Blog posts tagged with 'Malware'

How Safe Is Your Web Browser?

How safe is your browser keeping you? Not something we think about in our day to day activities on the web. Register to a new website and your browser asks you if you would like to save the login information, out of sheer convenience most of us would say sure, go ahead. Not realizing the potential security risk they may have just put themselves in.

In the computer world there are four major browsers that almost everyone uses, we have Chrome, Internet Explorer, Firefox, and Safari. All of these browsers have the ability to save login details for website, and some can even go as far as saving credit card information, for easier shopping. But anyone that has access to your computer can gain access to all of your data. Using password revealers is nothing new to the industry, but if you feel the need to walk away from your computer and leave it up, anyone is able to come up behind you and reveal all of your stored login information from your browser with ease.

Another method that could be used for attackers is by using some types of malware that would be able to use a script to recover the stored passwords database, which if there is no master password stored in the browser for the rest of the password, it will most likely be stored in plain text. These database files resides on the PC in the browsers files structure. If the browser is unpatched or out of date this type of an attack would be common.

One other method that could be used is by an attacker using, what is called an XSS hole. XSS is short for cross-site scripting, and this can be used by an attacker by luring the user to go to a malicious website via email, or by phone, and clicking on a link that sends the XSS code to the browser to retrieve the stored passwords, stored cookies, user data, history, and others.

So as you can see there are multiple ways that attackers are able to retrieve your saved passwords from your browser without you ever really knowing. My recommendation would be to first, do not use the autocomplete or auto-save features in your browser and disable them. If you must use them make sure that the computer, and browser are always updated, and if the browser supports it, set a master password on your saved passwords list.

Tracy Hazelton
System Technologist
StormsEdge Technology

The Unseen Identity Theft - Part 4

How keyloggers spread

Keyloggers spread in much the same way that other malicious programs spread. Excluding cases where keyloggers are purchased and installed by a jealous spouse or partner, and the use of keyloggers by security services, keyloggers are mostly spread using the following methods):

  • a keylogger can be installed when a user opens a file attached to an email;
  • a keylogger can be installed when a file is launched from an open-access directory on a P2P network;
  • a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits a infected site;
  • a keylogger can be installed by another malicious program already present on the victim machine, if the program is capable of downloading and installing other malware to the system.

How to protect yourself from keyloggers

Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date. However, since most antivirus products classify keyloggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common keyloggers.

Let's take a closer look at the methods that can be used to protect against unknown keyloggers or a keylogger designed to target a specific system.

Since the chief purpose of keyloggers is to get confidential data (bank card numbers, passwords, etc.), the most logical ways to protect against unknown keyloggers are as follows:

  1. using one-time passwords or two-step authentication,
  2. using a system with proactive protection designed to detect keylogging software,
  3. using a virtual keyboard

Zachary T. Brown
Marketing Director
StormsEdge Technology

The Unseen Identity Theft - Part 3

Keylogger construction

The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor. This can be achieved using video surveillance, a hardware bug in the keyboard, wiring or the computer itself, intercepting input/ output, substituting the keyboard driver and finally, requesting information from the keyboard using standard documented methods.

Experience shows that the more complex the approach, the less likely it is to be used in common Trojan programs and the more likely it is to be used in specially designed Trojan programs which are designed to steal financial data from a specific company.

Keyloggers can be divided into two categories: keylogging devices and keylogging software.

Keyloggers which fall into the first category are usually small devices that can be fixed to the keyboard, or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes.

The most common methods used to construct keylogging software are as follows:

  • a system hook which intercepts notification that a key has been pressed
  • a cyclical information keyboard request from the keyboard  
  • using a filter driver (requires specialized knowledge)

Recently, keyloggers that disguise their files to keep them from being found manually or by an antivirus program have become more numerous. These stealth techniques are called rootkit technologies. There are two main rootkit technologies used by keyloggers:

  • masking in user mode;
  • masking in kernel mode.
For the full read and all it's helpful tips, click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

The Unseen Identity Theft - Part 2

How cyber criminals use keyloggers

One of the most publicized keylogging incidents recently was the theft of over $1million from client accounts at the major Scandinavian bank Nordea. In August 2006 Nordea clients started to receive emails, allegedly from the bank, suggesting that they install an antispam product, which was supposedly attached to the message. When a user opened the file and downloaded it to his/ her computer, the machine would be infected with a well known Trojan called Haxdoor. This would be activated when the victim registered at Nordea's online service, and the Trojan would display an error notification with a request to re-enter the registration information. The keylogger incorporated in the Trojan would record data entered by the bank's clients, and later send this data to the cyber criminals' server. This was how cyber criminals were able to access client accounts, and transfer money from them. According to Haxdoor's author, the Trojan has also been used in attacks against Australian banks and many others.

In February 2006, the Brazilian police arrested 55 people involved in spreading malicious programs which were used to steal user information and passwords to banking systems. The keyloggers were activated when the users visited their banks' websites, and secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The total amount of money stolen from 200 client accounts at six of the country's banks totaled $4.7million.

At approximately the same time, a similar criminal grouping made up of young (20 – 30 year old) Russians and Ukrainians was arrested. In late 2004, the group began sending banking clients in France and a number of other countries email messages that contained a malicious program – namely, a keylogger. Furthermore, these spy programs were placed on specially created websites; users were lured to these sites using classic social engineering methods. In the same way as in the cases described above, the program was activated when users visited their banks' websites, and the keylogger harvested all the information entered by the user and sent it to the cyber criminals. In the course of eleven months over one million dollars was stolen.

There are many more examples of cyber criminals using keyloggers – most financial cybercrime is committed using keyloggers, since these programs are the most comprehensive and reliable tool for tracking electronic information.

Increased use of keyloggers by cyber criminals

The fact that cyber criminals choose to use keyloggers time and again is confirmed by IT security companies.

Reports note that in recent years, the company VeriSign has seen a rapid growth in the number of malicious programs that have keylogging functionality.

One report issued showed that almost 50% of malicious programs detected by the company's analysts during the past year do not pose a direct threat to computers, but instead are used by cyber criminals to harvest personal user data.

According to research conducted by John Bambenek, approximately 10 million computers in the US alone are currently infected with a malicious program which has a keylogging function. Using these figures, together with the total number of American users of e-payment systems, possible losses are estimated to be $24.3 million.

Most modern malicious programs are hybrids which implement many different technologies. Due to this, any category of malicious program may include programs with keylogger functionality.

For the complete read and all it's helpful tips, click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

The Unseen Identity Theft - Part 1

In February 2005, Joe Lopez, a businessman from Florida, filed a law suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account and finding it had been transferred to Latvia.

An investigation showed that Mr. Lopez's computer was infected with a malicious program, Backdoor: Core flood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez's user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.

Joe Lopez's losses were caused by a combination of overall carelessness and an ordinary keylogging program.

About Keyloggers

The term 'keylogger' describes the program's function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes. This definition is not altogether correct, since a keylogger doesn't have to be software – it can also be a device. Keylogging devices are much rarer than keylogging software, but it is important to keep their existence in mind when thinking about information security.

Why keyloggers are a threat

Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.

Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user's account or access the user's online gaming account. Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual's loss of a few dollars. Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).

In recent years, we have seen a considerable increase in the number of different kinds of malicious programs which have keylogging functionality. No Internet user is immune to cyber criminals, no matter where in the world he/she is located and no matter what organization they work for.

For the complete read and all it's helpful tips, click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology