Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keystroke Logging Increases

Posted by Zonk on from the not-a-friendly-neighborhood dept.

JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "

44 of 204 comments (clear)

  1. Bundled with spyware? by jawtheshark · · Score: 5, Interesting
    At least that's what the article seems to imply. So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot.

    For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys... A small background prcess could do this, and store locally, detect when a big download is started to camouflage its own traffic to the server by sending it while the big file gets downloaded. The day that that happens: we'll be all screwed.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    1. Re:Bundled with spyware? by heffay · · Score: 3, Insightful

      Rootkits are getting more and more scary. The techniques they use use to hide them are getting better as well. If you get a guy who really knows what he's doing, you'll have no idea something is even there.

    2. Re:Bundled with spyware? by BokLM · · Score: 5, Insightful

      For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt.

      And what make you think it's not aldready happenned ? Maybe you're just not aware of it now.

      The Sony rootkit has been running on thousands of computers for months without anyone to notice it ... It's not as easy as you say to find out when a machine has spyware.

      --
      wtf.n0x.org
    3. Re:Bundled with spyware? by ergo98 · · Score: 2, Insightful

      What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time.

      Of course there are programs out there doing exactly this - custom made, highly targeted attacks. Just because the standard "look for all the well knowns" don't see it doesn't mean it isn't there, it just means it hasn't been as widespread of an attack to make it visible to them (or it could just be relatively quiet. As we know, Sony was busy owning machines across the land for some time before someone noticed). Of course to defend against event hook detection it would have to install a rootkit, and some of the rootkit detection tools are getting better (though the rootkit people are going to adapt - soon you'll have to run rootkit detection from a bootable CD).

      Hrmmm...I wonder if a non-privileged account can install a key sniffer: I do as "su" (RunAs) when I need to launch a system tool as administrator, and I wonder if a keyboard sniffer could capture my password, or whether it itself would have to be installed by an admin.

    4. Re:Bundled with spyware? by cwtrex · · Score: 2, Interesting
      "So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot."
      That's what I keep saying. Unfortunately, I have people above me who insist on only using Microsoft's Windows Defender (aka antispyware). Poor misinformed souls. They seem to be anti-firefox too. Must burn their bottoms everytime they see me logging a call or ordering a replacement part with good ol' Firefox. :) Anyway, more on topic, you forgot to also suggest keeping your anti-virus program up-to-date.
    5. Re:Bundled with spyware? by Anonymous Coward · · Score: 5, Interesting

      I found a keylogger immediately after it had gotten installed using the following method. "Find Files" on C: modified in the last day. Then sort on date/time and look at the most recent. That found the keylog files. I then used Winhex to inspect the memory of the program that I had found running and discovered it was trying to send the information to a darksingh666@hotmail.com

      Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)

      In any case, the method is useful for detecting unknown non-rootkit loggers that don't encrypt their data. Works on all the corporate spyware our company install to make our PCs behave like 486s.

    6. Re:Bundled with spyware? by general_re · · Score: 2, Insightful
      Unfortunately, I have people above me who insist on only using Microsoft's Windows Defender (aka antispyware). Poor misinformed souls.

      If you're only going to use one, the one from MS is not such a bad choice, in my experience - it's really pretty thorough. Of course, when I'm being rewarded with beer for fixing machines from friends and relatives, I never use just one, because there doesn't seem to be one single product that can do it all. YMMV.

      --
      ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
    7. Re:Bundled with spyware? by igny · · Score: 2
      protect your computer, use Firefox, Ad-Aware and Spybot.

      I am using Mac OS X, is there any danger for me? I mean, I don't have any antispyware tools, and several times I had to use sudo to install some open source software... I am too lazy and incompetent to check the source (or even Makefile) to be sure it is safe. Certain closed source software asked for admin privileges upon installation as well... How can I be sure I am safe from keyloggers? Yes, Mac zealots claim Macs are safe, but it may be false.

      <paranoid>Could my Mac be the only Mac which is infected???</paranoid>
      --
      In theory there is no difference between theory and practice. In practice there is. - Yogi Berra
    8. Re:Bundled with spyware? by Reziac · · Score: 3, Insightful

      Actually, when some independent outfit (I forget who, but it was reported here on /.) tested the various anti-spyware/adware apps, M$'s product came out #1, with the highest percentage of finds and kills. This isn't really so surprising when you remember that it is just the old Giant antispyware, an enterprise-class product, which M$ bought and apparently changed very little prior to releasing under their own name. Not that relying on a single solution is wise, but if you've got to pick just one (as may well be the case with an average user, who needs one that -- like M$'s -- will run in the background and not make them have to deal with it) M$'s antispyware is probably the best choice at the moment.

