City Almost Loses 450K to Keylogger

SierraPete writes "The city of Carson, California (a suburb of Los Angeles) was the target of a 6-digit theft of cash. The LA Times reports that information taken from a keylogger was used to attempt to steal $450K from the city's treasury. Quick work by the city froze most of the funds, but it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home."

Re:And nobody is really immune

[QuantumG]

Yeah, see, this is why I really should get around to posting to whatever passes as a risks mailing list these days.

There's about a dozen ways to intercept su or sudo. They range in sophistication from adding an alias to the user's .bash_profile (or whatever shell they are using), to duplicating the effect of gksudo, to using the ptrace api to intercept exec syscalls and replace the command to execute. Some of this stuff is old school and doesn't need repeating.. I'm not aware of anyone who has published a ptrace based mechanism for jumping su or sudo.

Thing is, hacking is just so much more common than worms or viruses on the Linux platform.. and stuff like this is a last resort for hackers. Only if they don't have a local exploit that will give them root do they turn to stuff like this.