Posted on 02/28/2006 1:16:19 AM PST by neverdem
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information.
But there is evidence that among global cybercriminals, phishing may already be passé.
In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans.
Two weeks ago, Brazilian federal police descended on the northern city of Campina Grande and several surrounding states, and arrested 55 people at least 9 of them minors for seeding the computers of unwitting Brazilians with keyloggers that recorded their typing whenever they visited their banks online. The tiny programs then sent the stolen user names and passwords back to members of the gang.
The fraud ring stole about $4.7 million from 200 different accounts at six banks since it began operations last May, according to the Brazilian police. A similar ring, broken up by Russian authorities earlier this month, used keylogging software planted in e-mail messages and hidden in Web sites to draw over $1.1 million from personal bank accounts in France.
These criminals aim to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather...
(Excerpt) Read more at nytimes.com ...
Doubtful.
There are already distros of Linux that grandma can use that still won't run a downloaded binary file unless you jump through some hoops.
Windows XP SP2 is neither "buggy" nor a "total seive (sic)". XP for home users has always been vastly better than the crap 95/98/ME line, though until SP2 I preferred 2K.
Personally, I don't care what OS anyone else uses, unlike certain *nix or MacOS fanboys. But I'm willing to bet that you couldn't do a thing to my XP machine.
By the way, the Microsoft antispyware app was written by GIANT and bought by Microsoft, so the "same company" didn't write it. Somehow, I don't see that fact affecting you in any way.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
There are two categories of Linux run-as-root.
There's the standard installed-to-the-harddrive kind, of which I only know of one, Linspire. And even with running as root, it still won't execute binaries that have been downloaded without setting them executable first.
Then there are the Live CDs, most of which run as root. But you can't infect them with spyware.
bookmark
LOL! Yeah, that's why I didn't download anything. Waiting for some expert recommendations.
At least, not until the 2,978,637th exploit is written.
I don't think MS wrote it - I believe they bought the (very) good product Giant had.
Ummmm, nope.
Unless my home partition is mounted noexec, I can chmod a+x any file that I own and it will run. No su needed.
I have a /home/"username"/bin directory on every Unix machine I have an account on, containing everything from shell scripts to java code to compiled C programs. All run just fine.
But it's still better than Windows.
I took microsoft anti spyware off my machine after I read that it allowed some spyware into your computer without your knowledge. Running SpyBot, Ad Aware and AVG now.
Buying or downloading security software for Windows is like buying pads and a helmet so that your 4-year-old can go play on the train tracks.
Yeah but he can hear the train coming!
Funny, I've been filling in passwords in random order for years. Friends thought I was anoidpar
But YOU HAVE TO DO IT. No drive by script kiddie can do that for you by having you surf his web page.
With the SE linux enhancements, you can put the hacker at your keyboard and they seill can't crack it.
I run all those as well. The only thing I've not liked about Microsoft's version is that it automatically allows some registry entries that I don't want, which is why I also run Spybot's TeaTimer, which doesn't seem to have a "trusted" list.
No, it has absolutly no affect one way or the other on my SuSE Linux machine.
Really, it doesn't.
Here's another little goody for seeing what is really going on when you start up the unit. It is a bit geeky if you're a novice- but if you don't know what a particular item is, right-click on it and select 'Google'.
Autoruns v8.43
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
http://www.sysinternals.com/ProcessesAndThreadsUtilities.html
If you're geekier- you can run System Internals 'Process Explorer' in the same directory, and it will integrate with Autoruns.
Caution: if you have no idea at all what is going on in this- be careful. Have a techhie give you a hand with it.
Which will be blocked by my machine's automatic updates before I can hit the snooze button on my alarm. I'll tell you what: you let me know as soon as an exploit makes me insecure, and I'll send you my IP address. If you can cause any effect on my machine, I'll eBay it and buy a Mac. If not, all you have to do is admit that XP can actually be a secure OS. It's a serious bet. I won't hold my breath, though.
Absolutely. This, plus some architectural differences, make any comparison of Windows to Unix pointless. Windows doesn't (and can't) come close to the level of security that Linux and BSD provide right out of the box without sacrificing so much functionality that the box is pretty much useless.
With the SE linux enhancements, you can put the hacker at your keyboard and they seill can't crack it.
I wouldn't go that far. As we say in my line of work, "Layer 1 is a biatch!"
Unless you've used strong encryption on your disk partitions, any security you put on your machine is pointless if I can put my hands on it.
That's why the military posts armed guards outside of their secure communications facilities.
Nothing to lose by downloading and running Ewido- previously mentioned in the thread.
http://www.ewido.net/
I have swept PCs and found loggers with it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.