      And using Firefox and Thunderbird helps stop popups and some of the more obvious vulnerability routes (like that invention of the devil, ActiveX) but they won't save you if a keylogger does find its way aboard via some other route. Nor will a firewall stop a keylogger from phoning home, since to get around firewalls, they send their data via ordinary email in the background ... and who makes their firewall stop and query their email client each and every time it sends or receives anything??**

      And imagine a keylogger that uses, say, the Sony rootkit to stealth itself... people who believe themselves safe because they did all the recommended updates and run all the "safe" apps may still encounter something this devious (Sony doubtless isn't alone, they just got caught!) and this easily exploited, that even current protection measures don't yet stop.

      ** Occurs to me that a good feature for an email client is a "check destination" function where if the recipient wasn't entered by some essentially manual route (address book, hit reply, type into TO field) it stops and asks if you really want to send mail to Unknown Recipient X.

      --
      ~REZ~ #43301. Who'd fake being me anyway?
    9. Re:Bundled with spyware? by dsci · · Score: 4, Insightful

      Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)

      That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.

      --
      Computational Chemistry products and services.
    10. Re:Bundled with spyware? by xappax · · Score: 2, Informative

      Since more and more internet connections come over an RJ45 straight from the modem, or a wireless network, could the motherboard

      Connecting to the internet requires a lot more than an RJ45 connection. I'm not saying it's impossible, since as you say the physical connectivity is there, but all your motherboard (or NIC) knows how to do is send and receive "layer 2" datagrams to and from MAC addresses. All the data abstraction and interpretation that follows is done by software, usually one's operating system. At the very least, the motherboard manufacturer would need to write an entire TCP/IP stack implementation and somehow squeeze it into the BIOS. I guess if the need is great enough, some manufacturer would go ahead and include something like this in a flash chip. Then again, the more complex a BIOS gets, the security flaws it's likely to have, which weakens it's status as the one stage of the computer whose integrity you can trust.

      After all, if someone uses BIOS-based antivirus protection, why not just have your virus re-flash the CMOS?

    11. Re:Bundled with spyware? by theLOUDroom · · Score: 2, Interesting
      That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.

      Real vision would have been to send him what looked like a normal batch of keylogged information, but that was actually a trap.
      There are all sorts of options that come to mind:
      • A "web bug" (transparent gif) to find his ip address.
      • Opening up a bank/CC/paypal account with a couple hundred dollars (whatever you need for felony charges) and conveniently leaking the info to him. (After notifying the authorites that anybody withdrawing money from that account should be arrested immediately.)
      • Doing the above but with a phonecard or other prepaid service to find more personal info.
      • Playing mind games by making it look like you actually have managed to get the FBI to do something... "Yes, I'm sure that his email address. You'll be busting down his door this Tuesday, that's great!"
      • Leaking URLs to something like BO2K and calling it you company's hot new, pre-release software product.
      • Pulling a 419-style scam
      • Make him think he's uncovered a plot to commit murder/terroism (get him to show up at the police station for you)
      • Setting up a bogus web anonymizer/IRC server/warez server/etc and leaking him the access information. (Something where he'll want lots of data so he won't use a proxy in Russia.)


      If this happened to me, I would spend a few days mulling over how to best nail this guy in a way that would be both legal and effective. You want to be able to go to the autorities with more than just a Hotmail address that was probably set up with false information and accessed via proxy.
      --
      Life is too short to proofread.
  2. I'm gonna... by Anonymous Coward · · Score: 5, Funny

    Hackers are likely to release more than 6000 keylogging programs this year

    Will there be a firefox plugin for one of those babies? Or am I still gonna be missing out on all the fun this year also?

    1. Re:I'm gonna... by Tri0de · · Score: 2, Insightful

      Perhaps I'm too old school; I reserve the title 'hackers' for people who do creative and interesting 'hacks', indeed when seeing it used in a disparaging way I know I'm dealing with the ignorati.

      --
      "Everyone is entitled to their own opinion, but not their own facts."
  3. Phew... by lukewarmfusion · · Score: 5, Funny

    Good thing I type everything in with charmap.

    ßöôÝà!

  4. I am Jack's Beans by GigsVT · · Score: 5, Funny

    easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said.

    But for $99.95 per system per day you can buy magic beans from iDefense that protect you against them, right?

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  5. In other news... by patio11 · · Score: 4, Insightful

    "Next year to be really, really scary on the computer security front", says a company which makes money from designing Comprehensive Solutions to Security Threats yet cannot decide whether keyloggers are silent but lethal or whether they have observable symptoms like a system slowdown (because you KNOW your 1 GHz Pentium just crawls when it tries to do processor-intensive tasks like parsing keyboard input). Honestly, these kind of folks give security research a bad name. Its like the doctor down the street who says "Hey, AIDS cases are likely to increase next year -- symptoms include coughing or feeling less energetic than you usually do. Be afraid!"

    --
    Help poke pirates in the eyepatch, arr.
  6. Password Security by TubeSteak · · Score: 3, Interesting

    Password Security doesn't mean a damn when you're getting logged or someone is sniffing them over a network

    Change your passwords regularly.

    If that's too much trouble, rotate easy to remember (yet secure) passwords

    While you're at it, change the password on your luggage.

    --
    [Fuck Beta]
    o0t!
  7. Possible market for a secure e-commerce appliance? by TripMaster+Monkey · · Score: 4, Interesting


    I've been considering building some sort of e-commerce appliance for my less technically-inclined family members...essentially a low-end PC that will only boot off a Puppy Linux CD. All online financial transactions would take place only over this PC. Since the whole OS is on CD, it's fairly immune to the traditional spyware strategies (being Linux helps a bit as well ;) ). With this latest news, I'm thinking such a 'e-commerce appliance' might make a dandy and well-appreciated Christmas gift.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  8. How do they know? by Anonymous Coward · · Score: 3, Funny

    "Hackers are likely to release more than 6000 keylogging programs this year


    How do they know you say?
    By infecting the hackers with keyloggers offcourse!
  9. That's Open Source for you... by meringuoid · · Score: 5, Funny
    ... 6000 incompatible platforms. How are customers meant to establish a standard that way?

    Fortunately, Microsoft Keylogger 2006 will be included with Vista, and will report all your passwords to Redmond in a convenient and user-friendly way, establishing a de-facto industry standard in modern keylogging solutions.

    --
    Real Daleks don't climb stairs - they level the building.
    1. Re:That's Open Source for you... by TheSpoom · · Score: 2, Funny

      C:\Documents and Settings>net stop keylogger
      System error 1060 has occurred.

      I'm sorry Dave, I'm afraid I can't do that.

      C:\Documents and Settings>

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
  10. Reading the keys by Billosaur · · Score: 4, Insightful

    The first line of defense against these things is avoiding the trap of downloading things that may contain them. Same old saw: don't download anything from people you don't know or trust. Don't open suspicious emails. Problem is, no matter how much you say it, the common computer-user doesn't heed the warnings. People are too gullible for their own good and there are so many get-rich-quick, boy-that-sounds-interesting types out there that its only a matter of time before one of these things spreads

    Of course, what the article fails to mention is the corporate use of keyloggers, to see just what you've been saying on Slashdot, or worse, the number of people who install them on purpose to trap an unwary spouses or their mischievous kids.

    Ultimately, we should all be installing anti-keylogging software right along with our anti-virus. That will work, until the forces of evil come up with the next generation of spyware.

    --
    GetOuttaMySpace - The Anti-Social Network
  11. Re:Possible market for a secure e-commerce applian by patio11 · · Score: 4, Insightful

    Why spend actual money (even a low-end PC costs you what, a couple hundred dollars) just because of the hype, especially when you know darn well the likelihood of it ever getting booted up is zilch (particularly if technologically less-than-savvy people get an urgent "Don't wait, update your account information today!" email in their inbox -- which, incidentally, leaves them 100% as screwed no matter what Linux distribution you're using)

    --
    Help poke pirates in the eyepatch, arr.
  12. Charmap? by TubeSteak · · Score: 5, Informative
    http://en.wikipedia.org/wiki/Keylogger

    It is also said that using an onscreen keyboard is a way to combat these, as it only requires clicks of the mouse. That is, however, false information, because a keyboard event message must be sent to the external target program to type text. Every software keylogger can log the text typed with onscreen keyboard.
    --
    [Fuck Beta]
    o0t!
  13. The most undetectable keylogger by Saint37 · · Score: 5, Informative

    Obviously software keyloggers are a huge threat. But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard. They are very small and can store MB's of data. Since people hardly ever look back there, they are very hard to detect. Of course physical presence is required to use this, but I'm sure some of my coworkers would love to play with one of these.



    http://www.stockmarketgarden.com/

    1. Re:The most undetectable keylogger by jawtheshark · · Score: 2, Insightful

      Not really: there are hardware keyloggers that can be built into the keyboard. Nobody is going to see that one. Of course, everybody here knows that once you've got access to the hardware, you've essentially have access to the machine.

