Gone are the days where pimply geeks in basements wrote proof-of-concept malware to show off. Today’s threat authors mean business, whether that is stealing millions of rands, proprietary company data or proving a political point.
The majority of cases, says Lutz Blaeser, MD of Intact Software Distribution, are about exfiltrating valuable data, such as financial logins and passwords. “In order to steal this type of data, cyber crooks make use of information stealers such as key loggers, which record the target’s keystroke input. In fact, the majority of malware contains some sort of key logging functionality.
He says this is no surprise, as there are myriad situations in which valuable data can be stolen through keyboard input alone. “Most online accounts for example, require the entering of a password and user name to access them. In addition, social networks, loyalty programmes, email accounts, online payment sites and gaming sites require the same.
Additional authentication is unfortunately the exception rather than the rule. “In some instances, such as when transferring money to an unknown entity, the bank will insist on an SMS’d code to be added, but this isn’t the case when merely logging in to the bank account. A key logger would take care of the standard security measures with ease,” Blaeser points out.
In the past few years, key loggers have been used to steal millions of user names and passwords, and online gaming accounts,” he explains. “Keyloggers can be used by attackers in several ways. The simplest way is to query the global key state cyclically every couple of milliseconds, which will log all the keys that are being pressed by the target at that time.
Another way they are used on Windows specifically, says Blaeser, is to read the key bugger of the window in concern. “In this way the cyber crooks can see which window in particular is receiving which input. The vast majority of keyloggers employ this method.
In the banking sector, key loggers have been adapted specifically. “Notorious banking Trojans such as Zeus are able to intercept the keyboard input directly in the attacked program’s process, which is following the stage where the key buffer has been read. This is known as hooking,” Blaeser explains. “Any good anti-virus programme should be designed with this in mind, and should be able to identify and remove these hooks to prevent attacks of this nature.
* Follow Gadget on Twitter on @GadgetZA