Social media philosophy blog
Wednesday November 22nd 2017

50 ways to steal your password, part 5

Malware is the most effective means of long-distance password theft. The concept is an umbrella term for all kinds of malicious code. In the old days, computer virus were created as pranks and you knew that you had one, since it in one way or another harmed the computer. Today, computer virus is big business, or rather, big cyber crime business. Computer virus is intended to be like a parasite, undetected, with the host alive.

There are three major genres: spying, remote control and identity/password theft. Spying is mostly targeted at the industrial secrets of major corporations. Internet spying has also effectively replaced much of the old cloak and dagger stuff of national governments. A well-placed malware can easily outperform the traditional efforts of the whole CIA, and this is no exaggeration.

The genre of remote control can take on different forms, most significantly that of the botnet. Infected computers are made into “slaves” and they can be orchestrated by the hundreds of thousands to send requests to the same homepage at the same time, triggering a crash.

The third genre, identity/password theft is the focus of this blog series. The most dangerous form of malicious code is the keystroke logger or the “keylogger”, actually a family name for a number of different programs with the same aim: logging/documenting the activity on the keyboard when the user encounters fields where personal information is to be inserted. The main concern is usernames, passwords, credit card numbers and other forms of identifying bits of information that can facilitate identity theft. The program will regularly send retrieved data to the malware owner.

21. The basic method is that the program simply registers what keys are pressed whenever forms are encountered. However, sophisticated antivirus programs are on the lookout for these activities.

22. Another method is therefore to simply access password data already stored at the web browser as well as the data connected to automatic form writing.

23. One security approach of countering basic key logging has been to avoid log in through the keyboard. Instead, login has been performed through the user clicking with the mouse on a virtual keyboard on the screen. Cyber criminals have countered by devising keylogger-programs that register the utility of the mouse.

24. Another way of dealing with most kinds of log ins is to take a screenshot after the relevant information has been inserted.

25. In addition to keystroke logging, the backdoor is a popular malware-form of password theft. If the virus can create an invisible backdoor to the computer, the cyber criminal can access whenever he or she wants. This method is mostly used for spying and remote control, but access to passwords and other forms of data will be very easy. Sometimes, the backdoor is combined with a traditional keylogger. The backdoor can be used to update the virus and indeed replace it whenever it is quarantined by the security program.

Well, do you have any of these on your computer? You cannot know for sure. Common estimations are that there are 30 new computer virus introduced to the Internet each minute. Sophisticated antivirus programs will discover most of them in time, but there’s usually a period of some 10 days before protection or cure can be downloaded to your computer. In addition, most of the viruses are not fixed. Increasingly, the major tool of security programs is to monitor for suspicious activity. Cyber criminals have increasingly responded by creating malware that disguises suspicious activity. “Your computer is safe,” says your security program. That is not an objective statement of fact. Your computer is never safe.

Leave a Reply