Posted on 02/28/2006 1:16:19 AM PST by neverdem
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information.
But there is evidence that among global cybercriminals, phishing may already be passé.
In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans.
Two weeks ago, Brazilian federal police descended on the northern city of Campina Grande and several surrounding states, and arrested 55 people at least 9 of them minors for seeding the computers of unwitting Brazilians with keyloggers that recorded their typing whenever they visited their banks online. The tiny programs then sent the stolen user names and passwords back to members of the gang.
The fraud ring stole about $4.7 million from 200 different accounts at six banks since it began operations last May, according to the Brazilian police. A similar ring, broken up by Russian authorities earlier this month, used keylogging software planted in e-mail messages and hidden in Web sites to draw over $1.1 million from personal bank accounts in France.
These criminals aim to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather...
(Excerpt) Read more at nytimes.com ...
Okay, TTY then. I'm going to go 'ambush myself' with another cup of coffee. :-)
Bump
Sigh...and I just had said I'm going to bed.
If my machine's been hacked, then my firewalls and other antivirus and antispyware programs haven't noticed. None of my files have been opened, changed or deleted, and no new ones have been created. No new services or processes are running, and no existing services or processes have been stopped. Nothing's been added to or deleted from the list of programs, processes, or services that start when my system starts up. No packets are entering or leaving unauthorized ports, and no programs are sending or receiving packets from the few ports that are open. Nothing is being redirected by my browser hosts file. No system resources are being used by anything unauthorized. So whatever those Russian haxxors did, it had no effect on either me or anyone else. What is it, exactly, that they did, anyway?
Then it should be good - for another year or so.
:)
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
And how are you to know exactly what that is, if you Google or Dogpile for things very often. Something that looks innocuous could be a real gotcha.
Shouldn't it tell you something, that you need to run your Windows computer like a police state to even begin to make headway against the cyber pestilences?
"I recommend Ewido and Microsoft Anti-Spyware - they're both free."
I just copy and paste passwords and IDs.
I'm not convinced that it's good now. There are several pieces of known malware that default to 'ignore' as the recommended countermeasure. Claria (Gain) in particular.
(ahem) coincidentally, there was some talk of Microsoft buying Claria. I think they're denying it now, or have scrapped the idea.
To get the most out of what is now 'Windows Defender', one really must closely watch it's recommendations for what constitues a threat and adjust those actions, accordingly.
Thanks for reminding me of something. (No quarrel with your list of resources- it just made me think of something)
The Internet is FULL of bogus 'antispyware' applications. If you run one that has claimed to have found something and wants thirty bucks to clean it off for you- you have almost certainly got a bogus app.
http://www.spywarewarrior.com/ is a resource that tests and maintains lists of the good and bad ones, and has a very active forum that is staffed with volunteers who have helped innumerable victims of this stuff get it off of their machines. It is also a good place for IT people to look up a specific procedure without wasting ages dissecting some particular piece of malware.
"The Internet is FULL of bogus 'antispyware' applications. If you run one that has claimed to have found something and wants thirty bucks to clean it off for you- you have almost certainly got a bogus app.
http://www.spywarewarrior.com/ is a resource that tests and maintains lists of the good and bad ones..."
I haven't been to 'Geekstogo', but I agree with the Spywareinfo forum as being a premier resource.
I also read:
http://www.benedelman.org/
And the forums at:
http://www.aumha.org/
http://www.sysinternals.com/
Thanks- Hadn't seen those!
Just a note to all- don't EVER buy antispyware software from an ad that appears IN A POP-UP WINDOW! It's like finding a brick in your living room that's been thrown through your window, with a glass company ad on it, as far as I'm concerned.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
bump!
This is the part that I find difficult to believe.
There must be a link in the exploitation chain that the user can have control of on a "live" basis, as it happens.
For instance. No email goes out, ever, without an active confirmation...
Surely, the forces of good is as innovative as the forces of darkness...
Keyloggers can't detect mouse position?
Better still, use copy/paste, especially on a public machine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.