Password-stealing malware becomes more prevalent as hackers aim to stay ahead of technology

News by Dan Raywood

The amount of password-stealing programs has leapt by 400 per cent over the past year.

The amount of password-stealing programs has leapt by 400 per cent over the past year.

According to a report by McAfee, as shopping and banking transactions are now occurring primarily online, password stealing has become a common cybercrime. In many cases, some sort of password-stealing malware makes its way onto victims' computers.

It claimed that the most common distribution methods for seeding password stealers are spam, such as with fake invoices or UPS notifications, where users are often tricked into opening allegedly legitimate PDF attachments and subsequently end up with an executable that compromises their systems.

Another increasingly popular and effective way to infect users' PCs is browser-based attacks. Using drive-by infections, attackers allow legitimate and trusted websites to distribute malicious code by hacking thousands of websites in an automated fashion.

The report claimed that the evolution of password-stealing malware is closely tied to advancements in digital security devices, as simple authentication factors that rely only on a combination of a user name and password are easily defeated by simple keyloggers.

For every new obstacle, there is a counterpart in the evolution of password stealers. For example, as soon as banks introduced virtual keyboards that require the user to click corresponding digits instead of typing them, malware authors reacted by implementing screen-capture functionality.

The report claimed: “We're not surprised to see that malware authors not only try to keep up, they even try to stay one step ahead. To avoid having to tailor their password-grabbing forms to match the security precautions and layouts of targeted banking websites, attackers redirect DNS servers or hosts files to point to their own servers.

“An infected user intending to connect to the Bank of America website would be directed to a lookalike site hosted on a different server, which, of course, belongs to the attacking party. A different scenario using DNS hijacking is to remotely act as the ‘man in the middle' by wiretapping network traffic and then rerouting the (modified) traffic to the real destination and vice versa.”

Stephen Howes, CEO of GrIDsure, applauded McAfee for highlighting the issues in the report, but claimed that ‘people will read this and put their head back in the sand as passwords are the lowest common denominator'.

Howes said: “Passwords are past their sell by date and we all know this, phishing is a problem whatever and people can be duped into giving their secrets up. You are never going to get around phishing-based services until you have incremental solutions that fight malware writers at their own game. If you can make it more efficient with a one-time password then the threat goes away but we are making it far too easy with static passwords.

“Phishing is down to education but passwords are not intended for the internet and people need to find ways and solutions where static codes are not used any more.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews