Educause Security Discussion mailing list archives
Question about malware research
From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Thu, 10 Jan 2008 11:25:15 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, ~ I've recently had some questions from developers about the capabilities of 'typical' keystroke loggers as pertain to malware installed on client computers (can they do screen scrapes, do mouse driven user inputs defeat them, etc.?). In particular the developers were interested in knowing how serious the threat was and what sort of features they could implement to mitigate the threats. While I have a lot of anecdotal evidence and isolated examples I find a dearth of hard evidence surrounding the prolification of this type of malware, their typical feature set and other empirical data about them. ~ Does anyone know of a good place to look for analysis of this type of malware or strategies for gaging it's capabilities? I'd be comforted if I could say something like "BigNasty.a included a keystroke logger and screen capture at random intervals but no way to intercept mouse clicks and it infected X machines, however PugLugWorm included a sniffer that captured all HTTPS form posts so it would be able to defeat some types of security protections but it isn't widespread," or something of the like. I've had a number of recommendations for the SecurityFocus article http://www.securityfocus.com/infocus/1829, but not much beyond that. Thanks for any suggestions, - -- Justin C. Klein Keane Sr. Information Security Specialist Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences 3600 Market St. Room 512 Philadelphia, PA 19104 215.898.0236(p) 215.573.3166(f) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHhkbrR4a3EW2yjlQRAoDuAJ9IACEm6QLfPgXa4jMU+HHmlRf3ZgCeIxQ3 gda2+y1olepXsaSbJflk1dY= =P3rx -----END PGP SIGNATURE-----
Current thread:
- Question about malware research Justin Klein Keane (Jan 10)
- <Possible follow-ups>
- Re: Question about malware research Valdis Kletnieks (Jan 10)
- Re: Question about malware research Justin Klein Keane (Jan 10)
- Re: Question about malware research Bill Brinkley (Jan 10)
- Re: Question about malware research Joe St Sauver (Jan 10)