Slashdot Mirror
Keystroke Logging Increases
JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "
"Next year to be really, really scary on the computer security front", says a company which makes money from designing Comprehensive Solutions to Security Threats yet cannot decide whether keyloggers are silent but lethal or whether they have observable symptoms like a system slowdown (because you KNOW your 1 GHz Pentium just crawls when it tries to do processor-intensive tasks like parsing keyboard input). Honestly, these kind of folks give security research a bad name. Its like the doctor down the street who says "Hey, AIDS cases are likely to increase next year -- symptoms include coughing or feeling less energetic than you usually do. Be afraid!"
Help poke pirates in the eyepatch, arr.
Perhaps I'm too old school; I reserve the title 'hackers' for people who do creative and interesting 'hacks', indeed when seeing it used in a disparaging way I know I'm dealing with the ignorati.
"Everyone is entitled to their own opinion, but not their own facts."
The first line of defense against these things is avoiding the trap of downloading things that may contain them. Same old saw: don't download anything from people you don't know or trust. Don't open suspicious emails. Problem is, no matter how much you say it, the common computer-user doesn't heed the warnings. People are too gullible for their own good and there are so many get-rich-quick, boy-that-sounds-interesting types out there that its only a matter of time before one of these things spreads
Of course, what the article fails to mention is the corporate use of keyloggers, to see just what you've been saying on Slashdot, or worse, the number of people who install them on purpose to trap an unwary spouses or their mischievous kids.
Ultimately, we should all be installing anti-keylogging software right along with our anti-virus. That will work, until the forces of evil come up with the next generation of spyware.
GetOuttaMySpace - The Anti-Social Network
Rootkits are getting more and more scary. The techniques they use use to hide them are getting better as well. If you get a guy who really knows what he's doing, you'll have no idea something is even there.
Why spend actual money (even a low-end PC costs you what, a couple hundred dollars) just because of the hype, especially when you know darn well the likelihood of it ever getting booted up is zilch (particularly if technologically less-than-savvy people get an urgent "Don't wait, update your account information today!" email in their inbox -- which, incidentally, leaves them 100% as screwed no matter what Linux distribution you're using)
Help poke pirates in the eyepatch, arr.
For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt.
... It's not as easy as you say to find out when a machine has spyware.
And what make you think it's not aldready happenned ? Maybe you're just not aware of it now.
The Sony rootkit has been running on thousands of computers for months without anyone to notice it
wtf.n0x.org
What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time.
Of course there are programs out there doing exactly this - custom made, highly targeted attacks. Just because the standard "look for all the well knowns" don't see it doesn't mean it isn't there, it just means it hasn't been as widespread of an attack to make it visible to them (or it could just be relatively quiet. As we know, Sony was busy owning machines across the land for some time before someone noticed). Of course to defend against event hook detection it would have to install a rootkit, and some of the rootkit detection tools are getting better (though the rootkit people are going to adapt - soon you'll have to run rootkit detection from a bootable CD).
Hrmmm...I wonder if a non-privileged account can install a key sniffer: I do as "su" (RunAs) when I need to launch a system tool as administrator, and I wonder if a keyboard sniffer could capture my password, or whether it itself would have to be installed by an admin.
Since the whole OS is on CD, it's fairly immune to the traditional spyware strategies (being Linux helps a bit as well ;) ).
Fortunately I do my keylogging with a keyboard dongle, which is cross-platform and supports linux.
Unless the attacker has replaced ps with a version that will not show the keylogger. And, of course, you always run 'ps' first of all when you log in and before you type in any important passwords, don't you?
Real Daleks don't climb stairs - they level the building.
Hackers are likely to release more than 6000 keylogging programs this year.
They're also likely to release more than 6,000,000 keylogging programs this year. They're also likely to release more than 1 keylogging program this year.
What a stupid statement. oh wait, its from a vaporous, dot-bombish, DC-metro "computer security" company looking for page hits, blogs, and "press release" publicity on Yahoo! Finance.
I want to delete my account but Slashdot doesn't allow it.
