GuardedID. Whitepaper



Similar documents
Keylogging Identity The Defense System TM. Whitepaper. Legal Club of America 7771 W. Oakland Park Blvd. #217 Sunrise, Florida

Internet basics 2.3 Protecting your computer

Keystroke Encryption Technology Explained

What's the difference between spyware and a virus? What is Scareware?

Introduction: 1. Daily 360 Website Scanning for Malware

McAfee Internet Security Suite Quick-Start Guide

Software. Webroot. Spy Sweeper. User Guide. for. Webroot Software, Inc. PO Box Boulder, CO Version 6.

The Key to Secure Online Financial Transactions

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Outpost Pro PC security products Security Suite, Antivirus, Firewall

ESET SMART SECURITY 9

Get Started Guide - PC Tools Internet Security

ESET SMART SECURITY 6

Spyware Doctor Enterprise Technical Data Sheet

G Data Whitepaper 03/2014. Keylogger Protection. System Security Research. Whitepaper_

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Gateway Apps - Security Summary SECURITY SUMMARY

Quick Heal Exchange Protection 4.0

Kaspersky Internet Security 2014: Reviewer s Guide

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

ABOUT LAVASOFT. Contact. Lavasoft Product Sheet: Ad-Aware Free Antivirus+

General Security Best Practices

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide

Evolutionism of Intrusion Detection

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

GlobalSign Malware Monitoring

ESET NOD32 ANTIVIRUS 9

ESET NOD32 ANTIVIRUS 8

Contents. McAfee Internet Security 3

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Trusteer Rapport. User Guide. Version April 2014

TOTAL DEFENSE MOBILE SECURITY USER S GUIDE

An Introduction to CODE SIGNING

User Documentation Web Traffic Security. University of Stavanger

THE OPEN UNIVERSITY OF TANZANIA

avast! Internet Security 7.0 Quick Start Guide avast! Internet Security 7.0 Quick Start Guide

Conducting an Phishing Campaign

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

COMPUTERS & INTERNET SAFETY. Saint Francis Academy April 26, 2012

Fighting Advanced Threats

Kaspersky Internet Security 2012: Reviewer s Guide

User Guide for the Identity Shield

Information Security Threat Trends

A Phishing Story. Introduction. Definitions. Phishing by Social Engineering Alone.

JOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City

Online Giving User Guide for Church Members

Five Tips to Reduce Risk From Modern Web Threats

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

white paper Malware Security and the Bottom Line

Family Protection Plan

Don t Fall Victim to Cybercrime:

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Hope is not a strategy. Jérôme Bei

WEB ATTACKS AND COUNTERMEASURES

Table of Contents. Page 2/13

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Safety precautions for Internet banking or shopping How to avoid identity theft online

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

The Value of Physical Memory for Incident Response

Securing Your Business s Bank Account

CODE SIGNING. Why Developers Need to Digitally Sign Code and Applications entrust.com

Networking for Caribbean Development

KASPERSKY SMALL OFFICE SECURITY (Version 3) Features List

Protegent 360- Complete Security Software

Reduce Your Virus Exposure with Active Virus Protection

Online Payments Threats

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

avast! Pro Antivirus 7.0 Quick Start Guide avast! Pro Antivirus 7.0 Quick Start Guide

ZNetLive Malware Monitoring

avast! Free Antivirus 7.0 Quick Start Guide avast! Free Antivirus 7.0 Quick Start Guide

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

The Top Web Application Attacks: Are you vulnerable?

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

How To Protect Your Online Banking From Fraud

SonicWALL Security Quick Start Guide. Version 4.6

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Endpoint protection for physical and virtual desktops

PC Security and Maintenance

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

of firms with remote users say Web-borne attacks impacted company financials.

NewNet 66 Network Security

Malicious Mitigation Strategy Guide

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

How to stay safe online

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Best Practice Configurations for OfficeScan (OSCE) 10.6

Computer Viruses: How to Avoid Infection

PROTECT YOUR FINANCIAL TRANSACTIONS

Keyloggers ETHICAL HACKING EEL-4789 GROUP 2: WILLIAM LOPEZ HUMBERTO GUERRA ENIO PENA ERICK BARRERA JUAN SAYOL

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Interacting with Users

Certified Secure Computer User

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Trend Micro Antivirus for Mac 2016

Transcription:

GuardedID Whitepaper Corporate Headquarters StrikeForce Technologies, Inc. 1090 King Georges Post Road #108 Edison, NJ 08837, USA http://www.guardedid.com Tel: 732 661-9641 Fax: 732 661-9647

