Virtual Keyboards are no longer safe
To fight with keyboard loggers (the spyware programs which record your key strokes) some banks started using Virtual keyboards. When using virtual keyboards, you will not enter your password using your keyboard. Instead, you will use your mouse to enter the password by clicking on the alphabets and numbers that appear as images on the screen. It seemed to have worked so far. But not any more.
As per a news item, virtual keyboards are no longer safe, and trojan horse programs have been spreading that can log partial images of the virtual keyboards along with keystrokes without notice of users, enables to break the code. Unfortunately, only 6 of 30 anti-virus programs could detect the trojan horse program.
A Spanish security company, Hispasec Systems, has revealed details of "Trojan horse" programs that can capture video imagery of an unsuspecting person's computer use. If the user enters a PIN on a bank's virtual keypad, the dastardly program is a witness.
Gartner Inc. security analyst Avivah Litan said screen-capture programs that attacked virtual keypads emerged as early as 2003, when banks in Brazil fell prey. She said the technique has remained relatively rare because the programs consume a lot of bandwidth and storage, and there have tended to be a lot of easier targets.
But that may be changing. Quintero said Wednesday that a newly detected Trojan combines keystroke-logging and video-capture functions â€” and instead of recording the entire screen, the program just grabs images of the immediate area near where the user clicks the mouse. The spy receives a smaller file, making the attack easier to pull off.