Part of the problem with computers getting bogged down and popups coming out the wazoo is that more than one program can (and probably will) slip in through the same IE exploit.
So it doesn't really matter how many uber-l33t pieces of crapware are out there, because there will always be people exploiting the same holes but doing it with buggy programs.
[Fuck Beta]
o0t!
If you're only going to use one, the one from MS is not such a bad choice, in my experience - it's really pretty thorough. Of course, when I'm being rewarded with beer for fixing machines from friends and relatives, I never use just one, because there doesn't seem to be one single product that can do it all. YMMV.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Not really: there are hardware keyloggers that can be built into the keyboard. Nobody is going to see that one. Of course, everybody here knows that once you've got access to the hardware, you've essentially have access to the machine.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard.
Once again emphasizing that if you don't have physical security of the system, little else matters.
I've been doing some network consulting for a Dr's office (to help their HIPAA compliance), and the physical security of their systems is completely out of their heads. The hardest thing to do in the whole project is convince them to (and how to) harden the boxes in case the black hat is sitting RIGHT THERE (or steals a box to take with them).
Computational Chemistry products and services.
I think a hardware keylogger would be a lot easier to spot than a software keylogger to the average 'non-tech' user.
Then you sir, have never helped a non-tech friend/relative 'fix their broken computer' only to discover that something was unplugged. Its mind boggling, but the sheer volume of cables behind the average PC (despite being simple and color-coded) means that the user pays little attention to them. Though I haven't seen one, I don't imagine a hardware key logger is hugely different in size/shape than a PS/2-USB converter. Plenty of people have those on their machines, don't know what they are, and don't question them.
Actually, when some independent outfit (I forget who, but it was reported here on /.) tested the various anti-spyware/adware apps, M$'s product came out #1, with the highest percentage of finds and kills. This isn't really so surprising when you remember that it is just the old Giant antispyware, an enterprise-class product, which M$ bought and apparently changed very little prior to releasing under their own name. Not that relying on a single solution is wise, but if you've got to pick just one (as may well be the case with an average user, who needs one that -- like M$'s -- will run in the background and not make them have to deal with it) M$'s antispyware is probably the best choice at the moment.
... and who makes their firewall stop and query their email client each and every time it sends or receives anything??**
And using Firefox and Thunderbird helps stop popups and some of the more obvious vulnerability routes (like that invention of the devil, ActiveX) but they won't save you if a keylogger does find its way aboard via some other route. Nor will a firewall stop a keylogger from phoning home, since to get around firewalls, they send their data via ordinary email in the background
And imagine a keylogger that uses, say, the Sony rootkit to stealth itself... people who believe themselves safe because they did all the recommended updates and run all the "safe" apps may still encounter something this devious (Sony doubtless isn't alone, they just got caught!) and this easily exploited, that even current protection measures don't yet stop.
** Occurs to me that a good feature for an email client is a "check destination" function where if the recipient wasn't entered by some essentially manual route (address book, hit reply, type into TO field) it stops and asks if you really want to send mail to Unknown Recipient X.
~REZ~ #43301. Who'd fake being me anyway?
Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)
That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.
Computational Chemistry products and services.
In trying to assist the average Windows user, I think Microsoft could do something to help aid fight against unauthorized spyware/viruses:
When I open the task manager to view all my running processes, there are usually a ton of programs running. Some I recognize (explorer.exe, System, firefox.exe, etc.) but some I have no idea what they are. Some are from my firewall (BlackIce), some are anti-virus (mcshield.exe), some are other system processes (mdm.exe: the machine debugger), and some I just plain do not know what they are. There are various sites where I can search for these programs, but when there are 50-60 in the list, it gets quite tedious. What would be nice is if the task manager actually produced a mouse-over popup (much like an 'alt' tag in HTML) that gives information about the process. Now this would have to be part of task manager, and not a factor of the application, or malware could just say that its some important legitimate file. I don't know if this is possible, feasible, or even necessary, but I know it would make it a whole lot easier for me to examine all of my currently running processes.
Just a though in light of the keystroke logging article.
And they said zombies weren't real!