A new trojan that records screen-movies has been discovered in the wild; the malware specifically captures your mouse as you laboriously enter your password into banking sites that use on-screen keyboards to defeat keyloggers.
I've written about on-screen keyboards before — I think that these things are bad news. They make banking sites un-accessible to people who are blind or have some physical disabilities, and while they defend against keyloggers, they also force you to have short, weak passwords. What's more, it's apparent that keyloggers can handily adapt to these screen-boards.
Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when using the virtual keyboard, so that he gets the username and password without going into further trouble.
(Thanks, Peter!)
Update: George sez, "Just read the piece about virtual keyboard loggers (with the Citibank screenshot) on BB. As I am a Citibank customer (well more like thorn in the side – their service is variable to say the least) I immediately went to log in to my account to send them a message asking them if they had seen this story. When I got there I had a new message:"
…Rather than entering your password using the screen keyboard, you will now simply use your computer's real keyboard. You will also be asked to answer an additional question that only you know the answer to when you log in, to further increase security….