Summary Keyloggers are a serious security threat that can be extremely harmful to both businesses and consumers. Current mechanisms do not provide adequate protection to the user from these threats. We discuss a solution that helps users mitigate the keylogging threat and show how GuardedID can prevent the information leakage to current as well as future keyloggers. Introduction Though PC users are worried about spyware that tracks web site visits, and crashes their PCs, there are more insidious threats out there. A more powerful breed of spyware can log keystrokes (including passwords and credit card numbers) and send that information to criminals. This type of software is called a keylogger. A keylogger is a type of surveillance software that has the capability to record every keystroke you make to a log file (usually encrypted). A keylogger can record instant messages, e-mail, and any information you type at any time using your keyboard [4]. The log file created by the keylogger can then be sent to a specified receiver. Some keylogger programs will also record any e-mail addresses you use and Web site URLs you visit. This danger was recently highlighted when Sumitomo Mitsui Banking Corporation discovered a keylogger installed on its network in London [1]. There have been other high-profile cases. In 2003 keylogging software was discovered at more than 14 Kinko locations in New York. The perpetrator installed the software and using it to open bank accounts with the names of some of the 450 users whose personal information he collected [2]. Also in 2003, Valve Software founder Gabe Newell found the source code to his company's Half-Life 2 game stolen after someone planted a keylogger on his computer [3]. Keylogging is a serious security threat that can be extremely harmful to both businesses and consumers. By copying keystrokes, hackers are able to access private financial information such as bank accounts, credit card numbers, 2

and social security numbers all of which can be used for fraudulent activities, that you won t know are occurring until the effects show up on a statement, bill or via a phone call which could take days, weeks or months to surface. How keyloggers are inserted into a victim s computer A keylogger can be inserted into a victim s computer via several ways. It can be carried by a virus or spyware. It can come as an attachment in an e-mail. It can even be embedded in an mp3 file or delivered via a XSS (Cross Site Scripting) attack. How keyloggers work Keyloggers work by hooking the Windows message queue. It is relatively easy to place a hook and inspect all the windows messages (such as keystroke messages) before they are sent to the application. The keyloggers then log the keystroke messages into a file. Typically, the keylogger communicates with the hacker via an IRC channel and delivers the captured keystroke file to the hacker. Many keyloggers also incorporate stealth mechanisms (using rootkit techniques) to hide their existence so that they cannot be detected by anti-virus software. Why current tools don t work All anti-spam and anti-virus tools are based on scanning a computer for files with a particular signature. The database containing signatures of known bad files have to be continuously updated. The major caveat in this approach is the existence of the signature of a known problematic file. Spammers and criminals are currently deploying sophisticated software which dynamically changes the file signature. Therefore, anti-spam tools are no longer effective against keyloggers. Also, there is significant time between detecting a new keylogger on the internet and the anti-keylogging signature being updated on anti-virus/spyware software. This time gap can take a month to a couple of months. 3

Some of the anti-keylogging software prevents Windows hooks from being used by keyloggers (Windows hooks are used by keyloggers to spy on keystrokes sent from the keyboard to the application). However, there are not always effective and can be circumvented by keyloggers in most cases. How GuardedID protects users GuardedID uses a different approach to defend against keyloggers. Rather than trying to detect keyloggers, it takes a preventive approach. It takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are the encrypted and sent to the browser via an Out-of-Band channel bypassing the Windows messaging queue. GuardedID has a built in selfmonitoring capability. This prevents it from being bypassed by other software. If GuardedID is tampered with in any way, it will warn the user of the breach. 4

Vulnerable areas to malicious code, spyware and keyloggers Windows Desktop Applications IM MS Office Browsers SSL Connection Internet S SL Connection Web S erver Vulnerability 1 User information can be stolen through message hooking keylogger Vulnerability 2 User information can be stolen through filtering a keyboard driver Vulnerability 3 User information can be stolen by replacing a software driver with a malicious keylogging driver Normal Data Route Without GuardedID Application Level Messaging Service Keyboard Driver Hardware Driver (Keyboard Port) Creates a separate, out-of-band 128-bit encrypted pathway for keystrokes Sends keystrokes directly t o the application, preventing intercepted data Stays active always, encrypting and protecting all keystrokes GuardedID s Out-of-Band pathway for encrypted keystrokes GuardedID Key Benefits: P rotects again st NEW and EXI ST ING keylog gers Toolbar plug-in for IE6, IE7& Firefox Does Not r eq uire any spyware d atabase updates Eliminates time-consuming h ard disk or memory scans CryptoColor - visually displays all browser encrypted field s Small memory footprint Figure 1. How GuardedID works CryptoColor GuardedID uses a unique method to indicate to the user that the product is working and the user input is secured. It colors the text input box that the user is entering data in. The color can be selected by the user. This provides strong visual feedback to the user that they are operating in a secure environment and their keystrokes are secure. 5

