Handling keyloggers
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Handling keyloggers

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    Handling keyloggers

    Any recomendations? I've seen Spybot and Nortons pick some up, others slip right by.

    I found this app a couple of days ago. Sounds interesting.

    http://www.snapfiles.com/get/kldetector.html
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    Hi Crow,

    Don't get them in the first place. They're like any bit of malware -- if they're common and open enough you can probably detect them, if they're obscure or well-hidden you may not notice them for months/years. Not getting them in the first place is a far better option than trying to clean up afterwards.

  3. #3
    Member
    Join Date
    Sep 2005
    Posts
    77
    During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.
    Simple premise I suppose, analysing log file sizes in realtime. However, some keyloggers encrypt/hide the data in files only recognizable to the keylogging application itself.

    The question is a good one though.... as @tt!tud3 said, try not to get them in the first place, but there are plenty of situations where you might not have control over that... such as shared computers... or shady roomates who have local access.

    I've often wondered if there is a program available that can quickly determine if a non-hardware based keylogger is installed (Granted, I haven't searched through the forum yet for previous articles on keyloggers...am sure there are some good suggestions)

    Might be a good tool to carry on a memory stick. Am curious if any of the rootkit detectors (Blacklight or SysInterals) would pick up a keylogger? Anyone tried?
    %42%75%75%75%75%72%70%21%00

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Well, I don't get them, but once in a while I end up working on a PC that does. Or I get hired to install them. Keyloggers seem to be as elusive as any of the rogue apps out there (spyware, virii, etc.). And personally, I find unwanted keyloggers the most reprehensible of the lot. I've turned up quite a few in the past, but always wondered if it was more by chance.

    Eyecre8, I did search the forum but found precious little so I started this thread. I've tried the program and it seems to work well, analyzing more than just log files. I have yet to run it against any keyloggers on a test machine, but it looks like I'll get to it this weekend once I ghost a W2K machine I got laying around. I've got a copy of the old Starr Commander somewhere, which I know uses encrypted output, so we'll see.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    I think some spyware programs pick them up. I know when I run spysweeper on some computers things come up and I think MS Anti picks up some keyloggers too.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    I would try EWIDO and A-Squared as detectors. But it must also depend on the type of keylogger you have. If it has been physically installed and is not "phoning home" then you would have to rely on software.

    If it attempts to contact outside of its location then firewalls, IDS, and anti-malware programs should catch it.

    There is also the question of hardware keyloggers.

    It is an interesting question, as some keyloggers are legitimate software. A lot of the malware ones come as the payload of something else, so detecting and blocking that would be the way to go.

    Just my £0.02

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    http://www.keyghost.com is a good example of of a hardware keylogger and now that they make keyboards with them built in it could be even harder to detect hardware based keyloggers. With the regular hardware keyloggers you just have too look at the back of your computer to see if something is connected or not.

  8. #8
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Without a doubt, hardware-based keyloggers are the more difficult ones to catch. Software keyloggers must report back to it's primary user in some form (e-mail, etc) and in either case, must transfer out of your system.. by which case, your firewall should pick it up (or like suggested, IDS or anti-malware program).

    Physical security is just as important sometimes, and must be monitered just as closely.
    Space For Rent.. =]

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    He-heh, any hardware keyloggers that work on laptops?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    He-heh, any hardware keyloggers that work on laptops?
    Yes there are..................OK we are now going into the realms of law enforcement and the intelligence community
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides