Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Malicious Keyloggers Run Rampant on Net



 By: Paul F. Roberts
2005-11-28
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The online crime epidemic fuels a rise in the stealthy tools, which often evade detection by anti-virus tools and can be difficult to detect once installed.

Keylogging programs are the epitome of online stealth, and theyre also a mushrooming problem on the Internet, where identity and intellectual property thefts are fueling an explosion of key-capture tools.

Reports of new keylogging programs soared higher this year, as part of a wave of multifunction malware with integrated keylogging features, according to VeriSign Inc.s security information company iDefense Inc. The programs often evade detection by anti-virus tools and can be difficult to detect once installed, experts warn. However, at least one anti-spyware company believes that reports about the danger posed by keyloggers are overstated.

More than 6,000 keylogging programs will be released by the end of this year, according to projections by iDefense. Thats an increase of 2,000 percent over the last five years, company officials said.

Keyloggers have been around for years and are also sold as legitimate applications—often as monitoring tools for concerned parents or suspicious spouses—according to Ken Dunham, director of malicious code at iDefense, in Reston, Va.

Resource Library:

Earlier this year, police foiled a $420 million keylogger scam. Click here to read more.

Security companies occasionally lock horns with makers of commercial keyloggers. For example, earlier this month, anti-spyware software maker Sunbelt Software Inc. was threatened with a lawsuit by RetroCoder Ltd., a U.K. company that was angry about Sunbelt listing RetroCoders SpyMon keylogger in its threat database, according to a blog entry by Sunbelt President Alex Eckelberry in Clearwater, Fla.

SpyMons EULA (end-user license agreement) forbids anti-spyware and anti-virus companies from using or analyzing the program, and RetroCoder threatened to enforce that provision in European Union court unless the program was removed from the threat database, according to Sunbelt officials.

Malicious keyloggers are increasingly part of modular programs that contain Trojan horse, spamming and remote control features, as well, Dunham said.

Anti-virus companies have developed signatures that will stop many of those programs before they can be installed, but new programs with unique signatures are readily available from malicious code download sites. In some cases, the programs source code can be purchased so buyers can create their own keylogger variants, Dunham said.

Keyloggers are particularly common in countries where online banking fraud is a problem, such as Brazil, said Joe Stewart, a senior security researcher at Lurhq Corp., in Chicago. The keyloggers are coupled with Trojan programs, such as the Banker and PWSteal families, and are programmed to spring to life when victims type the URL of a specific bank or banks into their Web browser or when they launch a Web page with a specific name, Stewart said.

Organized gangs are taking over crime on the Web. Click here to read about some of the major players, how they work and how big a threat they really are.

Keyloggers are also pouring out of countries in Eastern Europe that are less discriminating about what kind of log-in information they capture. China is a major source of Trojan and keylogger programs, such as Myfip, that are customized to steal intellectual property, such as Microsoft Corp. Word or CAD/CAM files, rather than personal or financial information, he said.

Still, some take issue with the dire warnings about keylogging programs.

Eckelberry used his blog to question iDefenses statistics on keylogging programs. He wrote that his companys researchers have identified only "a couple dozen" new keylogging programs since August, affecting only about 8,000 people.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Malicious Keyloggers Run Rampant on Net
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}kw6DىgMrdInkڶ<={P"$1HIVrO=Ox-v'%< BUP(I"n\8ܢd;| `OS{SuuɔiPلި/3}B}F\3Ѣmgb^P$ȁ_ ¢%yH#Ǣu)p#(DsXqLǎH"C'HĴ)*Jd/B(?cc?C=~'f^B(ƻF{ik#2-rt(=yɰ { /\1r.bL{{4ɿT՝ L=TVE;&3ýtXF?D#r<rDJ53g=SےO=s 빎;5H ` YT4ne$DJHn6 \ G-%0/n<{e6O) |@ɠ#ӱCԣZr$˺79h#m#XSKC(DžJ|Eiνoĩq#g־K\)(Uu7Z} nm)kӼ}r>?'7;A:@o&1`JLTRBxd" ԆNY^:'5=(G~㖯[MюR=%Y̮gfVҘ gUUYN:~K~6/NMu}Yf0ZhCA+t?c;sDu|qӹluoz{MZOfٙ{Ά0pgs ZʟZrn`Kk'^3Q&#4}GVKV|&j]}<94INBS[Yt7Q[,/s$B&rZ~@X*V Q3oF5 tA%0ȌSHu t9~mM'C6kiJuf!0ND97j&p3Z&j9T23=jMH:Ƃ5ņ])!edFSmR—U.(AK/- 5|*(If(;΀3 BDԑ?CzC8U%Kus7p#Kfe՜Ӆ]Wa oY#L .ϱ'v"e.ڽ^}8^$g 5F8 ,ieݴ%!8WG%MGR>MGdz\ʡV1p-~~j0B m] :V}y0`h vz?3g0PDj(|჎$>hƋMr>I70i\+Gݺ~L uno7AbC 3껵v&ztH۠h&r<kIOlLJ.??6 ; G`p&;xk=`DkwCPb1LTE}vACAXz>)d@}9\P l~>4-0%6N\KQo -2(%E2 EEKy3@ $hO`z,mbo$?LHX-Vpp(ݞH:w&@-JEs㙰TL٣XB YX/_23CC夦ɴh4Z*ȉ#m"0%X ,gZ X5ֲ fka iқ͑ Kbi]yOe,`b d!1s WQ'sԟx=~ hN'=Ǻd׃ L+f9L)A\_XHaA4m(tsfڰ`) 0|Ch2!i0sM/Xgu׵Lj{rgtK0s k2'yvw=&.Q>juϙܑ-ӾȇRoBoڅRT眺_dA_fMjlȌu>IVB17O wf@nmhIJ:#w4?{`MLE2a=?%nQ/0}ԙQ3BZsOsR| ~2-ʭ%֊eSG{_No6ҁy2Km g@xC dl+ZԵ1D4$B]`}.eGQHīl - 686pR1>7l{`(`R55))Ka4EsXjgܲ&P 7C~0.m^͇V^q:hzE>][`gsGQ,C*8c( >Eװ DؙZU{gm1JhQ˸>q,?XR`.#Všc-fˋ°w^]vˆ?~1l2^ۄC= D+ه0`M EDN6R^-!z0iTҗKJAUc/`k@Lf2Ts`M[`R9cDzl lF CQ>-D.L{ ipj^DZiIf~~~0*Ly.J?}uVN0\?@R)Ö13ghim&{ǙXT'/ł\PZr>r+b"[8:T:$f߂ä:,x"2BO{M{c>4YU j (Lu0Ȑ%=GlThm⻏.1Um$R*lC01^*== 7S_ -ʖ~g˦ijF!YTy3is{"s-_M>%7-gn);pi-uQby.Am /r/|&q3旁 hy2檦dL4Ω,6(H]ӞyM}|O>=a O#UIV:}t;w?LWE}kPgw(*Kq3`93"豥mBtP+'&GlE;<6Xk<v/H|^[~w?I a9p驔rgH*@:erȗ?fnє?UU{MyR̚,*Ajm>a,0rn\#)&!jخOl$oy U8e3 -S`e3˕2~g^`. JU-~ |ѝxAcEi\kxkc}ʧBTuQRnTbPQKJBЛgQ!VA#'"ZAY_Mkhs)p B0_\Gͧ.