Cyber Monday Deals Still Available Deals Under $25 Deals Under $50 Giving Tuesday Tech Fails of 2022 Best Live TV Streaming Service WHO Renames Monkeypox Change These Alexa Settings
Want CNET to notify you of price drops and the latest stories?
No, thank you

Study: Keystroke spying on the rise

ID thieves have released a record number of programs that secretly gather passwords and other sensitive data, iDefense says.

Keylogger programs that record passwords and other typed-in text are increasing, according to data from iDefense.

The programs are an increasingly popular tool among identity thieves, the security company said Tuesday. Reports to iDefense, and its own research, indicate that the number of keylogger variants unleashed this year is set to rise 65 percent over last year, reaching nearly 6,200 in total, the company said in a statement on Tuesday.

keylogger chart

Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data.

The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said.

"There are so many victims because so few know the risk or the early warning signs," Joe Payne, vice president of VeriSign iDefense Security Intelligence Services, said in a statement. "You simply can't stop what you can't see."

Early warning signs can include slow performance of a PC, a spike in pop-up messages and other problems.

Computers can become infected with keyloggers in a variety of ways, such as through downloading spyware or e-mail attachments, or through a visit to a chat room or simply to the wrong Web site. The programs typically exploit flaws in Web browser software, including Microsoft's Internet Explorer.

iDefense said keyloggers are typically spread by organized cybercrime rings, which have used them in the past to conduct large-scale money transfers to fund criminal activities. The programs have grown exponentially since 2001, when the firm detected just 275 of them.