2 MINUTES ON… Keyloggers: invisible threat

Keyloggers are designed to record keystrokes, and it was this malware that played a crucial part in the criminals' plan to siphon off nearly a quarter of a billion pounds from the Japanese bank.

Keyloggers can be hardware or software. A hardware keylogger is a dongle that connects between the keyboard port on the rear of the PC and the keyboard cable.

According to Richard Starnes, president of ISSA UK, these are hard for the average user to detect. "The average user hardly looks at the back of their computer," he said.

Worse still is the software keylogger. "They are a nasty piece of work that give criminals the keys to the kingdom," said Starnes. Software keyloggers are usually installed by adware, trojans and viruses.

But why are criminals using keyloggers? According to Fran Howorth, practice leader at Bloor Research, "keylogging allows them to look for particular bits of information that can be used for identity theft, intellectual property theft, and so on."

Howorth added that companies stand to lose even more than just clearing up a mess after a virus. Further, keyloggers can sit silent or dormant on computers for ages with no one realising they are there.

What can organisations do to shield themselves against this particular threat?

Starnes said companies should place greater emphasis on training and raising awareness on security matters.

To Howorth, common sense precautions such as good security policy development, management and enforcement will lessen the chances that employees attract such malware.

Starnes echoed this, urging employers to start asking if employees needed internet access to perform their job.

A spokeswoman for the National Hi-Tech Crime Unit said that, if an organisation suspected a keylogger had been used to commit criminal activities, contact should initially be made with the local police.

She also urged organisations to keep anti-virus software up to date to prevent malware getting in.