^ʇ2wI$̸yF0ŗ!%KgO@lXC=B.ܒ(tם7.7f semn-`I3I ˽'jD@KYJ7ѭjCUNJZZ$t` ۳<%8tpL\'eM%%ss< Sn{ܝ9Ѝ0FHΝrQӊ5JR'00 pĵ) rA-GYdQ.|aR)V8N3AJ j ;!(|{W !&6ǷWXOdK!O%EDOCVg' 2+?2 cC7WZU{? D@;n߱?V~ZgZqRFQtW%}wiώHAcԧ˾tڸ>3>L̾~xf;# {LڝgAZrҸGZ`>"u.[1Uˇݏ-sxga\[dzL\1I]2~̮WVs^uayFp0Z<!hXw/Υw{޽Gy-%{wDs=A DH#v YG# B4ۍFSLo2XGz~i4rG/ ^!mBU\׭5g ^|%V}Xq!slP78]TWX* 5 ̀o $*`AQ1 kNG:HvZgp=6&-bT1 _RJMQ6=#DZ^78S%j67 EW%'K; u{--':}mF1џW` e܃*׌Vrh':H 󃗉 NAN>os_-fSsS)" m$jRSfj# $_2JI,v+6ht(lAzW JÚ]eyjt.6V"GX ;[ VxӐ`q4D XY+oxta}XkI-jշɫ؉C.6xeOY-u*G,=t#aEbݙms==vc%vdQ;zZ9,_kAݞpnewrӅ[ey$smCgLرD}4%/5g3 \:`A)cn ~Ujrל8{JnL<2㪏j3b]yvH.s8pfi#%>iפqja~%X@R;#|$j~>xFM{ua*sǣAlΜu9obJwfi■הa4FKi{޽Ҿ2CWq j:RTsd{I6$BUUk ۻʾZDVe.tٓ^t;>ri ,F}d3D?ye1}doxzoo=إ&<C?'X}& ~ ]=PH=w뻿TRk,$rD.q@[wWEKK㜏qzeYj ȓGDK`!i>R_{k!bi4V3XT=}v[fv?sLxj Yj襶N<,:ƛ;`!3ȑ'+Ӡ9MH.vG )$T8x l?|nwkJljl 4QbhLwrEs _5DmN XW+Oiƿ'!IVܱS,*_1;hVŗ3SOp&5V)&5ŗ.%_h3[a@xyS/rK[⹏^}lQۏo%~!әi*2٭[9q@W)jʡ/ XPLދZk0]z!"C#= X8O^ȳLKn#pXԗ:w), R溅Ȼ ;D ,w\* c+>7]~8tn;< U|YQ7gx1C.9a@1x,<R&wU?<:yok(}F㽄&rKwLܔ'rƵZ5F+eMT97GK9ϓGһGf19x<>˰a0Bn|80w=2,@4I*J4Z)1Zɠ>o껔aey@$F ؅SO4|nJjVI쵤F<xXf=EL1Tӓ!lٕ-x3eD} RZ6$q ۙjP7?"aiIaC{; Mɔ/uHַ,(ղV|<і#KLZZv,n#‚ǗSXQu+u]jK=fI ?;zH"U0ϋ#׷-[J*-[^\\`` J~p} G:5CKdb]UEQR+)zũ~p- @,CkAOҨl`du,"`EIbߊ u1®cwO+oiUzqj_%t@ҙ~2-a=GX=}]a\6B ڤ#3'qQRo6:3 ` 3I6{THgF6j] i [ڑTMR6D+/VrL ӠG3}:7#px&<'$$IPZpzJsOD!%ooooW|`^A] IUt ~ 5dzs_kW: ^`ugo==Jx(oj}[lHPX4xT|`Zh6a ªh>Y[9IcmN_jZ`Ʊ,:LjQןK7nwqHYZ^!z+pk;5& P+A'[;\h:!"(! }x,4iTQ,` # 47 sE* ~=\B4J3R^-=~ XҹކiU=~QHYE t[X5UO:}a~n!0 ^+֢aQ_ȼ-L/wT¥"K z̵}L>3꬈y%e0$2 -EFHFq|Ԑ_!Y_O]QǣyyyyxO{OüIs?8a>{3=,;M&Ak2Mn'W?ͯǑ |E07.N)۸YpkmTRcu[*=7[Gx/퓋7=TWꈩ(kӿ1N :X<B̳ Ƌ!o=B{[\ۖÜc'fp(]s3L?