Re: Keyloggers: How They Work and How to Detect Them (Part 1)

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And for what it's worth, there's a reason why the SANS ISC set
their ThreatCon Level to "Yellow" today...

- - ferg


- -- "Fergie" <fergdawg () netzero net> wrote:

A very nice write-up by Nikolay Grebennikov over at Viruslist.com.

[snip]

In February 2005, Joe Lopez, a businessman from Florida, filed a suit
against Bank of America after unknown hackers stole $90,000 from his Bank
of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a
malicious program, Backdoor.Coreflood, which records every keystroke and
sends this information to malicious users via the Internet. This is how the
hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez
often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr.
Lopez had neglected to take basic precautions when managing his bank
account on the Internet: a signature for the malicious code that was found
on his system had been added to nearly all antivirus product databases back
in 2003.

Joe Lopez’s losses were caused by a combination of overall carelessness
and an ordinary keylogging program.

[snip]

More:
http://www.viruslist.com/en/analysis?pubid=204791931

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)

wj8DBQFGDtFpq1pz9mNUZTMRAgJQAKDc/TdS6Ot9isTMDjH4ULyfh5JISgCfR7It
lZbnuP2BmEeNOtiJ+vc/KMs=
=8Wxz
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.