Friday, April 21, 2006

what is a password stealer?

a password stealer is a program that collects chunks of data that are likely to be account names and their associated passwords so that an attacker can use those credentials to pose as the person they were stolen from...

password stealers can be implemented in a number of different ways, most of them involve running on a machine where the owner/user of the machine is unaware of the password stealer's presence/nature (thus making it a trojan horse program)...

some password stealing trojans can monitor keystrokes, like a specialized form of keylogger... others might collect data from files or registry keys that are known to contain passwords... another type can pose as a window where the user would normally enter his/her password and record what the user enters... and yet another type can monitor network traffic (a network sniffer) looking for passwords...

back to index

0 comments: