A security software company says that though the majority of spyware is aimed at gathering commercial information about users, a healthy proportion is aimed at gathering security information.
Aladdin Knowledge Systems conducted a two-month-long study of the top 2,000 known spyware applications, breaking the software down into "severe," "moderate," and "minor" threat groups.
According to the company, 15 percent of the spyware it studied was designed to steal passwords, log keystrokes, gather administrator password hashes and otherwise look for personal information.
Twenty-five percent of the software the company examined was classified a "moderate" threat, designed to analyze key system information such as the host and domain names of the infected system, process logs, security applications, internal IP addresses, and service pack versions.
Sixty percent of the spyware analyzed was classified as a "minor" threat, gathering what the company described as "commercial-value" information such as common search keywords and browsing habits.
"The study illustrates that a growing amount of spyware is specifically designed for identity theft and continues to compromise both personal and commercial privacy, with potentially dangerous effects for large organizations in need of protecting proprietary information," the company said.