The latest SpyAudit study from EarthLink has revealed a marked rise in the incidence of malicious spyware. Trojans in particular are fast becoming a major security threat.

The 2004 figures, gathered by scanning the American ISP’s large base of PC consumers, showed that instances of Trojans rose by 114 percent. Spyware-monitoring software grew by 230 percent. The number of Trojans discovered rose from a total of 130,000 out of 700,000 scans in the first quarter, to 254,000 from almost 1.4 million scans at the end of the year. This hides a marked acceleration in the last three months after a quieter summer period.

The Trojans mentioned in the study include those capable of key-logging, and the capture of confidential data and screenshots – techniques growing in popularity among phishing criminals. The total number of spyware detections during the whole of 2004 was 116.5 million, from a total of 4.6 million scans performed.

Other forms of spyware including system monitors, adware and ad-tracking cookies, increased markedly throughout the year as well as in the final quarter covered by SpyAudit. The amount of spyware found on the average PC remained constant through the year at around 25, although this figure includes cookies, which many users consider to be of low security significance.

Judging by these statistics, the figures used to measure the threat of spyware are exaggerated in absolute terms – counting cookies for instance – but the rise of the Trojan still strikes a troubling note. Despite the fact that the software used to carry out an undisclosed portion of the scans was from antispyware-vendor Webroot, figures from an ISP customer-base deserve close attention.

It is hard to assess whether raw statistics are the best way to fully document the threat posed by Trojans. What will come to matter is less the number discovered on the PCs of ordinary internet users, and more the havoc they are able to wreak. This will vary form Trojan to Trojan.