Full Text

With every new advancement in networking speed and usability, it seems, comes a parallel increase in risk. The good news is that vendors, too many to count, are feverishly working to combat each new threat as it arises and anticipate ones on the horizon. The bad news is that actual and would-be hackers are running neck and neck with them all the way.

One of the latest threats to grab the spotlight is spyware. Almost unheard of just a few years ago, spyware has moved center stage in the security industry's ongoing battle against Internet intrusions.

Spyware usually infiltrates a user's system through pop-up windows, ads or spam, offering freeware that a user willingly downloads. (More insidious forms of spyware can sometimes land on a system even when a user isn't consciously downloading anything, but instead just clicks on an offer for a free product or service.) Once it's in place, the software can track the user's surfing patterns and transmit them back to the spyware's originator, who then can use the information for anything from merely annoying applications, such as targeted marketing, to more nefarious tasks, such as trying to break into computer systems.

This isn't just theoretical. Last fall, a gang of hackers broke into computers at a London-based branch of a Japanese bank and attempted to steal more than $400 million. Investigators on the case are looking into the possibility that the hackers gained access to the bank's computers via a spyware application.

Given an awareness of the spyware issue-indeed, of security issues in general-that's fair, at best, the potential for violations such as what happened in London is increasing. In March, security vendor SurfControl released a report finding that while 90 percent of the 7,500 businesses it surveyed had established e-mail usage policies, only about half of them had set up similar policies for instant messaging and peer-to-peer communications, leaving them vulnerable to spyware-type attacks. Akonix Systems, an IM security company based in San Diego, has reported that the number of attacks on public IM networks-usually delivered via attachments enclosed in a message-has tripled since last year.

Meanwhile, the use of bot nets, which are collections of compromised computers controlled by a single person or group, also are on the...