Phishing has been getting a lot of press as of late. Its the bandwagon phenomena as far as I’m concerned, as the traditional media doesn’t get it until long after the rest of the world already knows it. We are starting to see the same thing happen with spyware, and keylogging is not immune.
Keylogging is the not-so-latest turn in the secure-your-computer saga, even thought folks like CNET say phishing attacks are taking a new twist. Keyloggers, programs which track your keystrokes and mouse clicks without your knowledge, and return the results to some faraway server, have been around for a long time. But, now that the generic email phish awareness factor is growing, thieves are resorting to keylogging as a way to stay one step ahead of the mainstream. Keylogging really isn’t a phishing attempt – the keylogggers are often passed via malicious web pages and software downloads, and once a thief has a grip on your machine, there is no need for a lure.
Fortunately, these nasties can be avoided by using anti-virus and anti-spyware software, and keeping the DAT files up to date. As this article from Yahoo! News notes, the Websense and Anti-Phishing Working Groups’ latest stats reflect some increases in keylogging use, some new variants, and a number of additional websites that can cause infection, not that keylogging is a new pursuit altogether.
Follow the standard preventative measures, and you should be fine.