Keylogger Threats

Keylogger Threats Rise 65%
Secretly installed programs that track keystrokes represent a growing security threat to consumers using PCs.

Threats from keyloggers, the stealthily installed programs that record computer keystrokes to help steal personal information, grew 65 percent this year, a study said Tuesday, marking a growing trend in hackers using malware for financial gain.

About 6,191 keyloggers were recorded this year, up from 3,753 in 2004, said iDefense, a security intelligence provider that is part of VeriSign. iDefense recorded 3,753 keyloggers in 2004, a huge leap over the 300 released in 2000.

“Keylogging is a very effective method for hackers,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. “Fraudsters can launch hundreds of these attacks around the world in seconds, gathering sensitive data to conduct large-scale monetary transfers for their illegal activities.”

Keyloggers are largely distributed by organized cyber theft groups and are typically packaged with phishing emails or spyware, said iDefense.

A keylogger runs in the background, recording all the keystrokes of a user and hides it in the machine to be retrieved later. Once a keylogging program is activated, through a command from the hacker, it provides the hacker with personal data such as addresses, account numbers, or passwords—basically any strings of text a person enters.

“The object of a keylogger is to get the coveted password,” said George Waller, executive vice president of StrikeForce Technologies, a security company specializing in identity assurance products. “Keyloggers can capture keystrokes without you knowing it while advanced programs can even grab cookies and scrape the screen to get personal information.”

Keylogging can be perpetrated through emails known as phishing attacks. In these emails, users are lured into clicking on what seems like a harmless link. Once they do, a program is secretly downloaded into their computers.

The programs can also be spread if they are embedded on iPod files or picture files on major web sites. Hackers use techniques including chat program Internet Relay Chat and programs like trojans that give hackers backdoor access to systems to gather and filter logged keystrokes.

“There are so many victims because so few know the risk or the early warning signs; you simply can’t stop what you can't see,” said iDefense’s Mr. Payne.

Powering Identity Theft
A reason keyloggers are gaining attention among hackers is their potential use in identity theft.

“A sizable amount of these identity theft cases are the result of keyloggers that most people don’t realize they have on their machines,” said Mr. Waller.

The rise in keylogging is part of the trend of creating worms, viruses, and malware for profit. The Zotob worm attack in August was part of this trend, said security experts. Zotob attacked major corporations by exploiting a vulnerability in Microsoft’s Windows operating system and signaled the rise of the “business worm,” or a new type of malicious software that targets enterprises rather than home users (see Zotob Heralds ‘Business Worm’).

“This is part of the process where attacks are moving from notoriety to criminalization,” said Ken Dunham, senior engineer, iDefense. “Hackers want to create malware they can leverage and use for identity theft and which can financially benefit them.”

Keyloggers have, however, flown under the radar as consumers and businesses have had their resources diluted because of the rise in the number of security threats this year (see Security Threats Rise 22%).

“Keyloggers are part of the latest wave of security problems that people don’t even know how to detect,” said Mr. Waller. “There needs to be greater education about the issue and how keyloggers perpetrate.”