Posted on 02/28/2006 1:16:19 AM PST by neverdem
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information.
But there is evidence that among global cybercriminals, phishing may already be passé.
In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con — the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans.
Two weeks ago, Brazilian federal police descended on the northern city of Campina Grande and several surrounding states, and arrested 55 people — at least 9 of them minors — for seeding the computers of unwitting Brazilians with keyloggers that recorded their typing whenever they visited their banks online. The tiny programs then sent the stolen user names and passwords back to members of the gang.
The fraud ring stole about $4.7 million from 200 different accounts at six banks since it began operations last May, according to the Brazilian police. A similar ring, broken up by Russian authorities earlier this month, used keylogging software planted in e-mail messages and hidden in Web sites to draw over $1.1 million from personal bank accounts in France.
These criminals aim to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather...
(Excerpt) Read more at nytimes.com ...
As the author and seller of a keylogger and screen capture program (www.itksoft.com) I can tell you that the last few years nearly all of the popular anti-virus programs have finally added detection of such programs.
McAfee and Norton both find them. An anti-virus program at my office called Trend-Micro slaps me silly if I even try to look at the C source code of my program. The programs offered as anti-spyware programs generally don’t find keyloggers and screen-capture programs. By spyware they mean things like DoubleClick and other internet popup junk. They are generally not good at finding the seriously dangerous stuff. I've been told by some that MS Anti-Spyware detected my program, but it doesn't on my machine. You need a serious anti-virus program and a good firewall. There are things like spy-cop that also work.
Keep in mind that that game changes every day. It’s a cat and mouse game that I dropped out of a long time ago, but other spyware authors are surely working on techniques to avoid detection. Just because you’re covered one day, doesn’t mean you won’t be vulnerable the next. The best thing to do is keep your kids away from any computer that matters to you. The things kids tend to do on computers are what allow infections.
I am a Mac user. I have no idea what works for Windows people. I've barely heard about keyloggers (though I was a keypunch operator in the late 60's --- :-))
I thought keying in the characters in a random order seemed like a good idea, like a novel approach.
One of those "aha" ideas that could be applicable to other situations which might arise.
Where can I get one of these key loggers... I'm dying to know what my wife is up to on the computer.... ;op
Would I really need a firewall on a dial up modem machine?
As promised, I d/led the Ubuntu .iso from your link and booted it over lunch. It was much better with my hardware than the other builds I've tried - it did automatically find and configure my wi-fi card, and it had a video driver that automatically displayed at the highest screen resolution, as opposed to the 1024x768 that the other builds I tried provided I couldn't test a CD/DVD burn, as the only disc I had was the one with Ubuntu itself on it.
I couldn't get to the Internet because my school requires a VPN connection on its network, and either that can't be done with what's in that .iso or I couldn't figure out how. I downloaded the Linux VPN client my school provides, but couldn't install it because I don't know how to navigate to the directory where the files are stored from the command line (my fault, not Linux). I didn't have much time to play with it over lunch. I'll either figure that out or try to configure WPA for my home wireless connection and report back - I imagine everything else will be much easier if I can be online and have an Ubuntu wiki open to hold my hand.
Study: Nutritional supplements show no overall arthritis benefit
FReepmail me if you want on or off my health and science ping list.
Sounds like old expierence talking. On any modern distrro this is not the case, and hasn't been for several years.
Its not reasonable to compare Knoppix to real distro. Its a gutted system designed to run off of CDroms for specialized applications.
I slapped the SySE 9.3 dvd in my Sony laptop, and it found every last bit of hardware and it all works. The thing would never properly suspend to ram under XP, it works perfectly now.
Put a freshly installed XP on the internet (as do so many new users) is just asking for trouble. Windows 95 was MORE SECURE, because it had less usless services running on open ports.
In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes. This means that a newly XP installed unprotected operating system connecting to the Internet for the first time will, on average, be attacked within 9 minutes and compromised in some way. This applies to XP Pro as well as Home.
Every modern Linux distro installs securely out of the box. (Except Red Hat).
I understand you live in great fear of the command line, but humor me: open a cmd prompt and type "netstat -an" without the quotes. If you can not explain every line that ends with the word "LISTENING" you are in trouble. I guarentee you there is an exploit for every one of those.
bttt
Perhaps a good emergency last ditch approach when you have to use a public terminal such as a machine in a library or internet cafe.
You sure can't get much work done that way but it might be suitable for login purposes.
However, the point you miss is that the machine with a keylogger has ALREADY been compromised, so there is no telling what else is on it, and going anywhere near your bank account, email, or bill paying site on a compromised machine is foolish.
Whats dial up?
.
.
