Posted by:
admin
15 years, 11 months ago
According to David Aucsmith, architect and CTO, Security Business & Technology Unit at Microsoft, 15% of corporate PCs have key stroke loggers.
To quote the article:
In another study of spyware penetration, it was found that 15 percent of corporate machines had keystroke loggers, Aucsmith said, noting that it's "an extremely big cost for us (at Microsoft Corp.) -- dealing with spyware on our boxes."
So it's not clear if that is a Microsoft internal number or a study somewhere. I can't find a study that mentions that percentage of penetration by keystroke loggers. If the percentage is that high for corporate PCs, it must be huge for home PCs.
As Aucsmith pushes for stronger authentication, better firewalls, etc. he notes that:
"We've seen an explosion of criminal enterprise moving onto the Net in the last 18 months or so," he said in describing hacker motivation trends. "It's no longer just for kicks. It is for making money."
I think people need to realize this. It's not clear to me that people understand that the same people sending spam are trying to steal their identity.
This is the first time that I have seen this:
Most now have a financial variant. "Bots are very cleverly used now," Aucsmith said. First they become a spam relay. When that gets shut down, they become Distributed Denial of Service facilitators. Later they can become keystroke loggers hunting for financial or software license information.
I guess I always assumed that a good trojan would do all of those at the same time.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)