Spyware Can Make Your PC Lie To You--Report

Webroot, the software company that makes the SpySweeper anti-spyware tool, released its latest State of Spyware report (free download) last week. The quarterly reports the company issues summarize the steady technological advancement of spyware makers and their progeny. The report is a wrapup of the worst stuff that happened in spyware in 2005. As you could probably guess, 2005 was the worst year for spyware--and the best year for cybercriminals--ever.

But one small detail in the summary really caught my attention. Apparently, some novel forms of spyware are so good at hiding themselves, that if your PC is infected with these particularly nasty beasties, you can no longer trust anything the PC tells you.

These new forms of spyware install themselves at the driver level, which give them a unique ability to "hide data, files, or actions." The report goes on to say that it's hard to remove spyware that installs itself at the so-called "Ring-0" level, because "no data that Windows returns can be considered reliable."

Great. So, suddenly my laptop is like Neo in the first Matrix movie: Puttering along happily in Windows-land, blissfully unaware that beneath the surface lies a truer 'reality' that is much darker than the world it 'sees.'

I'll take the Red Pill, please.

This brave new world of spyware has its "Agent Smiths" as well, because another increasingly common technique for spyware applications is to attack the anti-spyware forces arrayed against them. This evolution seems to parallel a trend that became common in many malicious viruses about five years ago, where one of the first acts of the virus on a newly-infected host was to look for and disable any of a long list of antivirus programs.

Especially pernicious are keystroke loggers, which capture your passwords as you type them and send them to criminals elsewhere. "Keyloggers are becoming more aggressive and are no longer content to evade [Windows]. Anti-spyware as well as other detection programs are now common targets," the report says.

The report also named the ten worst offenders in the world of adware and spyware. Notably, two of these notorious top ten purport to be anti-spyware tools themselves; Webroot's report labels these apps as "rogue anti-spyware": SpywareStrike and PSGuard both can install themselves on your PC without your consent; PSGuard also redirects your Web searches through its own search engine, and changes your home page, in some instances. Other notable rogue anti-spyware apps listed in the report include SpyAxe, SpySheriff, and WorldAntiSpy. The report also recounts the FTC's recent actions to stop two US companies that were involved in distributing rogue anti-spyware.

(We detailed some examples of rogue anti-spyware apps more than a year ago. Our advice for folks shopping for an anti-spyware solution is to stick to the reputable products made by companies who have established their credentials through independent testing.)

The report also said that large corporations risk not only a PR nightmare, but also could violate one or more federal regulations if even a single PC on their network gets some sort of spyware infestation, and as a result companies are scrambling to contain infections quickly. Despite that, corporations reported a 9 percent increase in the detections of keystroke loggers on business PCs from October, 2005 to the end of the year. Enterprises are also falling victim to more sophisticated, targeted attacks, such as spear phishing and Trojan horse programs custom-built to attack a particular company's network.