Research published by iDefense predicts that programs developed for information and identity theft will increase 65 percent compared to last year, reaching a total of nearly 6,200. Only 675 keyloggers were identified in 2001, the first year for which data on the programs was collected.
Keyloggers stealthily track every keystroke a user makes and relay the data to attackers.
Each variant, according to iDefense senior engineer Ken Dunham, could infect thousands of computers because purveyors often propagate keylogging programs through mass emails or tantalizing downloads embedded with worm viruses.
The latest practice, Durham said, is creating websites strictly for the purpose of infecting surfers with keyloggers — and infection is automatic the instant a surfer visits such a site.
He added that code writers have become so skilled that most keylogging programs easily slip past firewalls and antivirus software.
“There are so many victims because so few know the risk or the early warning signs,” iDefense Vice President Joe Payne said. “You simply can't stop what you can't see.”
Most users, Payne said, don’t realize that problems such as slow PC performance and a rash of popup messages are early warning signs of infection, so they do nothing about the problem.
While all web browsers are susceptible, most code at this point is written specifically for Microsoft's Internet Explorer, the most widely used browser.