April 22nd, 2005, 06:16 PM
Introduction to Spyware Keyloggers
below is an interesting article from security focus concerning spyware and keylogging... an aspect of certain spyware we often overlook:
Spyware is a categorical term given to applications and software that log information about a user's online habits and report back to the software's creators. The effects of these programs range from unwanted pop-up ads and browser hijacking to more dangerous security breaches, which include the theft of personal information, keystroke logging, changing dialup ISP numbers to expensive toll numbers, and installing backdoors on a system that leave it open for hackers.
Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free. Other sources of spyware include instant messaging, various peer-to-peer applications, popular download managers, online gaming, many porn/crack sites, and more. Note that most, but not all, spyware is targeted exclusively at Microsoft's Internet Explorer web browser. Users of modern Web browser alternatives, such as Mozilla's Firefox and Apple's Safari, are generally not affected by spyware at all.
The most recent delivery methods used by malicious spyware require no permission or interaction with the users at all. Dubbed as "drive-by downloads," [ref 1] the spyware application is delivered to the user without his knowledge simply when he visits a particular website, opens some zipped files, or clicks on a malicious pop-up ad that contains some active content such as ActiveX, Java Applets, and so on. Spyware can also be hidden in image files or in some cases has been shipped along with the drivers that come with a new hardware device.
click here to view the rest of the article
i would cut n paste, but the article is rather intensive, complete with graphics. definitely worth a read in my opinion.
April 26th, 2005, 12:31 PM
I did'nt quite get what this bit was going on about?
Are they saying that Spybot s&D can be used to install a keylogger?
This same keylogger was next installed on a different test PC through another program's installer and then configured to send keystrokes captured in an email to a test email-id. Ironically, the program used for this example was Spybot Search & Destroy [ref 10], a legitimate freeware tool that does a good job of detecting spyware. This is a good example of how other legitimate applications can also be used to install spyware, unbeknownst to the reader.
April 26th, 2005, 01:17 PM
I think they're saying they added some spyware to the installer of spybot. This way when you install spybot, you get the spyware... for free!