Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

Keystroke Logging Increases 204

Posted by Zonk from the not-a-friendly-neighborhood dept.
JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "
This discussion has been archived. No new comments can be posted.

Keystroke Logging Increases More

Keystroke Logging Increases

Comments Filter:

  • Bundled with spyware? (Score:5, Interesting)

    by jawtheshark ( 198669 ) * <slashdot@nosPAm.jawtheshark.com> on Friday November 18, 2005 @10:46AM (#14062302) Homepage Journal
    At least that's what the article seems to imply. So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot.

    For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys... A small background prcess could do this, and store locally, detect when a big download is started to camouflage its own traffic to the server by sending it while the big file gets downloaded. The day that that happens: we'll be all screwed.

    • Rootkits are getting more and more scary. The techniques they use use to hide them are getting better as well. If you get a guy who really knows what he's doing, you'll have no idea something is even there.

    • Re:Bundled with spyware? (Score:5, Insightful)

      by BokLM ( 550487 ) * <boklm@mars-attacks.org> on Friday November 18, 2005 @10:54AM (#14062378) Homepage Journal
      For the moment it's fairly easy to find out when a machine has spyware. What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt.

      And what make you think it's not aldready happenned ? Maybe you're just not aware of it now.

      The Sony rootkit has been running on thousands of computers for months without anyone to notice it ... It's not as easy as you say to find out when a machine has spyware.

    • Re:Bundled with spyware? (Score:2, Insightful)

      by ergo98 ( 9391 )
      What would scare me is when a decent programmer will start to write such programs so that it is completely stealth and doesn't bring the machine to a grinding halt. After all, basically all spyware seems to be badly written and performance not an issue at all. A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time.

      Of course there are programs out there doing exactly this - custom made, highly targeted atta
      • My BIOS has a boot-sector virus guardy thing on it, which is updated whenever the BIOS is reflashed. Perhaps an antivirus/spyware/rootkit detector could be built into the motherboard?

        Since more and more internet connections come over an RJ45 straight from the modem, or a wireless network, could the motherboard not switch into a 'self update' mode when the PC is off, which would connect to an update server (Since it doesn't need to involve the OS), grab the latest definitions, flash the antivirus with the ne
        • Since more and more internet connections come over an RJ45 straight from the modem, or a wireless network, could the motherboard

          Connecting to the internet requires a lot more than an RJ45 connection. I'm not saying it's impossible, since as you say the physical connectivity is there, but all your motherboard (or NIC) knows how to do is send and receive "layer 2" datagrams to and from MAC addresses. All the data abstraction and interpretation that follows is done by software, usually one's operating sys
          • Just looking for ideas. I'm aware the stack needs to be implemented, I was more referring to the fact that the modem establishes its own connection, meaning the BIOS doesn't need to bother dialing (Although this could be a good idea for a function for non-DSL connections).

            As for having a virus re-flash things, just have the virus guard system switch to a read-only once the system is powered up normally. If a virus can intercept before IDE boot (Or floppy/CD boot, depending on what's in the machine at the ti
      • > soon you'll have to run rootkit detection from a bootable CD

        An alternative would be to boot up a VM first, then have that load your OS kernel. Something like a stripped-down version of VMware, or Xen. The idea being that virus / rootkit detection can go into one VM, and all your day-to-day stuff goes in a another session. Then as long as there isn't any way to breach the VM's sandbox the detection code can have it's own access to the drives without being influenced by any virus running in your main

    • "So the lesson here is: protect your computer, use Firefox, Ad-Aware and Spybot."

      That's what I keep saying. Unfortunately, I have people above me who insist on only using Microsoft's Windows Defender (aka antispyware). Poor misinformed souls. They seem to be anti-firefox too. Must burn their bottoms everytime they see me logging a call or ordering a replacement part with good ol' Firefox. :) Anyway, more on topic, you forgot to also suggest keeping your anti-virus program up-to-date.

      • Unfortunately, I have people above me who insist on only using Microsoft's Windows Defender (aka antispyware). Poor misinformed souls.

        If you're only going to use one, the one from MS is not such a bad choice, in my experience - it's really pretty thorough. Of course, when I'm being rewarded with beer for fixing machines from friends and relatives, I never use just one, because there doesn't seem to be one single product that can do it all. YMMV.

        • the one from MS is not such a bad choice

          Agreed. I've only met one person who said they had better luck with any of the other spyware killers. Every time I've used it, it's been after someone said "Oh, don't bother checking for spyware. I ran spybot and adware on it, and the machine is clean". Ten minutes later the comments are always "it found HOW MANY?!" :)

      • Re:Bundled with spyware? (Score:4, Insightful)

        by Reziac ( 43301 ) * on Friday November 18, 2005 @11:21AM (#14062602) Homepage Journal
        Actually, when some independent outfit (I forget who, but it was reported here on /.) tested the various anti-spyware/adware apps, M$'s product came out #1, with the highest percentage of finds and kills. This isn't really so surprising when you remember that it is just the old Giant antispyware, an enterprise-class product, which M$ bought and apparently changed very little prior to releasing under their own name. Not that relying on a single solution is wise, but if you've got to pick just one (as may well be the case with an average user, who needs one that -- like M$'s -- will run in the background and not make them have to deal with it) M$'s antispyware is probably the best choice at the moment.

        And using Firefox and Thunderbird helps stop popups and some of the more obvious vulnerability routes (like that invention of the devil, ActiveX) but they won't save you if a keylogger does find its way aboard via some other route. Nor will a firewall stop a keylogger from phoning home, since to get around firewalls, they send their data via ordinary email in the background ... and who makes their firewall stop and query their email client each and every time it sends or receives anything??**

        And imagine a keylogger that uses, say, the Sony rootkit to stealth itself... people who believe themselves safe because they did all the recommended updates and run all the "safe" apps may still encounter something this devious (Sony doubtless isn't alone, they just got caught!) and this easily exploited, that even current protection measures don't yet stop.

        ** Occurs to me that a good feature for an email client is a "check destination" function where if the recipient wasn't entered by some essentially manual route (address book, hit reply, type into TO field) it stops and asks if you really want to send mail to Unknown Recipient X.

    • Re:Bundled with spyware? (Score:5, Interesting)

      by Anonymous Coward on Friday November 18, 2005 @11:02AM (#14062436)
      I found a keylogger immediately after it had gotten installed using the following method. "Find Files" on C: modified in the last day. Then sort on date/time and look at the most recent. That found the keylog files. I then used Winhex to inspect the memory of the program that I had found running and discovered it was trying to send the information to a darksingh666@hotmail.com

      Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)

      In any case, the method is useful for detecting unknown non-rootkit loggers that don't encrypt their data. Works on all the corporate spyware our company install to make our PCs behave like 486s.

      • Re:Bundled with spyware? (Score:5, Insightful)

        by dsci ( 658278 ) on Friday November 18, 2005 @11:25AM (#14062632) Homepage
        Next step was to send the DarkSingh chap an email telling him what a cunt he is :-)

        That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.
        • That'll teach him. Filing an incident report with the authorities to MAYBE get him caught (so he cannot compromise other people's computers) would have had a bit more long term vision.

          Real vision would have been to send him what looked like a normal batch of keylogged information, but that was actually a trap.
          There are all sorts of options that come to mind:
          • A "web bug" (transparent gif) to find his ip address.
          • Opening up a bank/CC/paypal account with a couple hundred dollars (whatever you need for fe
      • ...loggers that don't encrypt their data
        You'd still be able to detect it, right?
      • The problem is that whoever owns the email account darksingh666@hotmail.com cannot be located - Microsoft can't help because the process is essentially anonymous. And, it is extremely doubtful that they would record the IP address of people accessing a given email account.

        So, never fear, using Hotmail (or Yahoo, or mailasia.com or any of the other thousands of free anonymous email services) will allow people to mail keylogger files from infected machines.

        Contact the authorities? Sure, as soon as you find

    • A decent programmer, using all his skills could write a stealth spyware/keylogger that doesn't bog down the computer and goes undetected for a very long time. It shouldn't do popups, but just log the keys...

      Part of the problem with computers getting bogged down and popups coming out the wazoo is that more than one program can (and probably will) slip in through the same IE exploit.

      So it doesn't really matter how many uber-l33t pieces of crapware are out there, because there will always be people exploiting

    • protect your computer, use Firefox, Ad-Aware and Spybot.

      I am using Mac OS X, is there any danger for me? I mean, I don't have any antispyware tools, and several times I had to use sudo to install some open source software... I am too lazy and incompetent to check the source (or even Makefile) to be sure it is safe. Certain closed source software asked for admin privileges upon installation as well... How can I be sure I am safe from keyloggers? Yes, Mac zealots claim Macs are safe, but it may be false.
      • .....How can I be sure I am safe from keyloggers?....

        First, make sure that you do your day to day computing on OSX on a standard, non-admin account. That means that if anything wants to install in the system or in the applications folder, you will be asked for a password for an admin. If you KNOW for sure where the software comes from, trust that source and it was YOU that purposefully initiated an install, then giving the password minimizes, but doesn't completely eliminate the chance of getting hit by mal
        • First, make sure that you do your day to day computing on OSX on a standard, non-admin account. That means that if anything wants to install in the system or in the applications folder, you will be asked for a password for an admin.

          Ok, here's an attack: I make a binary which, when run, adds a line into your users bash (or whatever shell) config file instructing it to run a phoney bash binary. So, every time you bring up a command prompt, the phoney bash runs instead, which is patched to "overlook" file
    • I'm surprised no one's written spyware that attacks spybot and adaware libraries so they can go on undetected.

  • I'm gonna... (Score:5, Funny)

    by Anonymous Coward on Friday November 18, 2005 @10:47AM (#14062314)
    Hackers are likely to release more than 6000 keylogging programs this year

    Will there be a firefox plugin for one of those babies? Or am I still gonna be missing out on all the fun this year also?

    • Re:I'm gonna... (Score:3, Insightful)

      by Tri0de ( 182282 )
      Perhaps I'm too old school; I reserve the title 'hackers' for people who do creative and interesting 'hacks', indeed when seeing it used in a disparaging way I know I'm dealing with the ignorati.

  • Phew... (Score:5, Funny)

    by lukewarmfusion ( 726141 ) on Friday November 18, 2005 @10:47AM (#14062315) Homepage Journal
    Good thing I type everything in with charmap.

    ßöôÝà!
    • Or you could use Dvorak. Keys still logged, but would look like a mess unless they expect it.

    • Charmap? (Score:5, Informative)

      by TubeSteak ( 669689 ) on Friday November 18, 2005 @10:53AM (#14062369) Journal
      http://en.wikipedia.org/wiki/Keylogger [wikipedia.org]

      It is also said that using an onscreen keyboard is a way to combat these, as it only requires clicks of the mouse. That is, however, false information, because a keyboard event message must be sent to the external target program to type text. Every software keylogger can log the text typed with onscreen keyboard.
      • Character map is an onscreen keyboard which sends the text to a field inside itself - not to an external program. You then copy and paste from that field into whatever you want. Since you're not sending keystrokes, the keylogger would need to also intercept any copy-paste that you do.

        I was trying too hard to be funny, I know... but I figured I'd toss that out there.
        • No, you win.
          You're +5 funny.

          While my quote still matters to the discussion at large, I woulda stuck it somewhere else if I had seen that tidbit of information while googling.

          some enterprising mod should give you a +1 informative to go with all those +1 funnies
    • That's why I mentally rot13 everything and type it into rot13.com. Hit the cypher button, copy, paste and nobody will ever capture what I've written (except for the people who run rot13.com).
    • I prefer using The Dasher [cam.ac.uk] it is way faster than the charmap approach.

  • I am Jack's Beans (Score:5, Funny)

    by GigsVT ( 208848 ) on Friday November 18, 2005 @10:48AM (#14062318) Journal
    easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said.

    But for $99.95 per system per day you can buy magic beans from iDefense that protect you against them, right?

  • In other news... (Score:5, Insightful)

    by patio11 ( 857072 ) on Friday November 18, 2005 @10:49AM (#14062328)
    "Next year to be really, really scary on the computer security front", says a company which makes money from designing Comprehensive Solutions to Security Threats yet cannot decide whether keyloggers are silent but lethal or whether they have observable symptoms like a system slowdown (because you KNOW your 1 GHz Pentium just crawls when it tries to do processor-intensive tasks like parsing keyboard input). Honestly, these kind of folks give security research a bad name. Its like the doctor down the street who says "Hey, AIDS cases are likely to increase next year -- symptoms include coughing or feeling less energetic than you usually do. Be afraid!"

