Key-loggers the new phisherman's friend

[StevenPeterYevchak]

http://www.vnunet.com/news/1162890

"Phishing attacks are increasingly using key-loggers as another method to steal personal information, according to the Anti-Phishing Working Group (APWG).

These attacks usually redirect users to a bogus website and record details once they are entered. But the past six months has seen a tenfold rise in the number of phishing sites hosting key-logging software which can be transferred to a user's PC via an improperly patched browser.

"Phishing techniques are evolving in sophistication and complexity at a rapid pace," warned Mark Murtagh, technical director at Websense, a member of the APWG.

"As awareness of phishing among web users has grown, fraudsters are using new attack methods in addition to fake websites.

"One of the most common forms is where malicious code modifies host files and points end users to a fraudulent site despite them having typed the correct URL into their browser."

At the end of last year there were only 10 phishing sites being found each week hosting such code, but by March this had risen to 100. Some web pages remained up for over a month, but the average time to take down a phishing site was 5.8 days.

The move to key-loggers could reflect growing security awareness among consumers regarding online commerce.

Banks have always told customers that they do not ask for personal information via email, and are working with police and the government on other ways to fix the problem."

And - with SpyCop ( http://spycop.com/products.htm ) now supplemented by ProcessGuard ( http://www.diamondcs.com.au/processguard/ ) - I don't have to worry about this, either! Life is good. Pete

[Doc]

Might I also suggest Bazooka which scans for keyloggers and SpoofStick which is used with Mozilla and FireFox to help identify phishing.

Doc

[Søul]

Geeez! More crap to worry about. I don't like those baaaad hacker people. No Sir!

This is still only directed at email accounts correct? I use SpyBot S & D, Spyware Blaster, Ad-Aware SE, XoftSpy, Yahoo Anti-Spy(came with toolbar), a-Squared, Mcafee Pro, and ZoneAlarm Pro.

ZoneAlarm & McAfee have email monitoring, but I'm assuming that they only watch for viruses. So does this mean that I need to purchase yet another program to protect my email accounts? The only precautions I take now are disabling HTML graphics and not clicking on ANY links from a sender that I don't know.

If you think that I need to take more precautions, what program/s would you recommend to protect my Outlook Express & Yahoo accounts? (I use IE6) Process Guard with SpyCop? Bazooka? Or ???

Thanks,
Søul

[StevenPeterYevchak]

Hi, Doc!

As nice a program as it is, I wouldn't be depending on Bazooka (or AdAware or SBS&D) for effective keylogger detection.

It's bound to have a very limited quantity of keyloggers and their variants that it checks for, considering the fact that the entire Bazooka DB only consists of 563 items - most of which are not related to keyloggers (which accounts for the rapidity of its' scan). This is exactly the opposite of the case you have with SpyCop (currently 514 definitions), the over-whelming majority of which are specifically-related to keyloggers.

I like and use SpoofStick on two of my browsers, too - but even SpoofSticks' own site ( http://www.corestreet.com/spoofstick/ ) says: "It's not a comprehensive solution, but it's a good start." SpoofStick does not give you domain info - so you can still be given confusing results from SS (see this thread ).

Don't get me wrong - both SpoofStick AND Bazooka are very good programs to have on-board (that's why I have them myself) - but when it comes to keyloggers? I just don't feel comfortable with anything less than the best programs for that.

When someone needs a free, cursory check for keyloggers, I too will suggest AA, SBS&D, Bazooka, their own A/V and/or A/T program and SnoopFree Privacy Shield v1.07 ( http://www.snoopfree.com/default.htm ) - which I really like because it's "behaviourally"-oriented rather than dependant upon a database.

But if someone really has a reason to suspect a keylogger, my first choice is SpyCop - every time. Pete

[Søul]

Thanks for the information. I just now got around to reading everything you posted. This link taught me some new phishing tricks to watch out for. > http://www.vnunet.com/news/1162890 <
Sadly, I scored an 80% on the test. I was pretty confident that I could spot them all. Well, they got me!

Again, thanks for the education. I really appreciate it, and I'll take your advice and get those two programs ASAP.

Take care,
Søul

[chaszal]

Dear Soul (sorry, don't know how to do the cool slash through your "o") Thanks for that link. Verrry interesting.
Chas

[Søul]

Thanks for the thanks, but the thanks should go to StevenPeterYevchak who, thankfully, posted it for us in his first post. Thanks StevenPeterYevchak!

That site does has some great security info in it. I'm still mad that I didn't get 100% on the Phishing test though. Mark my words, I wont be fooled again!

EDIT:
I did a bit of reading on this subject and found an interesting graph from 2004 on phishing trends. I think the attacks have tripled or quadrupled by now. Sad.