The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time
. The capability came to light in a court filing
(PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses
that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year
, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."