  • Password Security (Score:3, Interesting)

    by TubeSteak ( 669689 ) on Friday November 18, 2005 @10:50AM (#14062330) Journal
    Password Security doesn't mean a damn when you're getting logged or someone is sniffing them over a network

    Change your passwords regularly.

    If that's too much trouble, rotate easy to remember (yet secure) passwords

    While you're at it, change the password on your luggage.

    • "Change your passwords regularly. If that's too much trouble, rotate easy to remember (yet secure) passwords"

      Better yet use Roboform's [roboform.com] random password generator and save your passwords to encrypted key files, and back them up often, then you do not have to remember your passwords ever, just backup your keycards

    • Password Security doesn't mean a damn when you're getting logged or someone is sniffing them over a network

      Exactly. So changing them, and using "good" ones don't mean shit if you're just going to give it away to someone.

      People seem to think that this password security crap is something real, but they rarely if ever change the PIN on their bank card, they rarely if ever change the locks on their car and/or house, or the combination on their fireproof safe. Its cool that everybody is so much into their pass
    • For everyone out there that doesn't understand good security, I have found something that people tend to relate to ...

      Passwords are like toothbrushes:

      Don't share

      Change yours regularly

      Just about everyone can relate to this - and if the sys admin hangs up a sign saying this in her/his office, then people tend to remember this (that is for those unfortunate souls that work somewhere where the boss thinks it is too much of a pain to require people to change their password every 30 to 90 days)

      You're

  • Possible market for a secure e-commerce appliance? (Score:5, Interesting)

    by TripMaster Monkey ( 862126 ) * on Friday November 18, 2005 @10:50AM (#14062332)

    I've been considering building some sort of e-commerce appliance for my less technically-inclined family members...essentially a low-end PC that will only boot off a Puppy Linux [goosee.com] CD. All online financial transactions would take place only over this PC. Since the whole OS is on CD, it's fairly immune to the traditional spyware strategies (being Linux helps a bit as well ;) ). With this latest news, I'm thinking such a 'e-commerce appliance' might make a dandy and well-appreciated Christmas gift.

    • Re:Possible market for a secure e-commerce applian (Score:5, Insightful)

      by patio11 ( 857072 ) on Friday November 18, 2005 @10:53AM (#14062367)
      Why spend actual money (even a low-end PC costs you what, a couple hundred dollars) just because of the hype, especially when you know darn well the likelihood of it ever getting booted up is zilch (particularly if technologically less-than-savvy people get an urgent "Don't wait, update your account information today!" email in their inbox -- which, incidentally, leaves them 100% as screwed no matter what Linux distribution you're using)
    • Actually, it could be argued that AMD makes one heck of an appliance.

      Yes, it runs Windows. However, it's a rather obscure variant of Windows, blending WinCE and XP. Hopefully that doesn't mean that it's open on BOTH sides, instead of none.

      It's $300 at RadioShack.
    • I really like the idea and could have some very cool applications. But I'm not sure less-tech savy users would be one of them.

      I mean, it seems like a bit of a catch 22 to market an active security solution (ie, think about security before every transaction, instead of a one-time install) to a group who has security problems precicely because they don't want to concern themselves with security 24/7.

  • How do they know? (Score:3, Funny)

    by Anonymous Coward on Friday November 18, 2005 @10:50AM (#14062339)

    "Hackers are likely to release more than 6000 keylogging programs this year


    How do they know you say?
    By infecting the hackers with keyloggers offcourse!

  • That's Open Source for you... (Score:5, Funny)

    by meringuoid ( 568297 ) on Friday November 18, 2005 @10:50AM (#14062340)
    ... 6000 incompatible platforms. How are customers meant to establish a standard that way?

    Fortunately, Microsoft Keylogger 2006 will be included with Vista, and will report all your passwords to Redmond in a convenient and user-friendly way, establishing a de-facto industry standard in modern keylogging solutions.

  • Reading the keys (Score:4, Insightful)

    by Billosaur ( 927319 ) * <wgrotherNO@SPAMoptonline.net> on Friday November 18, 2005 @10:52AM (#14062358) Journal

    The first line of defense against these things is avoiding the trap of downloading things that may contain them. Same old saw: don't download anything from people you don't know or trust. Don't open suspicious emails. Problem is, no matter how much you say it, the common computer-user doesn't heed the warnings. People are too gullible for their own good and there are so many get-rich-quick, boy-that-sounds-interesting types out there that its only a matter of time before one of these things spreads

    Of course, what the article fails to mention is the corporate use of keyloggers, to see just what you've been saying on Slashdot, or worse, the number of people who install them on purpose [widestep.com] to trap an unwary spouses or their mischievous kids.

    Ultimately, we should all be installing anti-keylogging software [filehungry.com] right along with our anti-virus. That will work, until the forces of evil come up with the next generation of spyware.

    • You have to wonder about a "free keylogger" that claims to be the best in the business... what is *it* bundled with??? [reads linked page] Sounds like it's actually a specialized rootkit.

      Well, if Sony did nothing else for the world, they did get the AV companies in an uproar about detecting rootkits, which hadn't previously been in their purview.

    • .....don't download anything from people you don't know or trust.....

      It seems that you should not trust global corporations, such as Sony, any more either. In the end, who can you trust? Your own fart?

    • The software you linked appears quite dodgy. The vendor's main site provides no description whatsoever of how it works. There's no FAQ, or support forum. Other that the description that it "doesn't rely on signatures". And "It became possible due to the newly developed solutions and algorithms that allow distinguishing spy program activities from those of any other application installed in the system." That sounds like Snake Oil to me.

      If you're going to continue shilling for RaySoft, you should let them kn

  • The most undetectable keylogger (Score:5, Informative)

    by Saint37 ( 932002 ) on Friday November 18, 2005 @10:57AM (#14062400)
    Obviously software keyloggers are a huge threat. But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard. They are very small and can store MB's of data. Since people hardly ever look back there, they are very hard to detect. Of course physical presence is required to use this, but I'm sure some of my coworkers would love to play with one of these.



    http://www.stockmarketgarden.com/ [stockmarketgarden.com]
    • I think a hardware keylogger would be a lot easier to spot than a software keylogger to the average 'non-tech' user.

      Furthermore, you can't remotely install hardware keyloggers.
      • Not really: there are hardware keyloggers that can be built into the keyboard. Nobody is going to see that one. Of course, everybody here knows that once you've got access to the hardware, you've essentially have access to the machine.

      • Re:The most undetectable keylogger (Score:4, Insightful)

        by ThaFooz ( 900535 ) on Friday November 18, 2005 @11:18AM (#14062570)
        I think a hardware keylogger would be a lot easier to spot than a software keylogger to the average 'non-tech' user.

        Then you sir, have never helped a non-tech friend/relative 'fix their broken computer' only to discover that something was unplugged. Its mind boggling, but the sheer volume of cables behind the average PC (despite being simple and color-coded) means that the user pays little attention to them. Though I haven't seen one, I don't imagine a hardware key logger is hugely different in size/shape than a PS/2-USB converter. Plenty of people have those on their machines, don't know what they are, and don't question them.
      • Of course, if you're using a wireless keyboard, you'll never know you're being hardware logged, 'cause all the attacker needs is a receiver with a big directional antenna attached. They've released a few wireless keyboards that use encryption between the keyboard and "base station", but for the sake of speed, it's generally pretty simplistic stuff that could either be cracked or defeated simply by using the same brand of proprietary receiver.

        It's also theoretically possible to make equipment sensitive en

    • Re:The most undetectable keylogger (Score:4, Insightful)

      by dsci ( 658278 ) on Friday November 18, 2005 @11:18AM (#14062568) Homepage
      But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard.

      Once again emphasizing that if you don't have physical security of the system, little else matters.

      I've been doing some network consulting for a Dr's office (to help their HIPAA compliance), and the physical security of their systems is completely out of their heads. The hardest thing to do in the whole project is convince them to (and how to) harden the boxes in case the black hat is sitting RIGHT THERE (or steals a box to take with them).

    • Hmm, well, MS Outlook is a very good email program, but I doubt that it can rematerialize a hardware key logger from a bit stream and plug it in too. So, untill all PCs are fitted with Ixian Universal 3D Pantographs, I'm not going to worry much about this hardware keylogger threat.
  • The Sony rootkit for a keylogger? Then we'd only have to worry about 5999 others!

  • Idea (Score:2, Funny)

    by Andrew Tanenbaum ( 896883 )
    Let's all automatically use a keylogger that posts to Livejournal.com. Of course, it will be called "Keyblogging".
  • all you need is your mouse and the "Character Map" program. No need to use your keyboard.

    Sure this post took me 10 minutes to type (or copy and paste I should say), but those hackers won't have a clue!

  • Likely? (Score:3, Insightful)

    by Gothmolly ( 148874 ) on Friday November 18, 2005 @11:06AM (#14062464)
    Hackers are likely to release more than 6000 keylogging programs this year.

    They're also likely to release more than 6,000,000 keylogging programs this year. They're also likely to release more than 1 keylogging program this year.

    What a stupid statement. oh wait, its from a vaporous, dot-bombish, DC-metro "computer security" company looking for page hits, blogs, and "press release" publicity on Yahoo! Finance.
    • iDefense is hardly a vaporous dot-bomb company - they actually put out very good intelligence, although most of it is stuff you're not likely ever to see unless you are a paying customer. And they've contributed a substantial number of their internal tools for malware analysis to the community. I have a great deal of respect for the analysts working there - maybe you should look into some of the research they've done over the years before you discount them as yet-another snake-oil security company.

      As to

  • FCheck or anti-keylogger may help? (Score:5, Informative)

    by digitaldc ( 879047 ) * on Friday November 18, 2005 @11:07AM (#14062474)
    More info here:
    http://security.resist.ca/keylog.shtml [resist.ca]
    Anti-Key logger:
    http://www.anti-keylogger.net/ [anti-keylogger.net]
    FCheck: http://www.geocities.com/fcheck2000/fcheck.html [geocities.com]

    I don't know if will stop a keystroke logger, but it is a cool idea, nonetheless: http://www.kittytech.com/defaultx.html [kittytech.com]
  • To be effective don't keystroke loggers written for windows need to use system hooks that should make them all relatively easy to detect? I'm not sure what OSs they will be released for, but I would assume that Windows would be the major target.

  • No laughing matter... (Score:5, Interesting)

    by ChePibe ( 882378 ) on Friday November 18, 2005 @11:21AM (#14062595)
    I work for a university and supervise multiple public computer labs for students.

    One of our employees decided it would be a brilliant idea to install a key logger on a handful of our computers. Our security software would have easily detcted/prevented the installation, but this employee had administrator passwords, allowing him to bypass the security software (since then, passwords have been restricted, which leads to massive inefficiency but higher security). He quietly disabled the security - especially anti-virus - software on these computers and let the program do its work.

    The key logger was discovered approximately 6 weeks later when an icon for it randomly popped up on the desktop (I do not know the name of the key-logger software). A patron reported the strange icon, and the lab assistant reported it to management.

    All 600 people who had used these computers in the last 6 weeks were notified almost immediately of the breach and instructed to change all their passwords and monitor their credit reports for suspicious activity. A lengthy FBI investigation began, and finally one employee was singled out. Luckily, there is no evidence he used any of the information he had gleaned from these computers.

    This employee faced jail time, but ended up accepting a plea bargain for 5 years probation and a $5,000 fine. He has since fled the country.

    Moral of the story - these things are quite serious when installed on the right computer, and those that install them in person could receive jail time. Now, even one hint of a key logger appearing on a computer in the labs is enough to drag in all of our technical staff at any hour to heavily investigate and reimage all nearby computers. We'd rather not have to go through any more investigations with the FBI.
    • You bring up a good point, in terms of damage to people's personal identity and information. What's the risk for corporations, or perhaps government sensitive information? It might lead to the kind of backlash where places that don't absolutely need internet access for the required work to be disconnected, or on a separate internal network. I just think there may be too many companies going low tech to avoid this kind of threat, and pulling the plug if they have anything serious to risk.
  • An obvious solution is setting input to right-to-left, and then typing backwards!

    Alternatively, you may just simply store all your passwords in a .txt file on your Windows desktop. Additional security can be provided by storing the file in Shared Documents instead, but just make sure your WiFi AP is unencrypted and broadcasting its SSID.
    • Alternatively, you may just simply store all your passwords in a .txt file on your Windows desktop

      A surprisingly good idea, in a way; sure it allows anyone who has physical access you your machine to get access to your passwords, but all the keyloggers'll detect is "ctrl-c, ctrl-v"

  • This is why you should use strong, default-deny egress rules on your network - especailly if you have confidential data.