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    2. Re:The most undetectable keylogger by dsci · · Score: 3, Insightful

      But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard.

      Once again emphasizing that if you don't have physical security of the system, little else matters.

      I've been doing some network consulting for a Dr's office (to help their HIPAA compliance), and the physical security of their systems is completely out of their heads. The hardest thing to do in the whole project is convince them to (and how to) harden the boxes in case the black hat is sitting RIGHT THERE (or steals a box to take with them).

      --
      Computational Chemistry products and services.
    3. Re:The most undetectable keylogger by ThaFooz · · Score: 3, Insightful

      I think a hardware keylogger would be a lot easier to spot than a software keylogger to the average 'non-tech' user.

      Then you sir, have never helped a non-tech friend/relative 'fix their broken computer' only to discover that something was unplugged. Its mind boggling, but the sheer volume of cables behind the average PC (despite being simple and color-coded) means that the user pays little attention to them. Though I haven't seen one, I don't imagine a hardware key logger is hugely different in size/shape than a PS/2-USB converter. Plenty of people have those on their machines, don't know what they are, and don't question them.

  14. Idea by Andrew+Tanenbaum · · Score: 2, Funny

    Let's all automatically use a keylogger that posts to Livejournal.com. Of course, it will be called "Keyblogging".

    1. Re:Idea by Carthag · · Score: 2, Funny

      That's the best & worst idea I've heard all day.

  15. Re:News stories like this... by meringuoid · · Score: 2, Insightful
    A quick ps auwx will show me if there are evil deeds afoot.

    Unless the attacker has replaced ps with a version that will not show the keylogger. And, of course, you always run 'ps' first of all when you log in and before you type in any important passwords, don't you?

    --
    Real Daleks don't climb stairs - they level the building.
  16. no worry for the paranoid... by borawjm · · Score: 2, Funny

    all you need is your mouse and the "Character Map" program. No need to use your keyboard.

    Sure this post took me 10 minutes to type (or copy and paste I should say), but those hackers won't have a clue!

  17. Likely? by Gothmolly · · Score: 2, Insightful

    Hackers are likely to release more than 6000 keylogging programs this year.

    They're also likely to release more than 6,000,000 keylogging programs this year. They're also likely to release more than 1 keylogging program this year.

    What a stupid statement. oh wait, its from a vaporous, dot-bombish, DC-metro "computer security" company looking for page hits, blogs, and "press release" publicity on Yahoo! Finance.

    --
    I want to delete my account but Slashdot doesn't allow it.
  18. FCheck or anti-keylogger may help? by digitaldc · · Score: 4, Informative

    More info here:
    http://security.resist.ca/keylog.shtml
    Anti-Key logger:
    http://www.anti-keylogger.net/
    FCheck: http://www.geocities.com/fcheck2000/fcheck.html

    I don't know if will stop a keystroke logger, but it is a cool idea, nonetheless: http://www.kittytech.com/defaultx.html

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  19. Its about the exploit by TubeSteak · · Score: 2, Insightful
    A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys...


    Part of the problem with computers getting bogged down and popups coming out the wazoo is that more than one program can (and probably will) slip in through the same IE exploit.

    So it doesn't really matter how many uber-l33t pieces of crapware are out there, because there will always be people exploiting the same holes but doing it with buggy programs.
    --
    [Fuck Beta]
    o0t!
  20. No laughing matter... by ChePibe · · Score: 5, Interesting

    I work for a university and supervise multiple public computer labs for students.

    One of our employees decided it would be a brilliant idea to install a key logger on a handful of our computers. Our security software would have easily detcted/prevented the installation, but this employee had administrator passwords, allowing him to bypass the security software (since then, passwords have been restricted, which leads to massive inefficiency but higher security). He quietly disabled the security - especially anti-virus - software on these computers and let the program do its work.

    The key logger was discovered approximately 6 weeks later when an icon for it randomly popped up on the desktop (I do not know the name of the key-logger software). A patron reported the strange icon, and the lab assistant reported it to management.

    All 600 people who had used these computers in the last 6 weeks were notified almost immediately of the breach and instructed to change all their passwords and monitor their credit reports for suspicious activity. A lengthy FBI investigation began, and finally one employee was singled out. Luckily, there is no evidence he used any of the information he had gleaned from these computers.

