# Pop-up program reads keystrokes, steals passwords



## STINEHART (Jan 1, 2004)

*A malicious program that installs itself through a pop-up can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites, security researchers warned on Tuesday. * 
The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday. 

"If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web." 
c|net 
±


----------

