Educause Security Discussion mailing list archives
Re: Question about malware research
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 10 Jan 2008 14:09:25 -0500
On Thu, 10 Jan 2008 11:25:15 EST, Justin Klein Keane said:
~ I've recently had some questions from developers about the capabilities of 'typical' keystroke loggers as pertain to malware installed on client computers (can they do screen scrapes, do mouse driven user inputs defeat them, etc.?). In particular the developers were interested in knowing how serious the threat was and what sort of features they could implement to mitigate the threats.
OK, I'll say this once, in small words your developers can hopefully understand: If any sort of spyware gets on the box, it's essentially "game over". It *does not matter* that "only 0.17% of systems got compromised by the Klicker-roo keystroke logger" if the user's system is one of those 0.17%. Malware has been seen in the wild that sniffs keystrokes (both grabbing *all* keystrokes, and looking for strings likely to be passwords), grabs mouse clicks, defeats banks that put up "click on the image of numbers to enter your PIN" by snagging a screenshot of the pixels around the mouse, grabs the contents of HTTP GET/POST requests *before* they go into the SSL encryption routines, and a lot of other stuff. The fact that there isn't a good way to get a 'Secure Attention Key' in Windows (at least in a way that end users can understand) so that the user *knows* they're talking to the software they expect to be talking to, and no other software, is why there's a lot of interest in smart cards and USB tokens....
Attachment:
_bin
Description:
Current thread:
- Question about malware research Justin Klein Keane (Jan 10)
- <Possible follow-ups>
- Re: Question about malware research Valdis Kletnieks (Jan 10)
- Re: Question about malware research Justin Klein Keane (Jan 10)
- Re: Question about malware research Bill Brinkley (Jan 10)
- Re: Question about malware research Joe St Sauver (Jan 10)