Capturing online passwords and Antivirus…

The “traditional means” of capturing online passwords had been provided by “key-loggers” for decades, that capture every key-strokes by the local users. As of late, Antivirus companies have added additional protection for preventing key-loggers from collecting passwords. This security protection has various names and dependent on the Antivirus company, such as safepay, password manager, etc. Almost all of these protections integrate virtual keyboard, that require clicking on the password and/or using a touchscreen for entering the password, instead of the traditional key-board strokes.

Do they actually work?

The short answer is yes, they could prevent key-loggers collecting the password since the keyboard is not used for entering account information. The problem is that, if the end user computer has a key-logger, the machine also has a root-kit (a requirement to install the key-logger) that has full access to the system, including the Antivirus. As such, the root-kit can routinely exempt itself from Antivirus protection and in theory, it could capture the virtual keystroke as well.

Hackers always seem to be ahead of Antivirus solutions and that certainly seems to be the case for capturing online passwords. Instead of using a key-logger, they have developed a solution that capture the user account credentials by grabbing them with an HTML form grabber. The form grabber “grabs” the authentication credentials from within the browser, where the login credentials are entered. It does not matter, if these credentials entered by keyboard, virtual keyboard, or auto-filled, the form grabber captures it. The malicious package had been released in May, 2013, pretty much around the time when Antivirus companies starting to advertise/claim to secure the end user’s passwords. Coincidence, you might say? It could be… The HTML form grabber also requires a root-kit for its operation, similarly to the key-loggers above.

In both cases, the common need for capturing the end user’s authentication credentials is the root-kit, without it, neither of them can capture the password. The Antivirus solutions would be better off preventing the root-kit getting on the computers, instead of rolling out additional features with dubious claims.

The Antivirus solution, while it is still necessary, requires additional security measures to augment protection against root-kits. Friends, don’t let friends rely on Antivirus protection only…