    Especially at small organizations, people think they are protected if they just have some ingress rules that (supposedly) stop the bad people getting in. However, you've got to stop your PCs from making connections *out* to random addresses.

  • Who needs software? (Score:5, Informative)

    by Sierpinski ( 266120 ) on Friday November 18, 2005 @11:50AM (#14062850)
    If you have access to a computer (or more specifically behind a computer) just add one of these:

    for PS/2 Keyboards [thinkgeek.com]

    or for USB Keyboards [thinkgeek.com]

    Anti-virus and anti-spyware won't protect you from this kind of technology.
    • Yes, but these aren't cheap (~$100 for a cheap one) and they are easily identified by a cursory look at the back of the machine. $100 is a bit much to lose if you are "found out", so these will mostly be installed by machine owners. I know there have been incidents when these were installed, but most of these are put in high traffic, high risk areas. In some way, these are easier to detect than software keyloggers. Not only that, but most of these (all that I know of) use a standard set of "wake" comman

  • Help from Microsoft (Score:4, Insightful)

    by Sierpinski ( 266120 ) on Friday November 18, 2005 @12:12PM (#14063070)
    In trying to assist the average Windows user, I think Microsoft could do something to help aid fight against unauthorized spyware/viruses:

    When I open the task manager to view all my running processes, there are usually a ton of programs running. Some I recognize (explorer.exe, System, firefox.exe, etc.) but some I have no idea what they are. Some are from my firewall (BlackIce), some are anti-virus (mcshield.exe), some are other system processes (mdm.exe: the machine debugger), and some I just plain do not know what they are. There are various sites where I can search for these programs, but when there are 50-60 in the list, it gets quite tedious. What would be nice is if the task manager actually produced a mouse-over popup (much like an 'alt' tag in HTML) that gives information about the process. Now this would have to be part of task manager, and not a factor of the application, or malware could just say that its some important legitimate file. I don't know if this is possible, feasible, or even necessary, but I know it would make it a whole lot easier for me to examine all of my currently running processes.

    Just a though in light of the keystroke logging article.

  • Stopped Reading When I Saw IDefense Said... (Score:3, Informative)

    by Evil W1zard ( 832703 ) on Friday November 18, 2005 @12:14PM (#14063097) Journal
    This company is all about making sales pitches and has been spreading FUD since at least 1999. I remember all the way back to the sensationalization of the so-called Israeli-Pakistani Cyber War... Which was more like a couple script kiddie hacker groups defacing web pages.... Ohhhh but they called it a Cyber War.... I would take anything you hear from these guys with a very big grain of salt.

    --Remember when they were in hot water for simply rewriting other people's materials and not citing original author or when Jericho and the Attrition crew started to campaign against them...

    (I will give them credit for a few decent vulnerability discoveries though, but I tend to stay away from their reporting of cyber news...)
  • 6000 brands of keyloggers on countless machines, all collecting passwords. Who needs Carnivore and the backdoor key with this mess?

    Gilmore's law ('The internet treats censorship as damage and routes around it') apparently also applies to free-market pressures to subvert security, even if it is white-hat security goals that are preventing something like Carnivore's back-door.

  • PR Plant (Score:2, Interesting)

    by CupBeEmpty ( 720791 )
    this really seems to be a PR plant by iDefense (they seem to be spending a little marketing cash to get us worried about keyloggers)

    Other planted articles that are startlingly similar:
    The actual verisign press release [verisign.com] with a cute graph
    PC World [idg.com.au] with a seemingly verbatim copy of the press release
    Again [technewsworld.com] from Tech News World
    And C|Net's news.com.com [com.com] even copies the fun and [extreme sarcasm]ever so statistically meaningful[/extreme sarcasm] graph

    It is nice to note that VerisSign's Nasdaq abbreviation a

  • I have a tablet PC, I normally use the keyboard for text entry, and use the pen as a mouse and for art, since I type quicker than I write, but hey, maybe I should start using handwriting more often. Keylog that! :-)

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close