Educause Security Discussion mailing list archives
Re: Question about malware research
From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Thu, 10 Jan 2008 14:56:13 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello and thank you for your response. I think I should clarify my question. Our developers are more than happy to follow whatever security guidelines we issue, and while I have certainly heard of keystroke loggers with all sorts of capabilities I'm finding it incredibly difficult to actually find hard evidence of the existence of such malware. I suppose what I mean to ask is, where can I find hard evidence of malware that does things like grabs keystrokes, mouse clicks, sniffs traffic, etc? I hate to point to unreferenced articles or analysis of commercial products that have these capabilities. The engineer in me has a hard time recommending actions based only on anecdotal evidence of the existence of certain threats. Justin C. Klein Keane Sr. Information Security Specialist Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences 3600 Market St. Room 512 Philadelphia, PA 19104 215.898.0236(p) 215.573.3166(f) Valdis Kletnieks wrote: | On Thu, 10 Jan 2008 11:25:15 EST, Justin Klein Keane said: | |> ~ I've recently had some questions from developers about the |> capabilities of 'typical' keystroke loggers as pertain to malware |> installed on client computers (can they do screen scrapes, do mouse |> driven user inputs defeat them, etc.?). In particular the developers |> were interested in knowing how serious the threat was and what sort of |> features they could implement to mitigate the threats. | | OK, I'll say this once, in small words your developers can hopefully | understand: | | If any sort of spyware gets on the box, it's essentially "game over". It *does | not matter* that "only 0.17% of systems got compromised by the Klicker-roo | keystroke logger" if the user's system is one of those 0.17%. | | Malware has been seen in the wild that sniffs keystrokes (both grabbing *all* | keystrokes, and looking for strings likely to be passwords), grabs mouse | clicks, defeats banks that put up "click on the image of numbers to enter your | PIN" by snagging a screenshot of the pixels around the mouse, grabs the | contents of HTTP GET/POST requests *before* they go into the SSL encryption | routines, and a lot of other stuff. The fact that there isn't a good way | to get a 'Secure Attention Key' in Windows (at least in a way that end users | can understand) so that the user *knows* they're talking to the software they | expect to be talking to, and no other software, is why there's a lot of | interest in smart cards and USB tokens.... | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHhnhdR4a3EW2yjlQRAlM6AJ91ud9GBv4Kjw1HH7RyxwXnBymUeQCeJOUq Ua63r9CKAqHOe+juG5xDm8c= =D8nj -----END PGP SIGNATURE-----
Current thread:
- Question about malware research Justin Klein Keane (Jan 10)
- <Possible follow-ups>
- Re: Question about malware research Valdis Kletnieks (Jan 10)
- Re: Question about malware research Justin Klein Keane (Jan 10)
- Re: Question about malware research Bill Brinkley (Jan 10)
- Re: Question about malware research Joe St Sauver (Jan 10)