Comment Re:Not News!! (Score 1) 843
EXACTLY, Christ why do so many people misunderstand this? Any truly clever piece of malware/viruses are going to require very few system requirements, there is no point in stealing data if it gets caught. Could you seriously say to me that if my keylogger has no identifiable processes, ran on sub 15mb of RAM, only sent files in and out when you were using an active http/bittorent/ftp connection that 60% of users would catch it? Let's be realistic here, frankly for all intents in purposes one of the most effective attacks I saw for a company I was contracted to "solve" was this: They used client access, there were frequent odd hour logins of multiple users with sysdev and qsysopr privileges running throughout late afternoon and night, a very small spike in webtraffic around 1AM over exchange to unknown foreign IP addresses. After the usual questions about security/antivirus/firewall/users/etc I asked how often the security team actually goes and looks at these PCs. I go into the IT office, with eight people....long story, and start running scans looking around and suddenly I notice that the USB plug going into the PC looks, well, weird, so I turn the PC around. It's a jetblack keylogger about the size of a earbud headphone. I plug it into a sandboxy environment and wait for it to find a blackhole network leading nowhere, it starts trying to ping and ftp over logfiles for the past WEEK. Turns out the old System Admin installed these "Security Locks" on the keyboard so no one could visit adult sites, he was fired a month later for sexual harrasment and nobody thought twice about the box. That was one of the biggest guano-holes I have ever been forced to clean up.