鰤C"&pP]}zUcxmq9vE^h~aǎ_wTcT<$(nʭ(Z@lng+h"=Y:\Ǎ6k'`iH !:-Fr41R@ܝ\O/ :ä=&O&B{4WR\0kL]'긯 7".FڗL<8JQXcJ:*9s/t*LI|| q-&Q q {/7@=i };)|G=(5t=3{Tx^DE~_t` Pְj K&&R]Ɔmc#cYx|=ByDoi.k2e9Lt"'Ʈ$Jjad/|$ƽ)tyϹgL{h 긺\NZaZވ[+W#rd!qbR%=3.g`zҧ%Ed#usK%XSuZ#T@,|<7gQ&F:<}Q-DR!&Bg|2=!Al9 c;ZV]M+_XQ! ExWx.%5&¯[I{e>dfs;'-:s^aci7t]stKs>K3B;sl^?bu{ι0A䬼6jYqc[RJBYIc4K":;MDs 3]3mS? ʠ::Iϥ#S#HG*%_Dx}%rc&[q{Z௩GL oM_ňR>fD+9m& OW1h?`˄B"1 \TbЭB1˪M;InP}sY?e=` '2t/xqB =Nl~##dM,çF|U:k|%wřbܶh:&|yM .Mo Arj$p N? Pm¼܏@BSR8Gd.$1' Ԕk3`x*+_!߰VIm{7i-cPQ}*<\faH9p=S-q^R1@Q>~1&v+!"L 6@@P0H73>ۈ) 0鄗05g3bwp]ߒ2'уD\11Faŷ^(l;b21cR<ût?pH- 0@S ,PV: 1n Q&@Ĕv7UI8FXͭ03L\w,rxj" U-x})lH rN+Mo )n}nI&5/6΁3?@_ kȿޜl%t]f#7緀vF~O>y!N~ٜiVF>?t.3z!sfE\_,@ߋ ^}.2s_dy2z'ge_@EF>e^\f%eu݌wAt3OK7C\\eԿʨ s?=eg_>f'}Sn &+&oon2/9IR< 9k\픊$#dK "~)+P g ~-2*B @^~ Km%R+ ]Q%=Mk[I2n@+ȣ_K^浽I]:yDǹW4<< X1rnms-ǧ-c#h6 .Ñp[y]sҗe&o~<̊.ݞ܃~n7}z n_L|uӚܴOv<2kSյ ~3O߆z+?^joD{>'K_5}ςoĭ:Sw}HMԳpNR?Ѱs3@z:}Ks~o^`d@R#9w>EM++J9wWrDaDDjC jJUN-aX,g/G2l]{^{%xnhy=q̐r{h[-}"z5^>&G'&>k5qsZAV7t3^8,{;7i5@18LapTR P}oy =u YN5❛UgĐ.eа!K؊9NحQ0 &N>@O_35<>{0rV0@z4}z<83mJ eYHZNXv7i\~c7IHxLkFS1aLi߻I[E{=M,Ar2F"g}#av1<́PlDm (~%.,״ޔ\XS@8>cc6H[8=ۺ9l؆"0w]Ww-3s~""d`'ńL1L+Y$z b0O|e'qM0O2#0' MĮkfAj3ܴ׮ 39L$&kcm]GJXH %4I o٫:Վɡ= H|WWl+.Ġ/3>g'4WBMxYum&d v"щwlPF ?73"s K0`n犱LZԝ:6Zd9\Af&}#4 (T'znF\Kϐ\8^}x[#rF331F#qy] YV8[T"?z JJ @b Kl|+m{Զ'x* D$ōN_| 3Obx`#n!q٥c*=S2m-)eNtx>=|En[~QڗE@6agG;(HYEҎ_Z@Bo H).ܐOF{)0XPy4wpEf*QTD KQ)Ybd㜙/699jMe '";"U];#6sQ/>yGׂ=Q_fuݍ2ZWŔ+ ]'[ۧ3й?-{/{/y; _X (FbF0s:#JѺ v7"aa|^n1n,ـ9^N ' cwϏq`e{0^Np2$82#" $K,Ma4,Lb=E"ҁ )Q~)'fF :pnbr]Mz3 cJ\4l䣈mAb?ŕc)Oƥ vi2~HvdzU Z-12Ko,gkV"KxGN= k|FXKc.&Ա`=pxѕͮa2F(gjcb>xLXBL6 ISy6:|>!GYELMvv88)ҡCC۾iqR!EfƲ 7cP.~X\ d9[\K>مu3\jώYH~> \99.@|OI"cXI1}aA|@'W~'\B/0,G/X]0^e_:m\t?Jzn`ggFK;,O{(F18y?Zwcoh[{h~xxْ‚҂%!t[4!qE+wh:񱞽Pw r9̳`bhPlQSVIGv붢3HZ\֓CX-l; o]F'e1TU>\JRSk$5ZfLNdƇZQbn-nǝl n%96|L=_[ P%