Keylogging Trojans Spreading Via EmailMarch 8, 2008 – 3:34 PM
A very nasty trend is developing in the world of malware. At risk is your credit card number, social security number and, indeed, your entire identity.
Criminals are distributing spam emails which purport to link to details of a fictitious credit card order. If someone clicks that link and is running a Windows operating system that has not been patched recently, the page linked in the email will install a trojan onto the PC. The trojan acts as a keylogger, making a log of every key pressed on the keyboard. Someone could log into the trojan and retrieve the log. From that log, the attacker could discover passwords, account numbers and any number of other personal details.
By now, many internet users know better than to fall for so-called “phishing” scams. A phishing scam attempts to trick a victim into providing account numbers and passwords by having them log into an account at what appears to be their bank. In fact, the phisher’s site usually is a mock-up that looks identical to the bank but has no other relationship to it.
This new scam doesn’t require even that much effort. While many people would not be fooled by a phishing attempt, plenty of people would at least click the link to see the details of the fictitious order. If nothing else, it may appear to be an honest mistake made by a legitimate company. If your computer has not been patched for security flaws, simply loading the page is all that is required to install this keylogging trojan. Unfortunately, even being up-to-date on security patches may not be enough as there are plenty of unfixed bugs in Windows. To learn how to protect yourself against this sort of auto-installing malware, read my article on how to prevent a browser hijacking (mirror).