Question about malware research

[Justin Klein Keane <jukeane () SAS UPENN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

~  I've recently had some questions from developers about the
capabilities of 'typical' keystroke loggers as pertain to malware
installed on client computers (can they do screen scrapes, do mouse
driven user inputs defeat them, etc.?).  In particular the developers
were interested in knowing how serious the threat was and what sort of
features they could implement to mitigate the threats.

While I have a lot of anecdotal evidence and isolated examples I find a
dearth of hard evidence surrounding the prolification of this type of
malware, their typical feature set and other empirical data about them.
~ Does anyone know of a good place to look for analysis of this type of
malware or strategies for gaging it's capabilities?  I'd be comforted if
I could say something like "BigNasty.a included a keystroke logger and
screen capture at random intervals but no way to intercept mouse clicks
and it infected X machines, however PugLugWorm included a sniffer that
captured all HTTPS form posts so it would be able to defeat some types
of security protections but it isn't widespread," or something of the
like.  I've had a number of recommendations for the SecurityFocus
article http://www.securityfocus.com/infocus/1829, but not much beyond
that.  Thanks for any suggestions,

- --
Justin C. Klein Keane

Sr. Information Security Specialist
Information Security and Unix Systems
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Room 512
Philadelphia, PA 19104
215.898.0236(p)
215.573.3166(f)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHhkbrR4a3EW2yjlQRAoDuAJ9IACEm6QLfPgXa4jMU+HHmlRf3ZgCeIxQ3
gda2+y1olepXsaSbJflk1dY=
=P3rx
-----END PGP SIGNATURE-----