    This employee faced jail time, but ended up accepting a plea bargain for 5 years probation and a $5,000 fine. He has since fled the country.

    Moral of the story - these things are quite serious when installed on the right computer, and those that install them in person could receive jail time. Now, even one hint of a key logger appearing on a computer in the labs is enough to drag in all of our technical staff at any hour to heavily investigate and reimage all nearby computers. We'd rather not have to go through any more investigations with the FBI.

  21. Obvious solution by daranz · · Score: 2, Funny

    An obvious solution is setting input to right-to-left, and then typing backwards!

    Alternatively, you may just simply store all your passwords in a .txt file on your Windows desktop. Additional security can be provided by storing the file in Shared Documents instead, but just make sure your WiFi AP is unencrypted and broadcasting its SSID.

    --
    This is a sig. It is appended to the end of comments I post.
  22. Who needs software? by Sierpinski · · Score: 4, Informative

    If you have access to a computer (or more specifically behind a computer) just add one of these:

    for PS/2 Keyboards

    or for USB Keyboards

    Anti-virus and anti-spyware won't protect you from this kind of technology.

    --
    And they said zombies weren't real!
  23. Help from Microsoft by Sierpinski · · Score: 3, Insightful

    In trying to assist the average Windows user, I think Microsoft could do something to help aid fight against unauthorized spyware/viruses:

    When I open the task manager to view all my running processes, there are usually a ton of programs running. Some I recognize (explorer.exe, System, firefox.exe, etc.) but some I have no idea what they are. Some are from my firewall (BlackIce), some are anti-virus (mcshield.exe), some are other system processes (mdm.exe: the machine debugger), and some I just plain do not know what they are. There are various sites where I can search for these programs, but when there are 50-60 in the list, it gets quite tedious. What would be nice is if the task manager actually produced a mouse-over popup (much like an 'alt' tag in HTML) that gives information about the process. Now this would have to be part of task manager, and not a factor of the application, or malware could just say that its some important legitimate file. I don't know if this is possible, feasible, or even necessary, but I know it would make it a whole lot easier for me to examine all of my currently running processes.

    Just a though in light of the keystroke logging article.

    --
    And they said zombies weren't real!
  24. Stopped Reading When I Saw IDefense Said... by Evil+W1zard · · Score: 2, Informative

    This company is all about making sales pitches and has been spreading FUD since at least 1999. I remember all the way back to the sensationalization of the so-called Israeli-Pakistani Cyber War... Which was more like a couple script kiddie hacker groups defacing web pages.... Ohhhh but they called it a Cyber War.... I would take anything you hear from these guys with a very big grain of salt.

    --Remember when they were in hot water for simply rewriting other people's materials and not citing original author or when Jericho and the Attrition crew started to campaign against them...

    (I will give them credit for a few decent vulnerability discoveries though, but I tend to stay away from their reporting of cyber news...)

    --
    News Reporters Make Tasty Polar Bear Treats!
  25. PR Plant by CupBeEmpty · · Score: 2, Interesting
    this really seems to be a PR plant by iDefense (they seem to be spending a little marketing cash to get us worried about keyloggers)

    Other planted articles that are startlingly similar:
    The actual verisign press release with a cute graph
    PC World with a seemingly verbatim copy of the press release
    Again from Tech News World
    And C|Net's news.com.com even copies the fun and [extreme sarcasm]ever so statistically meaningful[/extreme sarcasm] graph

    It is nice to note that VerisSign's Nasdaq abbreviation appears in all of these articles within the first sentence. So I wouldn't be too worried because its not surprising that VeriSign wants us to fear keyloggers.

  26. Re:unix admin passwords by tendays · · Score: 2, Informative

    x-windows permits this - to have a process request to be the exclusive recipient of all keystrokes (no matter what window is selected). I don't know about os x.

    But to my knowledge there are few programs that actually do it. I am aware of three: xterm - when you ctrl-click on the window you can ask for "secure keyboard" which does that. gpg-agent's passphrase request window can also activate that feature.
    And xscreensaver, when asking for your password to unlock the screen (other screensavers probably too)

    One reason why you don't want to keep your xterm on "secure keyboard" all the time is that your screensaver can't detect keyboard activity anymore (and of course you can't type to other windows)

  27. That's MS Passport for you... by HermanAB · · Score: 2, Interesting

    Sending all your paswords to a central authority - wasn't that what MS Passport was all about?

    --
    Oh well, what the hell...