Spyware Keyloggers

Printable View

April 15th, 2005, 01:25 AM
Relyt

Spyware Keyloggers

Not necessarily new, however the article does appear to be updated:

Quote:

Introduction to Spyware Keyloggers
By Sachin Shetty

The most recent delivery methods used by malicious spyware require no permission or interaction with the users at all. Dubbed as "drive-by downloads,"

Keyloggers can be one of three types:

1. Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time -- however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.

2. Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords.

3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information is passed in the application layer.

The Blazing Tools Perfect Keylogger will be analyzed in this paper because it has been found hidden in so many Trojans on the Internet.

It's Here:

Normal spyware cleanup/prevention should take care of it.

The article was an interesting read, however note their opinions about OS's and browsers.

Cheers
April 15th, 2005, 02:38 AM
GONEin62nd

It was a good read and tips about keyloggers.

Relating to such practice mentioned, I actually do some work-around especially when I am in the net cafe. First start, I actually re-boot the box before I use it. Once started and I logged in, I check the Task Manager for unusual tasks running that is not familiar to me or even to the cafe I am using (since I surf in different places). I always carry my EXTERNAL HD (XHD) where ever I go surfing. In my XHD, I have an encrypted folder wherein I store my PWs. Whenever I need to log into sensitive access (important e-mail accounts), I retrieve my PW from my PGP SDA (Self-Decrypting Archive) file. Once I open my secret file, and secret tool, I can proceed with copy paste for the PW. To add up to my protection, after doing such command, I intentionally copy another word (not important) just to cover for my last copy command. Simple ways to avoid keyloggers. And to finalize such safety precautions, after achieving my goals, before closing the box, I clear all the traces and shut it down properly to give way to a new customer after my turn.

-GONE
April 15th, 2005, 04:07 AM
:Singh:

Quote:

Whenever I need to log into sensitive access (important e-mail accounts), I retrieve my PW from my PGP SDA (Self-Decrypting Archive) file. Once I open my secret file, and secret tool, I can proceed with copy paste for the PW

GONE, Passwd stored anywhere is prone to get cracked. IMO the best place to store passwds is your brain. Go get one. ;)

cheers !!

Edit/ thats a good read Relyt
April 15th, 2005, 04:27 AM
GONEin62nd

Quote:

On the web application side, one method to avoid keystroke capture is to use a virtual keyboard

- Another way that some secured website like citibank is allowing you to click on number pads (displayed on the web site) for your pin instead of typing it in from your keyboard.

Quote:

GONE, Passwd stored anywhere is prone to get cracked. IMO the best place to store passwds is your brain. Go get one.

- Don't worry, PW is not anywhere, it is in my external HD and it is inside my PGP SDA (Self-Decrypting Archive) file which is also passphrase protected. If I lost my XHD, it would take some time for someone to crack strong passphrase and by that time, I had already changed my PW for protected accounts.

/
Don't worry, I used this way only for this case, but in my own box, since I know that chances that keylogger may not be around, my brain could be handy, otherwise, if I am in a public computer, if not in need or emergency, I avoid accessing important e-mail accounts as much as possible :D
/

-GONE

__________________
an"to*nym (noun) [Greek: a word used in substitution for another]
A word of opposite meaning ; a counter-term ; used as a correlative of synonym
- Dr. Gung-ho