The cost of spyware

Last week I wrote about a piece of software called vx2 and loyal reader and constant warrior against the evil forces of malware Scott Hutchinson wrote in to ask, “Why would a user be enticed to install vx2? What does the user think it will do for him?”

Good question. Vx2 became famous for being included in the AudioGalaxy Satellite file-sharing system, but a user outcry got it removed in November 2001. Today, vx2 and its variants can be found in a “free” viewer for adult video content and the “free” products from Mindset Interactive.

According to PestPatrol, “it is hard to tell where this piece of spyware originated. It was first seen as Blackstone Data’s Transponder, but repackaged versions of the same product are popping up under several different companies.” PestPatrol lists the aliases of the code and sources of each as Transponder from Blackstone Data; vx2, RespondMiter and Sputnik from vx2, Corp.; Aadcom Extreme Targeting from Aadcom; NetPal from NetPalNow and also Mindset Interactive.

Even worse than vx2 is SAHAgent (aka Golden Retriever, ShopAtHome and ShopAtHomeSelect). Ed English, CEO of InterMute, which publishes a spyware-removal utility called SpySubtract, tells me that the latest version of SAHAgent installs under Windows as a Winsock 2 Layered Service Provider (LSP) and does sneaky things such as redirect browsers to merchant sites to generate affiliate fees.

So let’s say you find SAHAgent installed and you want to get rid of it. But wait a minute – there’s no uninstall routine. And if you try to delete SAHAgent’s registry entries and files, you will probably find your network connections no longer function because SAHAgent is an LSP, something that is pretty tricky to remove.

And I haven’t mentioned Claria yet. Claria, which used to be called Gator, is one of the most notorious publishers of adware (got to be careful there, the company has apparently taken to suing anyone who calls its code spyware). Gator has long been one of the poster bad boys of the adware world.

The reason it is still in the game? Adware pays. In fact, just a couple of weeks ago, Claria filed for an IPO to raise $150 million to continue developing what the company is pleased to call a behavioral marketing platform.

But so far all we have discussed is commercial spyware. There is also the bad-guy stuff: Software that acts as key-loggers, Simple Mail Transfer Protocol relays for spammers, password capturers . . . you name an attack or intrusion, there’s some spyware that does it and could do it to your network. There are even dialer spyware programs that will place long-distance calls using your modem in an attempt to rack up huge call charges to 900 numbers.

If you’re starting to think these programs are dangerous, you’re right. They often slow down browsing and overall PC performance, can make your system unstable, and waste huge amounts of time and money. And on top of that, hacker-type spyware easily can bypass every bit of security you have, creating horrendous security problems.

So what might spyware be costing you? We’ll start by assuming a fully loaded user salary is $72,000 per year and there are 260 working days per year. If a spyware infection involves nothing more than getting rid of it when found, and that process takes the user and the support person she works with, say, two hours to fix, then we’re looking at a cost per incident of:

($72,000/260 days)*((2 people * 2 hours)/(8 hours per day)) = $138.

In a 1,000-person organization with a spyware infection rate of 5% per month we would have some 600 cases per year for a total cost of around $83,000. And if a dialer goes into action that could be a low figure!

We’ll consider this some more next week. Your spyware experiences to backspin@gibbs.com.