At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.
Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

Spyware has reached such epidemic proportions that legislators in the US Congress as well as state legislatures are responding to public outrage by drafting bills to prohibit its distribution, stem abusive practices and protect Internet user privacy. Unfortunately, pending and recently enacted anti-spyware laws are considerably flawed and could actually cause more harm than good. In fact, many experts believe we'd be better off if we'd simply put more effort into enforcing existing laws that prohibit fraud and deceptive business practices. And nearly all knowledgeable parties acknowledge that spyware is a technology problem that requires a technology solution.
New Laws, Plenty Of Flaws

Three pieces of legislation are receiving attention and attracting most of the debate.

- Bill S.2145, the SPY BLOCK Act, seeks to "to regulate the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy, and for other purposes.... "

Desktop defenses against spyware are ineffective, said a survey released Monday, an opinion backed by a security analyst wired into the identity theft scene.

Security appliance maker Blue Coat polled more than 300 IT professionals whose companies are using desktop-based anti-spyware solutions from vendors such as Computer Associates, Webroot, Symantec, Lavasoft, Microsoft, and Spybot, and found that nearly three out of four reported that current programs "are ineffective in preventing spyware from infecting their networks."

The survey, which was conducted last month and included IT managers from around the world working in small-, medium-, and large-sized enterprises, also found that spyware was becoming an ever-bigger blight. Eight-four percent of those surveyed said that the spyware problem is worse, or at best the same, as it was three months ago.

A company that allegedly scared users into buying its software by offering to eradicate nonexistent spyware has been ordered to cease and desist by a U.S. court, the Federal Trade Commission said Friday.
The FTC filed against Spokane, Wash.-based MaxTheater and its principal, Thomas Delanoy, to stop the company from touting SpyWareAssassin through bogus "scans" claiming the user's PC was infected with spyware.

According to the FTC, which was awarded a temporary restraining order by a U.S. District Court on Friday, SpyWareAssassin used Web sites, banner ads, and popups to drive traffic to its Web site where the company warned "...you WILL eventually experience credit card and/or identity theft and your computer will crash and cease working for good."

As more worms targeted Microsoft's MSN Messenger last week, a threat center devoted to tracking instant-messaging hacks released statistics that put numbers to what IM users already know: Instant-message threats are on the rise. According to the IMlogic Threat Center--an effort by vendors such as IMlogic, McAfee, and Symantec--IM and peer-to-peer exploits have exploded in 2005 and have grown 50% each month so far. The threat center has warned of more than 30 widespread incidents of IM or peer-to-peer viruses, worms, or other malicious code so far this year, Jon Sakoda, IMlogic's chief technology officer, said in a statement. Most--81%--were aimed at instant messengers.

The U.S. House of Representatives moved on its anti-spyware bill Wednesday by unanimously voting it out of committee and sending it to the House floor for consideration.

In a vote of 43-0, the Energy and Commerce Committee passed the Spy Act (Securely Protect Yourself Against Cyber Trespass Act), but only after one final amendment that specifically called out "Web bugs" (which also go by "Web beacons") as legal. Wednesday's amendment also legalized persistent, embedded advertisements, something that was forbidden in earlier editions of the bill.

Spyware doesn't just install itself by magic — although it can certainly seem that way. Typically, users need to visit a spyware-infested site and take some action to cause a spyware module to be installed. Sometimes just clicking to exit an annoying popup will do it. Knowing when to click — and more important, when not to click --— takes some experience and knowledge.

Knowledge and a few key tools will give you confidence to help keep your systems spyware-secure.

A typical company with 3,000 employees spends $2 million to $7 million combating spam each year, according to research firm Gartner.

One of the fastest-growing Internet threats, spyware, is expected to drive these costs even higher.

Research firm IDC expects anti-spyware spending to climb from $31 million in 2004 to $305 million by 2008.

A HITHERTO OBSCURE security expert and software colossus, based in Redmond and called Microsoft has warned of a new generation of spyware that is almost impossible to detect.

According to Computerworld, Volish experts told the RSA security conference that system monitoring programs, or "kernel rootkits", are undergoing a transformation at the moment.

During his keynote speech at the at the RSA Security Conference Bill Gates announced that the Microsoft AntiSpyware will be offered for free.

'We've looked hard at the nature of this problem, and made a decision that this anti-spyware capability will become something that's available at no additional charge for Windows users -- both the blocking capability, and the scanning and removal capabilities.'

Symantec and McAfee leveraged the RSA Conference Monday to launch enterprise-wide battles against spyware. Both major security vendors touted new enterprise anti-spyware solutions.

As recently as a year ago, attention to spyware was low on the enterprise totem pole, said David Friedlander, a senior analyst with Forrester. Not so now. In 2005, he predicted, 65 percent of U.S. companies will purchase or upgrade anti-spyware software, making the category the most-purchased security technology for the year.

SAN JOSE, Calif. (AP) -- Unwanted programs that spy on PC users, deliver pop-up ads and track Web surfing habits will be a hot topic at a security conference that's usually more focused on viruses, hackers and the encryption of sensitive information. So-called spyware and adware have been around for years but have largely been viewed as more of an annoyance than a security threat.

A Miami businessman is suing Bank of America over $90,000 he says was stolen from his online banking account in a case that highlights the thorny question of who is responsible when a customer's computer is hacked into.

Joe Lopez, 42, said in a complaint filed Thursday in Circuit Court in Miami that Bank of America was negligent and failed to protect him from online banking risks it knew about.