6,191 keyloggers were reported in 2005 as compared with 3,753 in 2004 and barely 300 in 2000. According to a study by iDefense, the number of software programs spying on keystrokes is increasing with astonishing speed. Although often neglected in comparison to viruses and other Internet threats, keyloggers have lately become a favored weapon among hackers. They even head the list of threats outlined by security organizations such as Clusif (a French IT security club) in their annual reports for 2005. How are these malicious codes transmitted? How can you protect yourself against them?
As its name implies, a keylogger records all the keystrokes made by a computer user: everything they type, such as emails, documents, URLs in the address bar of their web navigator and, above all, user codes and passwords for all online services. Needless to say, what the keyloggers’ authors are most interested in are access codes to online bank accounts. Don’t forget - keyloggers are real spy software which can endanger all your confidential information! These malicious codes also exist in material form (keyboard adaptors for example), even if these are only used in very specific cases (industrial espionage or very strict parental control). Keylogger software can be found everywhere, however: in an email, on a booby-trapped website or connected to a Trojan horse or virus. Once the booby-trapped file is executed, it starts to record keystrokes and email the data to its author. Some keyloggers are even teamed with other types of spyware which perform screen captures.
Experts have lately noticed a worrying rise in cases of banking fraud involving keyloggers. A fraud targeting the London offices of the Japanese bank Sumitomo was discovered in March 2005, resulting in one person being arrested as they prepared to embezzle 20 million euros using access codes obtained thanks to keyloggers. The fraudster had planned to use this method to misappropriate as much as 315 million euros. Also last March, a hacker in New York was sentenced to 27 months in prison for collecting almost 450 passwords using keyloggers that he had installed on Internet terminals located in airports and cybercafés. Customers of French banks have also been targeted by authors of keyloggers who tried to trick them with infected emails.
Faced with these risks, several banks have developed extra protections against keystroke espionage. More and more banks are using virtual keyboards which allow customers to enter their codes by clicking on figures in the form of images.
Last March the Kelvir virus, which spread through instant messaging, tried to infect its victims by introducing the Spybot worm. In addition to opening a back door on the computer, stealing CD activation keys for some games and attempting to end processes, the worm also installed a keylogger. Classed as a level two risk by Symantec, Kelvir and Spybot are examples of recent viruses which add the spying actions of keyloggers to the other harm that they cause. The Bugbear worm, which caused devastation in 2003 and 2004, also contained a keylogger that was very careful not to arouse the user’s suspicions. It only sent its keystroke records when the user was connected to the Internet, thereby avoiding any attempt to connect to the Net that would strike the user as strange.
Where possible, try to avoid accessing your online bank account from public computers where you are unsure as to the degree of protection. On your home computer, Norton Antivirus will protect you from these evil codes. The software detects and deletes the majority of spywares, keystroke memorization programs and other undesirable surveillance software. For more complete protection, you can opt for Norton Internet Security which includes Norton Personal Firewall and Norton Privacy Control.
