iDefense, a division of Verisign, has released a report on the rising number of machines infected with keystroke loggers which report silently back to organized “cybercrime rings,” exposing a users personal information to risk.
It goes without saying that this is a significant concern. I can’t stress, enough, the importance of keeping virus signatures up to date on user PC’s, as well as updating the signatures of Intrusion Detection Systems to watch for this kind of traffic. If your IDS vendor doesn’t currently have keystroke loggers on their radar, contact them, ideally daily, requesting the functionality.
Aside from the simple issues of protecting an individual’s data, if you operate as any part of the security organization for a company subject to Sarbanes-Oxley, or HIPAA, imagine the kind of data that could be compromised via this method?