15% of corporate PCs have keystroke loggers

According to David Aucsmith, architect and CTO, Security Business & Technology Unit at Microsoft, 15% of corporate PCs have key stroke loggers.

To quote the article:

In another study of spyware penetration, it was found that 15 percent of corporate machines had keystroke loggers, Aucsmith said, noting that it's "an extremely big cost for us (at Microsoft Corp.) -- dealing with spyware on our boxes."

So it's not clear if that is a Microsoft internal number or a study somewhere. I can't find a study that mentions that percentage of penetration by keystroke loggers. If the percentage is that high for corporate PCs, it must be huge for home PCs.

As Aucsmith pushes for stronger authentication, better firewalls, etc. he notes that:

"We've seen an explosion of criminal enterprise moving onto the Net in the last 18 months or so," he said in describing hacker motivation trends. "It's no longer just for kicks. It is for making money."

I think people need to realize this. It's not clear to me that people understand that the same people sending spam are trying to steal their identity.

This is the first time that I have seen this:

Most now have a financial variant. "Bots are very cleverly used now," Aucsmith said. First they become a spam relay. When that gets shut down, they become Distributed Denial of Service facilitators. Later they can become keystroke loggers hunting for financial or software license information.

I guess I always assumed that a good trojan would do all of those at the same time.