Cybercriminals Use Keylogging Software to Steal Your Passwords Secretly
A ring of cybercriminals recently broken up by Russian authorities used keylogging software planted in e-mail messages and hidden in websites to draw over $1.1 million from personal bank accounts in France.
The goal of these cybercriminals was to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake website.
The keylogging programs are often hidden inside ordinary software downloads, e-mail attachments, or files shared over peer-to-peer networks. Because they can be embedded in webpages, they take advantage of browser features that allow programs to run automatically.
The hidden keylogging programs infect the computers of unsuspecting users. This puts the keylogging programs in the category of malicious programs known as Trojan horses, or just Trojans. These Trojans are very selective because they monitor the web access the victims make, and start recording information only when the user enters the sites of interest to the fraudster.
In some countries the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks has surpassed "phishing" messages, those that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. Among global cybercriminals, phishing may already be passé.
In Brazil, cybercriminal have given up traditional phishing for the easier and more profitable keylogging activities. According to data compiled by computer security companies in 2005, the use of "crimeware" like keyloggers to steal user names and passwords - and ultimately cash - has soared. The crimes often cross international borders, and they put Internet users everywhere at risk.
"It's the wave of the future," according Peter Cassidy, the Secretary General of the Anti-Phishing Working Group, a consortium of industry and law enforcement partners that fights online fraud and identity theft. "All this stuff is becoming more and more automated and more and more opaque."
Mr. Cassidy's group found that the number of Web sites known to be hiding this kind of malicious code nearly doubled between November and December, rising to more than 1,900. The antivirus company Symantec has reported that half of the malicious software it tracks is designed not to damage computers but to gather personal data.
Over the course of 2005, iDefense, a unit of Verisign that provides information on computer security to government and industry clients, counted over 6,000 different keylogger variants - a 65 percent increase over 2004. About one-third of all malicious code tracked by the company now contains some keylogging component, according to Ken Dunham, the company's rapid-response director.
And the SANS Institute, a group that trains and certifies computer security professionals, estimated that at a single moment last fall, as many as 9.9 million machines in the United States were infected with keyloggers of one kind or another, putting as much as $24 billion in bank account assets - and probably much more - literally at the fingertips of fraudsters. John Bambenek, the SANS researcher who made the estimate, suggested that the infection rate was probably much higher.
In most cases, a keylogger or similar program, once installed, will simply wait for certain Web sites to be visited - a banking site, for instance, or a credit card account online - or for certain keywords to be entered - "SSN," for example - and then spring to life.
Keystrokes are saved to a file, Web forms are copied - even snapshots of a user's screen can be silently recorded. The information is then sent back to a website or some waiting server where a thief, or a different piece of software, sifts through the data for useful nuggets.
The Federal Deposit Insurance Corporation, responding to the growing threat of cybercrime to the financial industry, stiffened its guidelines for Internet banking in October, effectively ordering banks to do more than ask for a simple user name and password. But it stopped short of requiring, for instance, the use of electronic devices that generate numeric passcodes every 60 seconds, which many experts say would help foil much online fraud, including the use of keyloggers.
Technology for grabbing text and screen images is not new - or particularly sophisticated. Keyloggers are even sold commercially, as tools for keeping an eye on what children are doing online, or what a spouse might be doing in online chat rooms. And while most experts agree that data-swiping software is spreading rapidly, there are some who say the problem has been exaggerated.
Some words to the wise: Being wary of unfamiliar weblinks sent via e-mail is a first-line of defense, according to experts, as are avoiding questionable downloads and keeping up to date with Windows patches and antivirus updates.
It is worth noting, however, that in a test of major antivirus programs conducted in Brazil last fall, the very best detected only 88 percent of the known keyloggers flourishing there. In the United States, on the other hand, victims of fraudulent money transfers are typically limited to $50 in liability under the Federal Reserve's Regulation E, so long as they report the crime quickly enough - within two days. If they report it within 60 days, their liability is capped at $500.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats don't occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!
© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator
Source: Free Articles from ArticlesFactory.com
Related Tags: software, to, your, steal, use, passwords, cybercriminals, keylogging, secretly
Etienne A. Gibbs, Independent Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and pc-disabling issues. For more information, visit www.SayNotoHackersandSpyware.com/.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro - Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t - 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm - Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media - Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit - 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p - Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some - 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh - A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t - Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB - Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo - A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte - Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead - Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in - Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet - The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th - Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services - Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a - Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak