spyware/keyloggers - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: spyware/keyloggers

  1. #11
    Banned
    Join Date
    Mar 2002
    Posts
    594
    Originally posted here by bballad
    AHH Jaguar the difrence here is that you only have to secure your PC where rrbar has to deal with laptops that travel and that people run from home. when you enter a network enviroment and are incharge of said enviroment you have to asume that the useres (be it 10 or 10,000) know nothing about security and will forget anything you tell them (I had people rutenly turn off their AV program because it wouldn't let them view an email attachment ). In a coperate network you do have to worry about compromised systems because users are dumb.

    I am thinking the best sugestion for rrbar is to go through what is running at startup (hopefuly you know what programs should be running), but be warned some keyloggers can load as services so they wont show on that list your best bet may be to run a port scan across all at risk systems to see if any are passing data out when they shouldn't be.
    That's why I never plan to work as an administrator... just a simple software engineer.

  2. #12
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364

    Question SpyWare Question

    A good question and some good answers, however, to bump-up the paranoia level just a click or two, take a look at this claim. What do you think about it? If you have ten (or a hundred) travelling agents for your company, would not a competitor be sending them all an email with this thing? (they did not say *how* it loads, whether through an attachment or otherwise, but they are confident in their ability to load it beyond the capability of the victim to detect it.).
    To Quote Some Of Their Claims, and to give you their website:

    '... Monitor any Computer from ANYWHERE In the world .....
    SSPPYY offers you the ability to remotely install the software anywhere in the world! Simply send SSPPYY software via email and it will install instantly!.....
    SSPPYY offers many levels of stealth to prevent the remote user from removing the software. SSPPYY will NOT be displayed in the task manager, the process tab (under Windows NT/XP/2000),add and remove programs, or anywhere else where it may be possible for the user to detect it!...
    SSPPYY uses powerful encryption to ensure that only you have access to the SSPPYY Control Panel from a remote location.... "

    http://www.ssppyy.com/

  3. #13
    Junior Member
    Join Date
    Jun 2003
    Posts
    1
    My name is Paul in Cape Town SouthAfrica, my problem is that hackers have been hacking in with trojan horses etc and I want to trace them. Suggstions 4 any good links sites etc
    Thanx

  4. #14
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    Large scale detection

    Detecting key loggers on all those machines is virtually impossible. Sure some software catches the common ones, but there are 10s of thousands available and there are also hardware based loggers. These are devices that plug in between the keyboard and the motherboard.

    You would have to have some idea of what the system snapshot looked like before infection. Then look for changes in both registry and file structure. I know that’s difficult but that is my message, it's hard. No matter what type of key logger is installed, they have one thing in common; they have to log it somewhere. So now you have a hook to look for. A log, a file that outside of your normal program structure that is changing or building in size. If you are lucky the key logger will attempt to contact an outside server, then you can trace it. But most likely that will not be the case. I have been faced with your situation before and would you like to know what I have done?

    WIPE IT ALL

    Hiring some school kids if needed. Get your software and start with the sever. Back it up, wipe it, reinstall. Then do that to all the workstations. Then lock down registry access etc. Use typical “windows security checklist”. And for the laptops, if the CEO/Board does not want to pay for the security to get VPN or Authentication software then DO NOT let the laptops connect to your core network. Works for me.

    File transfers are done by floppy. A little archaic but safe. If someone has a large file they have to open an IT ticket or email it into the network where I have McAfee watching. You will most likely lose that battle, unless you prepare yourself well in advance with case studies to back you up. And stand stall. I know, it’s not feasible for most business objectives. But…
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #15
    Member
    Join Date
    Dec 2003
    Posts
    33
    i think just try and remove them by opening task manager and scanning through the processes .i kno this is tough but just maybe try it

  6. #16
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    http://www.styopkin.com

    "Keylogger Hunter"

    I suggest that you look at some of the AV tutorials for secondary protection.

    http://www.diamondcs.com.au

    RegistryProt

    This crap has to live and start from somewhere?

    "my company can't afford it"...................can they afford going out of business?

    Time to "preach the Gospel" old chap?

    Good luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides