Re: OT: dealing with keystroke loggers
- From: yirgster <yirg.kenya@xxxxxxxxx>
- Date: Wed, 7 Oct 2009 16:33:46 -0700 (PDT)
So, what's the practical solution to deal with s/w keystroke loggers
that may maliciously be installed on your system? The other discussion
was quite interesting, but I'm into the practical. It seemed like it
was said, re practical matters, that AV s/w doesn't report commercial
keystroke loggers which the bad guys know and thus use.
Just today this issue came up in the explanation for the theft of the
passwords to hotmail accounts. I quote the computerworld article just
following. But the issue is NOT whether keystroke logging was the
culprit in THIS case. It's whether something like this can (and
therfore will) occur.
-------------------------------------------------------------------------
http://tinyurl.com/yb8rl75
Researcher refutes Microsoft's account of hijacked Hotmail passwords
Could botnets, keylogging be to blame for password leaks?
Gregg Keizer
October 7, 2009 (Computerworld) One researcher isn't buying
Microsoft's and Google's explanation that hijacked Hotmail and Gmail
passwords were obtained in a massive phishing attack.
Mary Landesman, a senior security researcher at San Francisco-based
ScanSafe, said it's more likely that the massive lists -- which
include approximately 30,000 credentials from Hotmail, Gmail, Yahoo
Mail and other sources -- were harvested by botnets that infected PCs
with keylogging or data stealing Trojan horses.
Landesman based her speculation on an accidental find in August of a
cache of usernames and passwords, including those from Windows Live
ID, the umbrella log-on service that Microsoft offers users to access
Hotmail, Messenger and a slew of other online services.
That cache contained about 5,000 Windows Live ID username/password
combinations, said Landesman, who found the trove while researching a
new piece of malware. "From the organization [of that cache] and what
the data looked like in raw form, I think it's more likely that this
latest was the result of keylogging or data theft, not phishing,"
Landesman said.
She dismissed the idea that the passwords had been collected in a
large-scale, industry-wide phishing attack, as Microsoft and Google
both maintained.
"Another indicator is the sheer number of compromised accounts,"
Landesman said, referring to the two lists that have gone public.
"Phishing is not generally a wildly successful scam, it doesn't have a
big return. People are more savvy about phishing than we give them
credit for."
Instead, it's more logical to assume that the passwords were acquired
by botnet operators, who hijack PCs using security exploits, then
later plant data-stealing malware on those machines. "That's a much
more realistic source," said Landesman. "Regardless [of] what the
final intent is of a botnet, one of the core capabilities of every
botnet is the harvesting of e-mail credentials. If it looks like a
horse, it's a horse, it's not a zebra."
Landesman's theory contradicts not only Microsoft and Google, but also
the Anti-Phishing Working Group (APWG), an industry association
dedicated to fighting online identity theft. On Monday, the APWG's
chairman, Dave Jevans said a phishing attack that garnered thousands
of passwords was do-able. "It's not outside the realm of possibility,"
he said then.
Also against the phishing explanation, argued Landesman, is the fact
that the second list -- approximately 20,000 passwords -- contained
usernames from not just Hotmail, but also Gmail, Yahoo Mail, Comcast,
EarthLink and others. "That makes [the purported phishing campaign] a
much broader attack across multiple services."
Her first thought when she read about the compromised Hotmail accounts
was of the cache of credentials she'd found two months before. "Those
public lists reminded me of the lists I found," she said. "It was
definitely not a complete list, but seemed to be an advertisement for
what this [hacker] had to offer."
The hacker was either inexperienced, or none too bright: The data was
not password-protected, which is the norm for credential caches.
Landesman's theory is not just an academic exercise, she maintained.
"Everyone who suspects that their account has been compromised should
change their password," she said, repeating advice by Microsoft,
Google and other security experts. "But if, after changing their
password, they have another reoccurrence where they see their account
being used to e-mail spam, or they again can't access their account,
then they need to suspect that there's a local infection on their PC."
On Sep 29, 3:32 pm, "yirg.kenya" <yirg.ke...@xxxxxxxxx> wrote:
I run several A-V programs: Avira, malawarebytes, and windows
defender. Also RUBotted.
Does anyone know if these deal with keystroke loggers, or is some
other type of protection needed, should it even exist.
Keystroke loggers are my greatest fear. Wake up one morning and
everything in your account is gone. There's an article in
computerworld today, although that virus can (for now) be dealt with
by AV programs. Not clear whether keystroke logging was involved.http://tinyurl.com/yarkwlh ; headline: School boards hit with cash-
stealing Trojan.
TIA. Yirg
.
- Follow-Ups:
- Re: OT: dealing with keystroke loggers
- From: RnR
- Re: OT: dealing with keystroke loggers
- Prev by Date: Re: Third HDD Problem
- Next by Date: Re: OT: dealing with keystroke loggers
- Previous by thread: Re: OT: dealing with keystroke loggers
- Next by thread: Re: OT: dealing with keystroke loggers
- Index(es):
Relevant Pages
|