.
.
.
Sorry. ;)
Egress blocking (preventing outbound connections) is one way that these things can be stopped, but doing that on anything but a few (source/target) port pairs becomes very burdensome and debilitating. Key-loggers that always connect to a specific port on the remote recording host can be blocked fairly easily, however the writers of these things adapt very quickly. (These people are not dumb, just misguided).
Getting Microsoft's firewall set up in paranoid mode or using Zone alarm in its most restrictive mode can give you an edge, as these will pop up and ask you if you want to allow that program to use the TCP stack.
However ZoneAlarm and similar programs are being outwitted every day, because they rely on inserting themselves into something called the "Layered Service Provider" chain which is Microsoft's method of letting many programs examine a outbound (or inbound) packet by handing it off from one to the next. This can be circumvented, and some of the most recent exploits do just that.
An example in my mailbox today.....
"Dear PayPal Customer,
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address.
If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the log ins, please visit PayPal as soon as possible to verify your identity:
https://www.paypal.com/us/cgi-bin/webscr? cmd=_login-run
Verify your identity is a security measure that will ensure that you are the only person with access to the account.
Thanks for your patience as we work together to protect your account.
Sincerely, PayPal"
If my VISA card no. is 4567 0003 1966 2924, I type something like 5674 3000 6619 2429, and then CUT and paste, ALTERNATING between the mouse and control-X and control-V, to put them back into the right order. I've only found one website which doesn't allow you to do that, so guess what? Right. They lost a customer.
Since new and ever more clever trojans and spyware are invented every day, your use of online banking and business with critical data should be limited to whatever you're DEAD SURE cannot be cracked. On PCs that's VERY limiting, IMHO.
Thank you!
I would like to debate you on why you think anyone who does not suscribe to your world view needs a 'clue.' But anyone who cannot capitalize God is a lost cause. Let's try again this again when you mature.
I d/led and burned those distros (Knoppix 4.0.2 and MEPIS 3.4.3) last weekend. I had a much better experience with the Ubuntu build that was recommended to me last night.
In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes.
Is this still accurate with SP2 enabling the built-in firewall by default? I don't use the Windows firewall, but I looked at the source that the link you posted used, and it indicated that "9 minutes" is off by an order of magnitude, and makes no distinction between systems that do and systems that do not have at least the bare-bones XP firewall enabled.
I understand you live in great fear of the command line
I have no "fear" of a command line. But a modern OS shouldn't require that the user need to go to the command line to execute common operations. Additionally, I'm unfamiliar with *nix command line functions, so I'm at an automatic disadvantage versus the Windows command line, with which I've had many years of experience. But I'd be glad to humor you:
open a cmd prompt and type "netstat -an" without the quotes. If you can not explain every line that ends with the word "LISTENING" you are in trouble.
Good; I feel better about my own security. Four ports listening, three of which resolve to localhost (I promise not to hack myself) and one of which resolves to Firefox.
Having said that, the Ubuntu LiveCD I burned this morning was much better at recognizing my hardware. It natively supports my maximum screen resolution as well as my wi-fi card. However, it doesn't automatically mount my hard drive, and it doesn't seem to have native support for VPNs (which is how my school secures its wireless networks) or WPA (which is how I secure my home network). Each of those problems can be overcome, but I have to go to the command line to mount my hard drive and then to load the WPA and/or VPN driver. I don't mind that, if I know what to do, but I don't know how to do anything from a Linux command line, so I have to find a Web resource and copy what it says to do.
I know most of these issues could be handled automatically on subsequent boots if I were installing to a hard drive, but that's contrary to the idea of a LiveCD. What I'd like is the ability to store things like my hardware system configuration, my hard drive mounting, and some basics like WPA and VPN support, either on the disc (the .iso only takes 650MB, leaving room on either a 700MB CD-RW or the 4.7GB DVD-RW I used) or on a USB drive, such that I don't need to do all these things manually every time I boot. If I could do that, I could make a fair comparison between Ubuntu and XP. Is it possible? I don't know, but I'm sure the Linux experts here will tell me. I'd just like the fair opportunity to show that my XP install is safe and that I am giving *nix a chance, rather than getting flamed for being more comfortable with the OS family I've used for close to two decades.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
Ah, the old 'Attack the messenger' ploy. Grow up.
Yes. It really isn't much of a firewall. Better than nothing, but it does no egress filtering. A 30 dollar router is a better bet. (They are usually running Linux inside). have no "fear" of a command line. But a modern OS shouldn't require that the user need to go to the command line to execute common operations. Additionally, I'm unfamiliar with *nix command line functions,
You don't have to use the command line functions, there are gui tools available for everything. Command line functions are usually faster, and more educational. After all, you learn nothing clicking that button. I submit that your unfamiliarity with Unix command line functions probably extends to the Gui functions as well. So your problem is not with Linux, but simply with the current level of your learning. (This is not intended as an insult, just the statement of the problem).
Good; I feel better about my own security. Four ports listening, three of which resolve to localhost (I promise not to hack myself) and one of which resolves to Firefox.
Ah, better check again. Listening ports don't resolve to hosts, and firefox should never be listening. Services (programs) "Listen" to specific Interfaces (network cards) on specific ports. It is possible that there are services listening only to to localhost interface, But these can be quite serious in nature if you don't know what they are.
I'm alarmed that you think Firefox is listening. Actually, I'm more alarmed that you are not alarmed at this. I'm more than a little curious as to why you think one of the listening programs is firefox, because Microsoft's version of netstat is too brain dead to tell you the process name.
(I mean they stold the program lock stock and C code from BSD, there was really no reason to gut half the functionality out of it, the BSD license allowed them to steal it).
Having said that, the Ubuntu LiveCD I burned this morning was much better at recognizing my hardware. It natively supports my maximum screen resolution as well as my wi-fi card. However, it doesn't automatically mount my hard drive,
Its a live CD, its not supposed to mount your hard drives because its intended that you can test the system without disturbing anything on your machine. Its not always safe to mount an NTFS partition read-write under Linux anyway, depending on which version of SambFs is distributed with the distro.
With a formal install, you would find it mounts everything properly.
I must point out that Ubuntu is a minimalist distro. A very good minimalist distro, mind you, but nothing like you would expect to see with SuSE 9.3 or 10. I'm typing this on Ubuntu.
and it doesn't seem to have native support for VPNs (which is how my school secures its wireless networks) or WPA (which is how I secure my home network).
Again these are problems of using a live cd instead of a proper install. Since they can't fit everything they need on there, and since they can not store any settings on the CD, they are forced to give you just enough to get by and that requires you to manually configure things. A proper distro would support both open-vpn and free swan, (alternatives), and there are gui configuration utilities for both.
If I could do that, I could make a fair comparison between Ubuntu and XP.
Which is still quite a ways from a fair comparison. A better bet would be SuSE 9.3 and XP, or any full sized distro that ran the full KDE suite. Most modern Distros, (And even Ubuntu if I'm not mistaken) have the ability to shrink your NTFS partition and make room for a dual boot install of Linux. Better to find another machine for your first attempt, especially if you need this one for your work/school.
flamed for being more comfortable with the OS family I've used for close to two decades.
You took 20 years to accumulate your knowledge of Dos/Win31/Win95/Win98/Win2k/WinXP, but you expect Linux to flip a switch and make you an expert without the need to learn anything or ever type a command?
Oddly enough, Linux is up to the task. If you had a proper install of any full scale distro with KDE, you would be able to do everything with a gui, and transition virtually everything you do on Windows to Linux, and be productive in a couple days, even if you still don't understand it all.
The hardest part is getting use to the weird names. You don't fire up Word, you use OpenOffice.Org writer, Or KOffice, of Abiword, all of which come free. (Shucks, some Distros even throw in Word Perfect FWTW). They will all open and save Word documents. You don't have Internet Explorer (If the truth be known, its the source of a large part of Microsoft's problem). You have Firefox, Epifany, Opera, Konqueror and Mozilla. Oh, yeah, and Lynx. Almost forgot that one. (Over kill? Yes, but why not?)
For your first distro, I highly recommend a boxed set of SuSE 9.3 (not latest but probably cheap and easy to find) as it comes with one of the better manual sets in the industry. You need this for your first distro. Either that or someone to teach you the same way someone taught you Windows over the years.
I type this on a old laptop, which has no prayer of running XP, it barely handled Win98. It didn't do well at all with a big SuSE distro.
Yet it works great with Ubuntu. Just fine for reading FR and general surfing. Its connected directly to the net. No firewall needed, because no ports are open.
If I had to add a anti-spyware, anti-virus, a firewall, etc, etc, etc, I would just have to toss it out and get a new machine.
I'm constantly astounded to watch my friends bring home big fast new machines with XP on them and become infected within a day. Then they have to go out and buy more software to keep the machine running (or pay me to fix if for them), and then more software yet to scan for spyware.
Then, heaven forbid, they install Norton (absolute rubbish) or McAffe (almost as bad), and then their real problems begin.
Pretty soon their machine is running as slow as the one they replaced due to all the protection they require just to keep it running. Whats the point? If your car gave you as much trouble as most computers you would trade it in in a heartbeat.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.