Information Security & US & Life & Love & Fashion & Hacking & Passion

Careful, iPhone users: Your smart phone may be smarter than you think.

On Thursday researchers at Finnish cybersecurity firm F-Secure said they have spotted the first known instance of iPhone "spyware" called Mobile Spy, a piece of commercial software that sells for $99 a year.

Mobile Spy developer Retina-X Studios says the software can invisibly track the call logs, text messages and even the GPS data of any iPhone it's installed on, allowing the eavesdropper to track the user's whereabouts on a Web site that hosts the stolen data.

"Mobile Spy will reveal the truth for any company or family," the company's site advertises. "You will finally learn the truth about [your family members' or employees'] call, mobile-Web and text-message activities by logging into your Mobile Spy account from any computer. The world's first iPhone spy software!"

Smart phone spyware for other platforms isn't new: Commercially available spyware for Windows Mobile and Symbian operating systems have existed for years. But Mobile Spy's software is the first spyware vendor to target Apple's (nasdaq: AAPL - news - people ) growing marketshare in the telecom world.

While Mobile Spy currently targets only iPhone 3G users, another vendor known as Flexispy advertises a similar program that is compatible with both iPhone versions launching Dec. 21. Both programs require the user to "jailbreak" their targets' iPhone, a simple software hack that allows applications not approved by Apple to be installed.

Since before the iPhone's 2007 launch, cybersecurity researchers have been warning about the potential for malicious software that could secretly install itself to steal passwords or use the iPhone to send spam--just as cybercriminals have long been hijacking PCs (see "Hacking the iPhone"). While hackers have demonstrated those kinds of exploits in theory, "in the wild" threats have yet to appear. And cybercriminals aren't likely to use commercially available software like Mobile Spy and Flexispy to infect victims via the Internet.

As much as antivirus companies trumpet their evolving abilities to root out viruses, worms and Trojans on your PC, the cybersecurity industry leaves out one important piece of information: all the malicious code they're not detecting.

Luckily, someone is scanning the scanners. On Thursday, the Austrian nonprofit firm AV-Comparatives released its annual report based on a year of testing the cybersecurity industry's antivirus offerings, systematically pitting each one against more than 3 million samples of malware pulled from computers around the world.

The best performers in the firm's tests? Two names most Americans have never heard of: the German company Avira and the Slovakian firm ESET. And those rankings, cybersecurity analysts say, may reflect just as much on the industry's growing pains as they do on the two firms' ability to clean up your hard drive.

Avira, based in Tettnang, Germany, won AV-Comparatives' label as the overall best antivirus product of 2008, based on its ability to pull more malicious files off hard drives than big name competitors like Symantec (nasdaq: SYMC - news - people ), McAfee (nyse: MFE - news - people ) and Microsoft (nasdaq: MSFT - news - people ) in less time and with less impact on a PC's performance.

In the latest AV-Comparatives tests performed last month, for instance, Avira found about two-thirds of the previously undetected malware--collected over a four-week period--installed on the machines it scanned. ESET's NOD32 program found 51%. Symantec and Microsoft, by comparison, found only 44% of those samples, while McAfee's detection rate was below 30%.

Cyber Monday may not be the digital shopping extravaganza it was once purported to be. But even if consumers are spreading out their online sales, cybersecurity firm Webroot software believes the Monday after Thanksgiving will still be a special day: The company issued a warning last week that Dec. 1 is still the most likely 24 hours of the year to have your banking information stolen by cyber fraudsters.

That's been a common refrain from security researchers in years' past. And Webroot's recommendations--including updating security software and buying from trusted sites--makes sense. But just how worried should online shoppers be? (Back to main story: "Holiday E-Deals Come Early.")

Much of the hype around Cyber Monday's cyber threats is overblown, says Patrik Runald, a security researcher with software company F-Secure. To steal your banking codes while you use a site like Amazon.com (nasdaq: AMZN - news - people ) or eBay (nasdaq: EBAY - news - people ), hackers would need to place hidden "keylogger" software on your computer. And F-Secure, he says, has never tracked a spike in that kind of malicious software either on Cyber Monday or even in the weeks leading up to it. This implies that hackers aren't using the opportunity to infect PCs for future fraud, either. "Cyber Monday is just another day for us," he says.

There are still reasons to shop with care. Runald warns of Cyber Monday-themed "phishing" e-mails that impersonate messages from legitimate sites and send consumers to lookalike pages designed to steal passwords, he says. Security researchers have also warned that search engines could be populated with fake pages that impersonate retailers.

But navigating directly to a known site will be as safe on Monday as it would be on any other day. In fact, while F-Secure tracks about 30,000 new samples of malicious software daily, Runald says he rarely sees noticeable bursts of new identity theft software.

"We don't really have doomsdays anymore,” he says. "We get so many new samples all the time that it's hard to see a spike on any particular day.” (Back to main story: "Holiday E-Deals Come Early.")