May 16, 2006 1:28 PM PDT

Keylogger spying at work on the rise, survey says

The number of companies reporting a spyware infestation has increased by almost half in the past 12 months, according to a new survey.

In addition, 17 percent of companies with more than 100 employees have spyware such as a keylogger on their networks, said the authors of the annual Websense Web@Work survey, published on Tuesday.

"This is almost 50 percent growth in the instances of keyloggers that organizations are reporting back," said Joel Camissar, a manager for Internet security specialist Websense. "Despite the organizations' having a 'best of breed' antivirus, anti-spyware and firewall, we are still detecting a huge amount of back-channel spyware communication."

Spyware is seen as an increasingly serious security problem, and the U.S. Federal Trade Commission has pledged to take action against companies that distribute it. The software is installed on machines without the owner's knowledge to track their online habits, sometimes via a keylogger, which records the user's keystrokes.

One reason for the growth in corporate spyware infestation is a massive increase in the number of spyware-making toolkits being sold online, said Camissar, who referred to some research that Websense conducted earlier this year in partnership with the Anti-Phishing Working Group.

"In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosing keyloggers in the same time frame have gone up from 260 to 2,157--almost a 10-times growth," Camissar said.

The Websense survey also discovered that companies did not have much faith in their staff being able to distinguish between genuine Web sites and phishing sites, which mimic the online outlets of trusted businesses, such as banks, to try to trick people into handing over sensitive personal information.

"Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar added. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat."

Munir Kotadia reported for ZDNet Australia from Sydney.

See more CNET content tagged:
Websense Inc., keylogger, survey, phishing Web site, phishing


Join the conversation!
Add your comment
Another "scare" article with little info
This is another in a series of many articles that hype the scare of keyloggers. In this article keyloggers are lumped with "spyware that gathers information" being on the rise.
Anyone that runs Spybot or Adaware can tell you that a website's cookies can often be counted as an "unwanted information mining" tool. This article's alarm falls flat because whenever it starts talking about the magnitude of increase it falls back on "spyware" rather than "keyloggers".

As a security team member at my work I AM concerned about keyloggers and rootkits. There are no lack of articles on the dangers posed by these but little concrete info on exactly how often they're found. Indeed with rootkits detecting them is often hyped as being difficult at best, which leads you to wonder if they may be on several of your machines or if it's just another vapor-threat to get you to read the same articles over and over again.
Posted by Fireweaver (105 comments )
Reply Link Flag
Are you insane? This article falls flat because they don't tell you how often keyloggers are found. As a member of your security team you shouldn't be looking to cnet for your answer. If you were half the security guy you claim to be you would already be on the mailing lists that let you know that information as well as having experienced the rise of malicious software this last year.

You sit there and type arguments about spyware vs. keyloggers and how they mix the two..ever think one contains the other? Either way your job is the same, get rid of it. Sorry to be a snot but I think you are rediculous arguing one name vs. the other and needing a link or a site that shows how often they come up in order to believe this. Your own experience should tell you this, if it's not then you obviously aren't fixing enough machines or you think that adaware and spybot remove rootkits, both wrong.
Posted by JTMON (2 comments )
Link Flag
Cnet - has 123 you can download
Cnet downloads has 123 listed you can download from them!!!
Posted by mssoot (169 comments )
Reply Link Flag
not illegal to install on your own machine

just don't use my machine with your passwords or i will know them fewl
Posted by baswwe (299 comments )
Link Flag
Buy software and hardware keyloggers at....
Micro Center. The software is (i think) $39 and the hardware keylogger is $99.

They have become mainstream. I wonder if Micro Center has any liability for selling them to underage customers who misuse them.

Scary thing is that any almost government worker could slap one on the bosses PC and never get caught.

Hee hee heeeee.....people are stupid.....
Posted by Jim Hubbard (326 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.