Keystroke Logging Increases

JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "

Bundled with spyware?

[jawtheshark]

At least that's what the article seems to imply. So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot.

For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys... A small background prcess could do this, and store locally, detect when a big download is started to camouflage its own traffic to the server by sending it while the big file gets downloaded. The day that that happens: we'll be all screwed.

Re:Bundled with spyware?

[cwtrex]

"So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot."

That's what I keep saying. Unfortunately, I have people above me who insist on only using Microsoft's Windows Defender (aka antispyware). Poor misinformed souls. They seem to be anti-firefox too. Must burn their bottoms everytime they see me logging a call or ordering a replacement part with good ol' Firefox. :) Anyway, more on topic, you forgot to also suggest keeping your anti-virus program up-to-date.

Re:Bundled with spyware?

I found a keylogger immediately after it had gotten installed using the following method. "Find Files" on C: modified in the last day. Then sort on date/time and look at the most recent. That found the keylog files. I then used Winhex to inspect the memory of the program that I had found running and discovered it was trying to send the information to a darksingh666@hotmail.com

Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)

In any case, the method is useful for detecting unknown non-rootkit loggers that don't encrypt their data. Works on all the corporate spyware our company install to make our PCs behave like 486s.

Re:Bundled with spyware?

[theLOUDroom]

That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.

Real vision would have been to send him what looked like a normal batch of keylogged information, but that was actually a trap.
There are all sorts of options that come to mind:

• A "web bug" (transparent gif) to find his ip address.
• Opening up a bank/CC/paypal account with a couple hundred dollars (whatever you need for felony charges) and conveniently leaking the info to him. (After notifying the authorites that anybody withdrawing money from that account should be arrested immediately.)
• Doing the above but with a phonecard or other prepaid service to find more personal info.
• Playing mind games by making it look like you actually have managed to get the FBI to do something... "Yes, I'm sure that his email address. You'll be busting down his door this Tuesday, that's great!"
• Leaking URLs to something like BO2K and calling it you company's hot new, pre-release software product.
• Pulling a 419-style scam
• Make him think he's uncovered a plot to commit murder/terroism (get him to show up at the police station for you)
• Setting up a bogus web anonymizer/IRC server/warez server/etc and leaking him the access information. (Something where he'll want lots of data so he won't use a proxy in Russia.)

If this happened to me, I would spend a few days mulling over how to best nail this guy in a way that would be both legal and effective. You want to be able to go to the autorities with more than just a Hotmail address that was probably set up with false information and accessed via proxy.

Password Security

[TubeSteak]

Password Security doesn't mean a damn when you're getting logged or someone is sniffing them over a network

Change your passwords regularly.

If that's too much trouble, rotate easy to remember (yet secure) passwords

While you're at it, change the password on your luggage.

Possible market for a secure e-commerce appliance?

[TripMaster+Monkey]

I've been considering building some sort of e-commerce appliance for my less technically-inclined family members...essentially a low-end PC that will only boot off a Puppy Linux CD. All online financial transactions would take place only over this PC. Since the whole OS is on CD, it's fairly immune to the traditional spyware strategies (being Linux helps a bit as well ;) ). With this latest news, I'm thinking such a 'e-commerce appliance' might make a dandy and well-appreciated Christmas gift.

No laughing matter...

[ChePibe]

I work for a university and supervise multiple public computer labs for students.

One of our employees decided it would be a brilliant idea to install a key logger on a handful of our computers. Our security software would have easily detcted/prevented the installation, but this employee had administrator passwords, allowing him to bypass the security software (since then, passwords have been restricted, which leads to massive inefficiency but higher security). He quietly disabled the security - especially anti-virus - software on these computers and let the program do its work.

The key logger was discovered approximately 6 weeks later when an icon for it randomly popped up on the desktop (I do not know the name of the key-logger software). A patron reported the strange icon, and the lab assistant reported it to management.

All 600 people who had used these computers in the last 6 weeks were notified almost immediately of the breach and instructed to change all their passwords and monitor their credit reports for suspicious activity. A lengthy FBI investigation began, and finally one employee was singled out. Luckily, there is no evidence he used any of the information he had gleaned from these computers.

This employee faced jail time, but ended up accepting a plea bargain for 5 years probation and a $5,000 fine. He has since fled the country.

Moral of the story - these things are quite serious when installed on the right computer, and those that install them in person could receive jail time. Now, even one hint of a key logger appearing on a computer in the labs is enough to drag in all of our technical staff at any hour to heavily investigate and reimage all nearby computers. We'd rather not have to go through any more investigations with the FBI.

PR Plant

[CupBeEmpty]

this really seems to be a PR plant by iDefense (they seem to be spending a little marketing cash to get us worried about keyloggers)

Other planted articles that are startlingly similar:
The actual verisign press release with a cute graph
PC World with a seemingly verbatim copy of the press release
Again from Tech News World
And C|Net's news.com.com even copies the fun and [extreme sarcasm]ever so statistically meaningful[/extreme sarcasm] graph

It is nice to note that VerisSign's Nasdaq abbreviation appears in all of these articles within the first sentence. So I wouldn't be too worried because its not surprising that VeriSign wants us to fear keyloggers.

That's MS Passport for you...

[HermanAB]

Sending all your paswords to a central authority - wasn't that what MS Passport was all about?