This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake Web site.
“These Trojans are very selective,” said Cristine Hoepers, general manager of Brazil’s Computer Emergency Response Team, which runs under the auspices of the country’s public-private Internet Steering Committee.
According to data compiled by computer security companies in 2005, the use of “crimeware” like keyloggers to steal user names and passwords — and ultimately cash — has soared. The antivirus company Symantec has reported that half of the malicious software it tracks is designed not to damage computers but to gather personal data. About one-third of all malicious code tracked by the company now contains some keylogging component, according to Ken Dunham, the company’s rapid-response director.
And the SANS Institute, a group that trains and certifies computer security professionals, estimated that at a single moment last fall, as many as 9.9 million machines in the United States were infected with keyloggers of one kind or another, putting as much as $24 billion in bank account assets — and probably much more — literally at the fingertips of fraudsters.
The Federal Deposit Insurance Corporation, responding to the growing threat of cybercrime to the financial industry, stiffened its guidelines for Internet banking in October, effectively ordering banks to do more than ask for a simple user name and password.
“These can be developed by a 12-year-old hacker,” said Eugene Kaspersky, a co-founder of Kaspersky Labs, an international computer security and antivirus company based in Moscow.
http://www.nytimes.com/2006/02/27/technology/27hack.html?_r=1&ei=5094&en=bd1daecaefa11240&hp=&ex=1141102800&oref=slogin&partner=homepage&pagewanted=print