Keylogger receives fake keys Toolbar indicator green On light is on Crypt ocolor shows user fields are Secure Figure 2. CryptoColor CryptoState In certain cases, GuardedID is not able to secure the user input. This happens with certain pages and certain types of pop-ups. In such a scenario, GuardedID warns the user that encryption is off by changing the color of a status button on the GuardedID toolbar. There are four states (1) Activate (activate software license), (2) On (indicates that keystrokes are being encrypted), (3) Off (indicates that keystrokes are not being encrypted), and (4) Warn (indicates that an un-trusted driver has been found in the keyboard device stack) 6

Keyboard device driver monitoring GuardedID constantly monitors the keyboard device driver stack to detect un-trusted drivers (which could potentially be keyloggers). If an un-trusted driver is discovered, GuardedID warns the user by showing the "Unknown Driver Warning" dialog. The name of the suspect driver is displayed in the dialog. The GuardedID state indicator will turn orange instead of green to indicate warning. Details are logged into the event log which can be viewed. Anti-Clickjacking Clickjacking is a new vulnerability that has recently surfaced. Web coding allows a single web page to be constructed from different items (ads, images, links, etc.) in "frames". Normally, the frames all come from a single domain (like guardedid.com) but they may come from other domains (ad servers, media servers, etc.). Clickjacking uses this normally helpful feature to trick users by showing the expected web page but overlaying or underlaying some other unexpected page from a different domain. As a result a web page can have a hidden frame that contains a clickable button that can invisibly hover below the user s mouse, so that when the user clicks the mouse, they inadvertently click the invisible button, causes an undesirable action, such as, downloading malware, transferring money, buying something, etc. The only solution that works, in some cases, is to disable JavaScript. something that will drastically reduce the usability and the internet experience. GuardedID anti-clickjacking feature takes another approach. It looks at the webpage and warns the user when content is not from the same domain. If false content is hidden in an invisible overlay, GuardedID makes it visible. If the content is hidden underneath, GuardedID draws red borders around it. Either way, the user can be fully aware of the content and then be cautious of his/her movements on the page. 7

GuardedID makes the invisible visible Figure 3. Anti-Clickjacking Competitive analysis The following table shows a comparison of GuardedID to other antikeylogger products. Other Anti Keylogger Products Blacklist/ whitelist based Requires updates on a regularly basis Retroactive defense based Does not encrypt input Circumvention very easy by manipulation of file names and sizes Guarded ID Windows systems internals based Does not require updates Pro-active defense based Encrypts all input to programs Very hard to circumvent Out-of-band keystroke encryption CryptoColor 8

CryptoState Keyboard device driver monitoring Anti-Clickjacking Table 1 GuardedID features comparison GuardedID is available in the following versions Standard - Secures a users entire internet experience - In this scenario, GuardedID is automatically launched every time the browser is opened for any type of online activity i.e. banking, shopping, browsing, email etc. As a consumer, this option requires the user to download and install the GuardedID toolbar into their internet browser. Premium - Secures a users entire internet experience as well as most Windows applications (such as Microsoft Word/Excel/etc., IM/chat, financial/accounting applications and many other applications) This option includes the functionality of the Standard version. Enterprise - Secures a users entire internet experience as well as most Windows applications In this scenario, GuardedID is purchased and distributed by a corporation to its employees to protect all activities whether on a corporate network or working remotely. GuardedID can be distributed via a Group Policy (GPO) installer by the System Administrator. Great for corporations, government agencies, banks etc. References 1. Keyloggers Foiled In Attempted $423 Million Bank Heist, Gregg Keizer, Security Pipeline http://www.securitypipeline.com/showarticle.jhtml?articleid=159901843 2. JuJu, Kinko's, and the "Keystroke Caper"!, TechSpot http://www.techspot.com/news/6478-juju-kinkos-and-the-keystroke-caper.html 9

3. Popular computer game code stolen by hackers, Paul Roberts, Computer World http://www.computerworld.com/securitytopics/security/story/0,10801,85845,00.ht ml 4. Definiton: Keylogger, Webopedia <http://isp.webopedia.com/term/k/keylogger.html> 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information