spyware/keyloggers

[jaguar291]

Originally posted here by bballad
AHH Jaguar the difrence here is that you only have to secure your PC where rrbar has to deal with laptops that travel and that people run from home. when you enter a network enviroment and are incharge of said enviroment you have to asume that the useres (be it 10 or 10,000) know nothing about security and will forget anything you tell them (I had people rutenly turn off their AV program because it wouldn't let them view an email attachment ). In a coperate network you do have to worry about compromised systems because users are dumb.

I am thinking the best sugestion for rrbar is to go through what is running at startup (hopefuly you know what programs should be running), but be warned some keyloggers can load as services so they wont show on that list your best bet may be to run a port scan across all at risk systems to see if any are passing data out when they shouldn't be.

That's why I never plan to work as an administrator... just a simple software engineer.

[The Old Man]

A good question and some good answers, however, to bump-up the paranoia level just a click or two, take a look at this claim. What do you think about it? If you have ten (or a hundred) travelling agents for your company, would not a competitor be sending them all an email with this thing? (they did not say *how* it loads, whether through an attachment or otherwise, but they are confident in their ability to load it beyond the capability of the victim to detect it.).
To Quote Some Of Their Claims, and to give you their website:

'... Monitor any Computer from ANYWHERE In the world .....
SSPPYY offers you the ability to remotely install the software anywhere in the world! Simply send SSPPYY software via email and it will install instantly!.....
SSPPYY offers many levels of stealth to prevent the remote user from removing the software. SSPPYY will NOT be displayed in the task manager, the process tab (under Windows NT/XP/2000),add and remove programs, or anywhere else where it may be possible for the user to detect it!...
SSPPYY uses powerful encryption to ensure that only you have access to the SSPPYY Control Panel from a remote location.... "

http://www.ssppyy.com/

[SIRN]

My name is Paul in Cape Town SouthAfrica, my problem is that hackers have been hacking in with trojan horses etc and I want to trace them. Suggstions 4 any good links sites etc
Thanx

[RoadClosed]

Detecting key loggers on all those machines is virtually impossible. Sure some software catches the common ones, but there are 10s of thousands available and there are also hardware based loggers. These are devices that plug in between the keyboard and the motherboard.

You would have to have some idea of what the system snapshot looked like before infection. Then look for changes in both registry and file structure. I know that’s difficult but that is my message, it's hard. No matter what type of key logger is installed, they have one thing in common; they have to log it somewhere. So now you have a hook to look for. A log, a file that outside of your normal program structure that is changing or building in size. If you are lucky the key logger will attempt to contact an outside server, then you can trace it. But most likely that will not be the case. I have been faced with your situation before and would you like to know what I have done?

WIPE IT ALL

Hiring some school kids if needed. Get your software and start with the sever. Back it up, wipe it, reinstall. Then do that to all the workstations. Then lock down registry access etc. Use typical “windows security checklist”. And for the laptops, if the CEO/Board does not want to pay for the security to get VPN or Authentication software then DO NOT let the laptops connect to your core network. Works for me.

File transfers are done by floppy. A little archaic but safe. If someone has a large file they have to open an IT ticket or email it into the network where I have McAfee watching. You will most likely lose that battle, unless you prepare yourself well in advance with case studies to back you up. And stand stall. I know, it’s not feasible for most business objectives. But…

[adityaa1]

i think just try and remove them by opening task manager and scanning through the processes .i kno this is tough but just maybe try it

[nihil]

http://www.styopkin.com

"Keylogger Hunter"

I suggest that you look at some of the AV tutorials for secondary protection.

http://www.diamondcs.com.au

RegistryProt

This crap has to live and start from somewhere?

"my company can't afford it"...................can they afford going out of business?

Time to "preach the Gospel" old chap?

Good luck