Sent to you by Vachak via Google Reader:
via MakeUseOf.com by Bill Mullins on 10/3/08
I’ll bet that headline got your attention!
We all know that the purpose of computer passwords is to protect personal information that you’ve stored on your computer, and in your online accounts.
With access to your passwords, cyber-criminals (they come in all shapes, sizes and flavors - so don’t be fooled), can and will, steal your identity and without a doubt severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.
There are numerous ways of course that a password, or software license key, can be stolen. Popular methods employed by cyber criminals include, but are not limited to:
Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity to start the process of infecting unaware computer users’ machines
Search engine redirection:
Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.
Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware including password stealers on your computer without your knowledge.
Now, added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we now have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players into a USB port on our computer.
“USBThief” is a free hacking application - available for download on virtually every torrent download site that I’ve investigated - which can be installed on a USB flash drive, or even an iPod, or other MP3 player. I haven’t tried to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.
USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.
There is no requirement that the culprit be a seasoned hacker – all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.
After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.
This article is not meant to produce paranoia, or to make you suspicious of either your family, or your friends, but so that you are aware of the ever increasing challenges we all face in protecting valuable information in a world that threatens us, at every turn it seems.
(By) Bill Mullins. Bill is involved in the computer industry, including diagnostics, networking and system security. Check out his personal Blog; Tech Thoughts.