View Single Post
Old 12-30-2005, 02:41 AM
Posts: n/a
Default Re: card spyware on ebay

Forgive me for not being that technologically savy, but how and why unrealistic is the possibility of a program like this working?

[/ QUOTE ]

It's not unrealistic, but it is unlikely.

The program is conceptually similar to a keystroke logger and there are plenty of those around. Just as with keystroke loggers, you have to trick somebody into installing the thing. You are probably committing a serious criminal offense when you do this. But if you're willing to take that risk, there are many ways to accomplish it technically.

The (significant) difficulty, relative to a traditional keystroke logger, lies in the time-value of the information. A keystroke logger can identify (e.g.) likely credit card numbers and deliver them in one of several ways (post them anonymously to a chat group or forum, etc.) The information is valuable for weeks, months or longer. This greatly increases the number of delivery options, decreasing the risk of being detected.

This software would have to deliver the hole cards in "real-enough" time, which pretty much dictates that it make an outbound TCP connection to some port where you'd have a listener to pick them up. Attempting this outbound connection would trigger the victim's firewall program, if s/he had one. In addition, the program has to connect to a specific IP address, which would become evidence in the federal prosecution after you got caught.

My $.02
Reply With Quote