Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real-Time Keyloggers

Posted by kdawson on from the taking-a-leaf-from-twitter dept.

The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."

5 of 205 comments (clear)

  1. Real Time? by Anonymous Coward · · Score: 5, Funny

    My Windoze apps at work don't even respond in real time. Maybe the trojan provides a free performance boost?

    1. Re:Real Time? by Inner_Child · · Score: 4, Funny

      I understand, it's embarrassing to admit to watching professional wrestling...

      --
      Today is red jello day - all workers must eat all of their red jello. Failure to comply will result in five demerits.
  2. Re:Biometrics by John+Hasler · · Score: 5, Funny

    Anything to avoid a secure OS eh?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:Thwarted by properly designed online banking by bruno.fatia · · Score: 3, Funny

    My bank has so much more security that even when I want to I can't transfer anything!

  4. Ribbed by bobbuck · · Score: 3, Funny

    I couldn't find any ribbed for "his" pleasure so I had to turn them inside out and tell her I bought the plain ones.