[funsec] Keyloggers: How They Work and How to Detect Them (Part 1)

Fergie fergdawg at netzero.net
Sat Mar 31 16:23:57 CDT 2007

Hash: SHA1

And for what it's worth, there's a reason why the SANS ISC set
their ThreatCon Level to "Yellow" today...

- - ferg

- -- "Fergie" <fergdawg at netzero.net> wrote:

A very nice write-up by Nikolay Grebennikov over at Viruslist.com.


In February 2005, Joe Lopez, a businessman from Florida, filed a suit
against Bank of America after unknown hackers stole $90,000 from his Bank
of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a
malicious program, Backdoor.Coreflood, which records every keystroke and
sends this information to malicious users via the Internet. This is how the
hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez
often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr.
Lopez had neglected to take basic precautions when managing his bank
account on the Internet: a signature for the malicious code that was found
on his system had been added to nearly all antivirus product databases back
in 2003.

Joe Lopez’s losses were caused by a combination of overall carelessness
and an ordinary keylogging program.



- - ferg

Version: PGP Desktop 9.6.0 (Build 214)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: http://fergdawg.blogspot.com/

More information about the funsec mailing list