April 13, 2009, 9:04 PM — You might already know that it's easy for the bad guys to buy malware kits and ready-made digital nasties on black market Web sites. But some tools are even easier to pick up, such as a blatant IM password stealer available on a major download site.
A simple search can turn up a keylogger program available for download on numerous sites, including PCWorld.com, with the idea that the tools are offered for personal use to catch someone messing around on your own PC, or perhaps for concerned parents. That may be a thin veneer, but Christopher Boyd posted on the SpywareGuide Greynets Blog the he came across a tool available as a free download at the oft-visited download.com that exists solely to steal passwords for IM accounts.
The app presents a fake IM app and captures usernames and passwords that are typed into the window, according to Boyd. It's a bit of a stretch to think of how such a tool might be meant for personal use to catch snoops on your own computer, especially with a description like "This is perfect if a visitor is coming round who wants to access their IM account."
Boyd's coverage caught my eye as support for the smart-surfer advice to always assume that any login entered on any public computer is compromised and should have its password changed as soon as you're back at a trusted PC. This tool alone had been downloaded 18,214 times when I checked its listing.
