Slashdot Mirror
Keystroke Logging Increases
JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "
For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys... A small background prcess could do this, and store locally, detect when a big download is started to camouflage its own traffic to the server by sending it while the big file gets downloaded. The day that that happens: we'll be all screwed.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
I've been considering building some sort of e-commerce appliance for my less technically-inclined family members...essentially a low-end PC that will only boot off a Puppy Linux CD. All online financial transactions would take place only over this PC. Since the whole OS is on CD, it's fairly immune to the traditional spyware strategies (being Linux helps a bit as well
____
~ |rip/\/\aster /\/\onkey
I work for a university and supervise multiple public computer labs for students.
One of our employees decided it would be a brilliant idea to install a key logger on a handful of our computers. Our security software would have easily detcted/prevented the installation, but this employee had administrator passwords, allowing him to bypass the security software (since then, passwords have been restricted, which leads to massive inefficiency but higher security). He quietly disabled the security - especially anti-virus - software on these computers and let the program do its work.
The key logger was discovered approximately 6 weeks later when an icon for it randomly popped up on the desktop (I do not know the name of the key-logger software). A patron reported the strange icon, and the lab assistant reported it to management.
All 600 people who had used these computers in the last 6 weeks were notified almost immediately of the breach and instructed to change all their passwords and monitor their credit reports for suspicious activity. A lengthy FBI investigation began, and finally one employee was singled out. Luckily, there is no evidence he used any of the information he had gleaned from these computers.
This employee faced jail time, but ended up accepting a plea bargain for 5 years probation and a $5,000 fine. He has since fled the country.
Moral of the story - these things are quite serious when installed on the right computer, and those that install them in person could receive jail time. Now, even one hint of a key logger appearing on a computer in the labs is enough to drag in all of our technical staff at any hour to heavily investigate and reimage all nearby computers. We'd rather not have to go through any more investigations with the FBI.