-
January 16th, 2004, 11:07 PM
#1
Member
tracking Keyloggers to IRC
How could I find out if a virus is keylogging and sending data to some IRC channel. I would like to somehow figure out what irc channel its going to. In addition to that i would like to find some program that could trace an IP address to a person in an IRC channel and room. Anyone got any ideas?
Critter
-
January 16th, 2004, 11:38 PM
#2
Well, to see if your connected to any irc channel, you can do netstat, and that should show you any live connections. it would be like
(whatever your computer is named):(port) irc.wherever.com:(port) Established
If you see something like that, or any connections you think are a little too suspicios, you may have a keylogger.
slick
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
January 16th, 2004, 11:44 PM
#3
How could I find out if a virus is keylogging and sending data to some IRC channel. I would like to somehow figure out what irc channel its going to. In addition to that i would like to find some program that could trace an IP address to a person in an IRC channel and room. Anyone got any ideas?
OK you have two different questions here?
1. If you have a keylogger you should see where it is going from your firewall logs/warning about blocking the outgoing connection? Your firewall and a keylogger detector should warn you of the problem. Depending on the keylogger software, you might be able to find the addys in the code?..........particularly the skiddie stuff.
Try:http://www.styopkin.com and get "Keylogger Hunter" Unfortunately I think that the best stuff is payware or at least shareware
2. As I understand it you might possibly be able to find the IP of someone on IRC or P2P in general, but what good would it do if they come in through an anonymous proxy, or worse a chain of them? Even if they came direct, if they are DSL or dial-up, it will change whenever they logoff.
Now a lot of these chat places monitor for anonymous proxies, and drop the connection, or so I am told, if one is detected.
You should not try to find a room...........just figure out why for yourself
Of course the Gentlemen in Langley and the Washington Field Office would have little problem in detecting your goodself, should they so wish I also think that the IRS could do it, as no one has the balls to mess with them? BNDD, BATF are probably up there in the list too?
Hope this helps
-
January 17th, 2004, 12:48 AM
#4
Slarty's silly take on things:
Unfortunately now you've typed the above, the owner of any keylogger running on your machine now knows you're on to them and will tell it to self-destruct immediately.
Consequence: You won't know whether there was one or not.
Conclusion: be afraid, very afraid
More sane conclusion: use safe computing practices to avoid getting a malware-ridden box
Slarty
-
January 17th, 2004, 02:20 AM
#5
Member
I don't have a keylogger on my machine. It was just a question i've been wondering.
-
January 17th, 2004, 02:20 AM
#6
Member
I don't have a keylogger on my machine. It was just a question i've been wondering.
-
January 17th, 2004, 02:27 AM
#7
OH yes you do!
That is why post #5 and #6 are the same
Cheers
-
January 17th, 2004, 06:38 AM
#8
Member
I can only laugh at that last remark. I pushed enter twice and it submitted it twice.
Chris
-
January 17th, 2004, 08:23 AM
#9
Critter, I'm sure that was a joke. You'll soon learn that a lot of senior members have a really wierd sense of humour (sorry nihil )
Cheers,
cgkanchi
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|