Study: Keystroke spying on the rise

Keylogger programs that record passwords and other typed-in text are increasing, according to data from iDefense.

The programs are an increasingly popular tool among identity thieves, the security company said Tuesday. Reports to iDefense, and its own research, indicate that the number of keylogger variants unleashed this year is set to rise 65 percent over last year, reaching nearly 6,200 in total, the company said in a statement on Tuesday.

Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data.

The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said.

"There are so many victims because so few know the risk or the early warning signs," Joe Payne, vice president of VeriSign iDefense Security Intelligence Services, said in a statement. "You simply can't stop what you can't see."

Early warning signs can include slow performance of a PC, a spike in pop-up messages and other problems.

Computers can become infected with keyloggers in a variety of ways, such as through downloading spyware or e-mail attachments, or through a visit to a chat room or simply to the wrong Web site. The programs typically exploit flaws in Web browser software, including Microsoft's Internet Explorer.

iDefense said keyloggers are typically spread by organized cybercrime rings, which have used them in the past to conduct large-scale money transfers to fund criminal activities. The programs have grown exponentially since 2001, when the firm detected just 275 of them.

[open-mind]

Why Do They Say "PC"?

When they really mean "Microsoft Windows PC".

Yes, I know Microsoft Windows dominates the personal computer
industry.

That doesn't alter the fact that many millions of personal computer
owners do not really need to worry about this.

[Terry Murphy]

Why this matters...

Every financial and government institution whose websites
REQUIRE the use of Internet Explorer and Microsoft Windows
also knowingly expose their customers to this vulnerability. If I
were required by a bank to use Windows and Explorer for
banking transactions, and my passwords were compromised by
the activities described in this article, I would hold the bank
accountable for any loss I incur.

Clearly, this is the perfect storm waiting to happen, if it has
happened already, and the sad fact is it's just completely
unnecessary. There are other browsers and other internet
technologies (read: not MS proprietary technologies) that
provide exactly the same level of service to customers, but the
site designers contracted by these companies peddle Internet
Explorer and Windows as a "requirement" for no other reason
than to insure MS maintains it's monopoly.

The Internet to this day remains a threat to Microsoft because
the internet has always been based on open, non-proprietary
standards. Microsoft's views open standards as technologies that
erode it's stranglehold on marketshare and the need for the
Windows OS. Thus, when Java appears on the internet landscape,
MS doesn't adopt it; instead it simply creates it's own version of
Java which - surprise - only works with Windows and Internet
Explorer.

Then the problem gets worse, because MS isn't exactly careful
when it comes to security in it's software (unfortunate Windows
users had to wait until just recently - Windows XP SP2 - for MS
to ship it's OS with all ports closed by default), and when it's
host of bastardized proprietary internet technologies is broken
by nothing more sophisticated than teenage computer
hobbyists, the company takes YEARS to address the problem.

All in all, the recipe for disaster. It's just a matter of time.

[Dead Soulman]

FIREFOX !!!!

That's why I don't use IE. Aside from being a pain in the rear, too much garbage flows right through it and into my computers.
All my computers have been using Firefox since it came out. I'll never go back to Explorer.
IE is definately helping creeps "Explore" into your systems.

[crazeebob2000]

I fully agree

I use IE only for getting the Windows updates. Why anybody would use IE knowing what we do is beyond me.Cheers