2005 looks to be a record year for keylogging. According to security vendor iDefense, hackers are expected to release more than 6,000 keylogging programs this year, a 65 percent jump in the amount of software that illegally records every keystroke on a victim's PC.
The software then reports this information back to the hacker, making it an effective way to snoop out confidential information like user names and passwords for the purpose of identity theft.
Keyloggers are often distributed by organized cybercrime groups that send them to unsuspecting victims via e-mail. They are often included with other types of malicious software like spyware or phishing e-mail, iDefense said.
The average cost of a successful keylogging attack is about US$4,000 per victim, iDefense said, citing a survey by National Mutual Insurance Co.
But the financial cost is only part of the equation. These attacks are typically a major drain on a victim's time, as well. The National Mutual survey found that it took 81 hours, on average, for a victim of this type of fraud to resolve matters.
The use of keyloggers has exploded over the past few years, according to iDefense's numbers. In 2000, just 300 of the programs were released and the next year the number dropped to 275. The first real spike in the number of keyloggers occurred between 2002 and 2003, when the number of programs went from 444 to 1,230. This year, the total is expected to jump 65 percent, from 3,753 in 2004 to just under 6,200 by year's end.
IDefense is a unit of VeriSign and sells security intelligence to government and enterprise customers.