.
Webroot's report also noted that with a growing number of helpdesk calls attributed to spyware, "combating and removing spyware is becoming among the most pressing IT issues for enterprises." Seattle-based Watchguard Technologies reached a similar conclusion in January after polling IT managers. Two out of three respondents in that poll said spyware is the threat they lose the most sleep over, while 65% said their network is less protected against spyware than other threats.
Webroot's findings are based on scans made using its consumer and corporate SpyAudit tools. Additional online data was gathered by Phileas, the firm's automated spyware research system. On the corporate side, the firm said SpyAudit has scanned more than 35,300 systems across more than 18,000 companies to date. In the first three months of 2005, scans found that:
- At least one form of unwanted program [Trojan, system monitor, cookie or adware] was present in 87% of PCs.
- Excluding cookies, the other forms of spyware were present in more than 55% of corporate PCs.
- Adware was present on 53% of machines scanned within the enterprise.
- The presence of Trojan horses within enterprises was "surprisingly high" at 7%, accounting for an average of 1.3 infections per PC.
- CoolWebSearch was the most successful spyware distributor, followed by such entities as Claria (formerly known as Gator) and 180SearchAssistant.
Regarding those distributors, the report said, "There are many Web sites affiliated with CoolWebSearch, and several use vulnerabilities in Microsoft Internet Explorer to automatically install. Additionally, many of these sites use social engineering or confusing forms to trick end users into accepting installation requests."
The report added: "Claria…has seen wide distribution of their software by bundling with freeware products including popular peer-to-peer software such as Kazaa. 180SearchAssistant is also widely distributed through freeware products and other bundles, and is also installed through many Web sites using ActiveX installation methods as well as a search toolbar and from Zango.com."
How should preoccupied IT managers deal with such a growing threat?
"It's time to start restricting the types of software employees can download," Stiennon said. "It's time to restrict which Web sites they can browse."
They may get a lot of grief from those employees, but Stiennon said that's better than having to deal with the potential consequences of just one spyware infection. "IT departments have to take back their territory and defend their networks," he said.
The full report is available via Webroot's Web site.