Protecting Yourself From Stealth Keyloggers

There's ample understanding and concern about viruses, worms, and even botnets to some degree.

Most everyone who runs a PC understands that viruses, adware, and the like come with the territory and that it's wise to run antivirus software (or better yet an Internet security suite.)

What's still a bit more murky than viruses and worms are stealth keyloggers--especially ones that report back to a central server in realtime.

What adds to the murkiness is that keyloggers in the eyes of some technologists aren't all necessarily bad.

While some keylogging software definitely is, there's other software out there that are used to help protect kids online and to help monitor employees and public workers who're abusing computer and office time.

The line between good keyloggers and bad ones, really comes down to one thing: what is the keylogger being used for?

In the case of "good" keyloggers, ultimately they're used to protect. Perhaps it's a child, perhaps it's an employer, perhaps it's a government agency, or perhaps it's someone else.

In the case of "bad" keyloggers, they're used to steal, wreck, and ruin. Perhaps it's to steal passwords, perhaps it's credit card numbers or a bank account, perhaps it's an identity, perhaps it's merchandise.

Whatever the case, how evil real-time stealth keyloggers work is a little less of a mystery thanks in part to a New York Times piece in the technology blogs, "Bits," section of nytimes.com

Part of the problem is that these real-time keyloggers are now allowing the cyber-criminals to completely circumvent things like RSA's SecurID system and other similar security technology roadblocks.

As Saul Hansell of the times puts it,

"By going real time, hackers... are now undeterred by systems that create temporary passwords, such as RSA’s SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula.

"If your computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account.

"Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location.

"Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can’t see."

"They don’t break the encryption; they just log in at the same time you do."

I'll hand it to them, it's definitely clever, but what's even more amazing and alarming is that,

"When people visit Web sites that have been taken over by the hackers, the software is surreptitiously downloaded onto their machines.

"Clampi[a particularly nasty Trojan that uses real-time components] has an unusual feature that can take advantage of a vulnerability in Windows and spread itself to all of the computers on a corporate network.

"...each of those machines, in turn, was programmed to notice when their users visited any of 4,600 specified Web pages, including banks, brokerages and other sorts of sites."

As the article asks, "Does this mean the high-tech security tokens and such are a waste?"

Not really, as they still help protect against less sophisticated attacks.

Think of it this way: locking your front door might not deter a criminal willing to smash the window to get it; however, it might deter a good portion who won't smash a window but who would try to turn the doorknob to get in.

Criminals with access to the advanced technologies like real-time keyloggers are still fairly rare; less sophisticated ones aren't.

What's more, even still many of these types of attacks can be thwarted and prevented outright by even "good" antivirus firewall software.

The bottom line is, some security is better than none and multiple layers of security are better than just one. Ideally, you should look to combine: