Keystroke logging on increase

Keystroke loggers pose more risk to PC users than any other tool used for committing cybercrime, according to Kasperksy Lab.

In its latest report, Keyloggers: how they work and how to detect them part 1, published today, the security company said this threat was even more difficult to combat than phishing attacks.

Because this malware has proved so successful, the number of keystroke loggers has risen rapidly. It found a growth of 500 per cent between January 2003 and July 2006.

The Kaspersky Lab database currently contains records for more than 300 families of keyloggers – and this number does not include keyloggers that are just one component of compound threats, in which the spy component provides additional functionality.

The reason for the growth in this malware said Kaspersky is it works so well. The personal information keystroke loggers harvest paves the way for more serious targeted attacks and it is difficult for the end user to detect and remove.

Kaspersky senior technology consultant David Emm said: "Another problem is that a keystroke logger isn't necessarily harmful - it can be neutral. If it comes wrapped with a Trojan then obviously it is and security products will find this.

"But as this software can be neutral, people use it, for example, to check what their children have been doing online, or suspicious spouses use it to check up on their partner. It therefore has to be identified as potentially unwanted by security software."

Unfortunately for consumers, keystroke loggers are becoming more sophisticated. They can be inadvertently downloaded from an infected website, email attachment or by clicking on links.

Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example bank sites.

Many keyloggers now use rootkit technology to prevent detection manually or if the person is using an internet security product such as anti-spyware and anti virus products.

Once a cybercriminal has a user’s confidential data, they can easily transfer money from the user’s personal accounts. Keyloggers can also be used in industrial and political espionage to access proprietary commercial information and classified government data.

Kaspersky said there should be more proactive protections such as an increased use of one-time passwords or two-step authentication put in place so that this information is of no use to the criminals.

The company will release the second part of the report on 12 April 2007.