Re: Question about malware research

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 10 Jan 2008 11:25:15 EST, Justin Klein Keane said:

> ~  I've recently had some questions from developers about the
> capabilities of 'typical' keystroke loggers as pertain to malware
> installed on client computers (can they do screen scrapes, do mouse
> driven user inputs defeat them, etc.?).  In particular the developers
> were interested in knowing how serious the threat was and what sort of
> features they could implement to mitigate the threats.

OK, I'll say this once, in small words your developers can hopefully
understand:

If any sort of spyware gets on the box, it's essentially "game over". It *does
not matter* that "only 0.17% of systems got compromised by the Klicker-roo
keystroke logger" if the user's system is one of those 0.17%.

Malware has been seen in the wild that sniffs keystrokes (both grabbing *all*
keystrokes, and looking for strings likely to be passwords), grabs mouse
clicks, defeats banks that put up "click on the image of numbers to enter your
PIN" by snagging a screenshot of the pixels around the mouse, grabs the
contents of HTTP GET/POST requests *before* they go into the SSL encryption
routines, and a lot of other stuff.  The fact that there isn't a good way
to get a 'Secure Attention Key' in Windows (at least in a way that end users
can understand) so that the user *knows* they're talking to the software they
expect to be talking to, and no other software, is why there's a lot of
interest in smart cards and USB tokens....

Attachment: _bin
Description: