Real-time keylogging to defeat one-time passwords

Here is a report of a gang, apparently in Eastern Europe, who are infecting machines with special keyloggers that send back real-time records of bank transactions. This allows the criminals to conduct fraud at the same time as the user does their legitimate banking. These attacks make one-time password devices, such as the SecurID system, useless. In the online security game, the bad guys are winning…
How Hackers Snatch Real-Time Security ID Numbers

If you computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can’t see.

“What everybody thought was a very secure identification method, these guys found a low-tech means to get around it,” said Joe Stewart, the director of malware research for SecureWorks, a software company. “They don’t break the encryption; they just log in at the same time you do.”

Leave a Comment

Your email address will not be published. Required fields are marked *