According to Saul Hansell, a NY Times blogger, attackers have improved keylogging software by making it able to report your login credentials in real time via a Twitter-like stream of updates that makes it possible for malicious hackers to access your accounts even as you’re using them.
This is not the first time we hear about this new type of keyloggers, they appeared in the wild last year. This time they came to the attention of the larger population because of a lawsuit in which Unspam Technologies sues John Does (name used because they don’t know the attackers identity). Unspam admits that the main reason they filed this suit is because they hope to be able to get details (such as IP adresses) concerning the theft from the banks who are, as per usual, reticent to make them public.
The efficiency of this new variant of keyloggers is best seen during rutine operations like usage of Internet banking services. Systems like RSA’s SecurID create temporary numeric passwords that get changed each minute. The problem is, the attacker now gets the same password immediately, and he’s ready to take advantage of it.
Therefore, the new challenge now is to find another, more secure way to protect you from unauthorized access to your money. The best bet for now is something called two-channel authentication – one channel being the computer and the other probably the cellphone.