In just a couple of years, computer users have learned a lot about online threats. No need to explain what “spyware” means, we all know it. Or us?

If software collects information without users’ knowledge and transmits it, such a program is usually automatically labeled as “spyware” no matter how valuable this information is. It can be relatively innocuous code to collect users’ browsing habits, or extremely dangerous software specially created to monitor and commit unsolicited cybercrimes, such as identity theft or espionage.

In SpyAudit’s classification, the latter are called System Monitors. Here belong programs such as keyloggers and more advanced programs based on keyloggers, which can intercept not only keystrokes, but also capture text from application windows and clipboard content, take screenshots, in other words, everything he does. This is a particular type of software specially created to steal valuable information.

“There has been a recent wave of system monitoring tools disguised as email attachments or free software products,” the experts warn. (see http://www.earthlink.net/spyaudit/press/) Keyloggers can hide in viruses or even sneak into a PC while a user is visiting a website.

Users have become smarter and try to protect our data. Many programs are created to counter spyware. Why is data theft flourishing then? Unfortunately, the “means of defense” are, as is often the case, half a step behind the “means of attack”.

Generally speaking, most antispyware works like this: it scans the operating system for suspicious code snippets. If the program finds any, it compares these suspicious pieces with fragments of code (called signatures), which belong to already detected and “caught” spyware. The signatures are kept in the so-called signature base, the inseparable part of any anti-spyware program. The more signatures it contains, the more spyware will be detected by that program, so your PC will be more effectively protected. As long as you update your anti-spyware regularly and the system is not running into some unknown spyware product, everything will be fine.

The problem is that some keyloggers are written to be used only once. These “custom-made”, or should we say, “custom-made” keyloggers are extremely dangerous, because they will never be detected by existing anti-spyware software that uses signature databases.

Keylogging software is relatively simple and not too difficult to compile. Even an average computer programmer can write a simple keylogger in a couple of days. A more sophisticated one will take longer to make, of course, but not too much. Hackers often compile the source code of various keyloggers (these are easy to find on the Web, for those who know where to look) and get a new one with an unknown signature even faster. If a keylogger can be installed remotely without the victim’s knowledge, it gives a hacker a great chance to steal any information he pleases.

However, now most antivirus and antispyware vendors claim that, along with signature databases, they apply heuristic algorithms to detect spyware. It means that your products can now catch more “spies” than your signature bases contain. To verify this, the experts at Information Security Center Ltd recently carried out a simple test.

The test simulated a situation where a thief applies a custom keylogger compiled from freely (!) available source code on the Internet. The testers did what a thief with some programming skills can easily do: they took the source code from the Internet and compiled 9 keyloggers. These “test spies” were then used to check if the world famous anti-spyware would detect anything. The results turned out to be shocking: 28 out of 44 antivirus and antispyware software products couldn’t do anything, they didn’t detect anything. 10 products managed only 1 spy out of 9; 5 programs caught only 2 out of 9. The only product that blocked all 9 spies was a dedicated anti-keylogging solution based solely on heuristic algorithms with no signature base.

To read more about this trial visit [http://bezpeka.com/en/lib/antispy/art2869.html]

Not using signature base analysis at all is a relatively new trend in software development. This approach is quite promising; It means that such a dedicated anti-keylogging product, already in existence, can counter even custom-built spies.