Keyloggers on the rise

By Candice Jones for Symantec
Johannesburg, 02 Apr 2007

Symantec documented 6 191 keyloggers in 2005, as compared to 3 753 in 2004 and 300 in 2000.

The number of software programs spying on keystrokes is increasing with astonishing speed, says Premlan Padayachi, consumer country manager for Symantec Africa.

"Unlike other types of malicious programs, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard," says security researcher Nikolay Grebennikov, in a detailed analysis on keylogging by Kaspersky Lab.

Grebennikov says, along with phishing and social engineering, keylogging is the favoured method for cyber fraud.

He says keyloggers are not only software-based systems, which makes them harder to detect. "The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor," he says. Grebennikov adds this could even include a video camera recording a user's keystroke actions.

However, Kaspersky's analysis shows Trojan programs are the preferred means of installing keyloggers.

Padayachi says: "Once the booby-trapped file [from e-mail or a Web site] is executed, it starts to record keystrokes and e-mails the data to its author. Some keyloggers are even teamed with other types of spyware which perform screen captures."

Hidden in Trojans

Trojans remain the top virus attack method, notes Padayachi. "Trojans constituted 45% of the volume of the top 50 malicious code samples, a significant increase over the 23% last period and the 38% reported in the second half of 2005," he says.

Of the new malware samples that appeared last year, 53.6% were Trojans, while 20% of all Trojans detected by Panda ActiveScan in 2006 were banker Trojans - the most frequently detected category of Trojan, says Jeremy Matthews, MD of Panda Software SA.

He says banker Trojans are rapidly evolving, largely because of the use of additional security measures by financial institutions, such as virtual keyboards.

Matthews says: "Cyber-crooks have gone to great lengths to counter such security measures. Just a few months ago, PandaLabs detected Banbra.DCY, a banker Trojan designed to take video shots in order to see exactly which characters users enter on the virtual keyboard."

Grebennikov says anti-virus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious programs. He says by keeping anti-virus software up to date, users can avoid being attacked. The report also says one-time passwords or two-step authentication will help users avoid becoming victims.