Incidents

The Persistence of Memory – Chapter one: keyloggers

Today’s arrest of Yaron Bolondi set me thinking about cyber crime and keyloggers. It comes as no surprise that keyloggers have become the tool of choice for cyber criminals. Three months ago I wrote about my experience with a public computer that I was using to access the Internet, which was infested with keyloggers and screen capturing tools.

Last week we received a new Trojan, which called back home through a hacked ftp account on a public hosting server. The Trojan was constantly monitoring the screen, starting to capture screenshots whenever the page currently accessed in IE containes keywords such as “bank” or “account”. Additionally, the Trojan included the usual keylogger component and a module which intercepted all emails sent from the system.

We were glad to notice the above technique was almost useless against e-banking systems which rely on one-time-pad authentication or hardware tokens. Of course, everything else it at risk.

If you have to rely on e-banking – and I have to say I’m a great fan of it – choose your bank wisely. One time pad authentication or hardware tokens are a “sine qua non”. Assuming that the bank’s internal bank network isn’t breached, your money should be safe.

The Persistence of Memory – Chapter one: keyloggers

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox