Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Most Web Users Safe As Major Net Attack Slows To Keyboard Logging: Page 4 of 5

The stakes are high. End-users' systems not only were infected by backdoors, but also by a key logger. Early Friday morning, F-Secure's Hyppnen said, "[The key logger] is stealing confidential information from thousands or tens of thousands of machines. That information can be passwords, usernames, credit card numbers, bank account numbers, anything really."

According to Symantec, the key logger trapped and transmitted authentication info -- usernames and passwords -- used to log in to major Web sites, including eBay, PayPal, EarthLink, Juno, and Yahoo.

"The key logger is stealing credentials of those going to those sites," said Alfred Huger, vice president of engineering for Symantec's virus watch group, "but that doesn't mean the sites themselves are infected."

With such stakes -- high volume identity theft -- in play, it's increasingly clear that Friday's attack will be only the first of many.

"It looks like this is something that we'll have to learn to live with," said Symantec's Huger. "The JavaScript is out there, the exploit is out there. Hopefully, we'll never be put in the position of having to walk away from the Web because we don't know which sites are safe, and what aren't. If that happens, we've lost."