Virtual Keypads Can Be Dangerous

In order to fight Internet fraud, some of the online banking sites advise their customers to use "virtual keypads", meaning enter passwords on the screen.The system aims to prevent keystroke-logging programs that capture everything a user types. However, it seems now that virtual keypads appear just as vulnerable to computer pirates as the regular ones.

A Spanish security company, Hispasec Systems, has revealed details of "Trojan horse" programs that can capture video imagery of an innocent person`s computer use. The program is a witness to every PIN entered. The Trojan horses that are detected by Hispasec are slipped onto users` computers when they visit certain Web sites, often through spam links, said Hispasec researcher Bernardo Quintero. Often you`d have no clue if you were hit. When Quintero`s group tested whether more than 30 anti-virus programs would block a recent video-logging Trojan, only six did so.

Security analyst Avivah Litan, of Gartner Inc., said screen-capture programs that attacked virtual keypads appeared in 2003, when banks in Brazil fell prey. She said the technique has remained relatively rare because the programs consume a lot of bandwidth and storage, and there have tended to be a lot of easier targets.

                                 

Related News: