When 19-year-old online trader Van Dinh bought options on Cisco Systems Inc. in 2003 using an online broker, he didn’t expect the trade to turn as sour as it did. Facing thousands of dollars in losses, the Pennsylvania teen turned to the nefarious means of spyware to reduce his hit.

Dinh sent an e-mail to an online stock discussion forum touting a new stock-charting tool he had developed, and urging people to download and test it. However, the software was really The Beast, a key-logging program able to surreptitiously monitor a computer user’s keystrokes and relay that information to a third party.

Dinh was able to obtain the password and ID of a TD Waterhouse accountholder in Boston who had downloaded the program to his computer. After obtaining the Boston man’s confidential password, Dinh executed a series of option trades using his own account and that of the TD Waterhouse account-holder, which had the effect of reducing Dinh’s losing position on the Cisco options and left the Boston man holding the bag with a US$46,000 loss.

Dinh was later caught and charged by the Securities and Exchange Commission, but the case highlights the ease with which hackers can gain access to confidential information through the improper use of spyware programs. “Spyware” is the name given to software that tracks computer activity and gathers data about a person’s online habits.

For example, some programs, known as “adware,” track the Web sites a person visits and automatically presents related information during their searches. So if someone is looking for information about a play, a pop-up window might present the chance to buy tickets.
Other spyware programs, however, allow a third-party to dig into a computer and steal information.

“Spyware has become a lot more malicious,” says Greg LePard, a security expert with Network Builders Inc. in Markham, Ont. “Spyware is like a voyeur looking at your system. You have to be concerned.” LePard refuses to engage in online commerce, such as online banking or shopping: “I know better. I will not take that risk.”

“The purpose of spyware is to get confidential information,” says Tom Gregorski, a technical consultant at eDrivium Corp. , a Toronto IT security consulting firm. “Essentially, it steals information.”

Kevin Cork, a certified financial planner with FundTrade Financial Corp. in Calgary, calls spyware the “No. 1 danger to advisors.”

“It is a lot more prevalent than people realize,” he says.
The keyloggers — programs that nefariously monitor computers systems and allow unauthorized users access to confidential information — are the worst, he says, adding, “The biggest problem is the potential liability, especially because advisors are storing a lot of personal information about clients [on their computers].”

What should concern advisors is the prevalence of spyware. LePard estimates 90% of the world’s computers are infected with some type of spyware system.

Part of the problem, he says, is that advisors fail to maintain their computers or install the appropriate security patches, issued by software makers such as Microsoft Corp., for their browsers.

Advisors can infect their computer with spyware by simply clicking on banner ads, downloading software or screensavers from the Internet, or even clicking on links to jokes that people send them. When they do that, the program is unknowingly downloaded into their computer. Free file-sharing programs, such as those that allow music to be copied, are some of the worst distributors of spyware, the experts say.

Spyware is not like a virus, which attacks a computer or carries out some type of activity that is usually noticeable. Most people can’t tell if their systems are infected with spyware, although a preponderance of spyware programs on a computer will slow it down noticeably.

“The whole point of spyware is to be undetectable by users,” says Gregorski. “You may have spyware for years, and not know about it.”

Spyware can be combated with a growing number of software systems and processes designed to detect such programs and protect computing systems from them.

First, there are a number of Web sites advisors can check to see if their computer is infected with spyware. Cork suggests trying Computer Associates International Inc. ’s consumer online store at http://home.ca.com. It has a scanner that can examine computers online and report on the presence of spyware.

@page_break@There is a lot of free software on the Internet that will scan computers and remove spyware, but, LePard says, advisors are better off purchasing anti-spyware software that continually scans the system — similar to an anti-virus detector — and removes spyware or prevents it from entering.

Some popular programs are:

> SpySweeper from Webroot Software Inc. (www.webroot.com). It retails for US$29.95 and has won accolades from PC Magazine.

> Trend Micro Anti-Spyware from Trend Micro (www.trendmicro.com), which also retails for US$29.95.

> eTrust Pest Patrol from Computer Associates. It likewise retails for US$29.95.
Each company provides some type of free scan or demo version to test. As well, each has literature on its site explaining what spyware is and how it works. The Web site at www.spywareinfo.com also has a wealth of information about combatting spyware.

Protecting your computer is only one aspect of fighting spyware. Tara Shaw, director of sales and marketing at eDrivium, says financial advisors need to deploy a “multi-tiered approach” that starts with the gateway into the business.

She says advisors should install firewalls at the point of their Internet connection; that not only stops spyware from entering but also ensures that even if something gets in, it cannot send information back out through the gateway.

It’s a more robust and a costlier solution, but firewalls can also combat computer viruses and worms.

“They are much more widespread today,” Shaw says. “The damage to your reputation can be severe.” Especially if confidential client information leaks out. IE