Any recomendations? I've seen Spybot and Nortons pick some up, others slip right by.
I found this app a couple of days ago. Sounds interesting.
http://www.snapfiles.com/get/kldetector.html
Printable View
Any recomendations? I've seen Spybot and Nortons pick some up, others slip right by.
I found this app a couple of days ago. Sounds interesting.
http://www.snapfiles.com/get/kldetector.html
Hi Crow,
Don't get them in the first place. They're like any bit of malware -- if they're common and open enough you can probably detect them, if they're obscure or well-hidden you may not notice them for months/years. Not getting them in the first place is a far better option than trying to clean up afterwards.
Simple premise I suppose, analysing log file sizes in realtime. However, some keyloggers encrypt/hide the data in files only recognizable to the keylogging application itself.Quote:
During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.
The question is a good one though.... as @tt!tud3 said, try not to get them in the first place, but there are plenty of situations where you might not have control over that... such as shared computers... or shady roomates who have local access.
I've often wondered if there is a program available that can quickly determine if a non-hardware based keylogger is installed (Granted, I haven't searched through the forum yet for previous articles on keyloggers...am sure there are some good suggestions)
Might be a good tool to carry on a memory stick. Am curious if any of the rootkit detectors (Blacklight or SysInterals) would pick up a keylogger? Anyone tried?
Well, I don't get them, but once in a while I end up working on a PC that does. Or I get hired to install them. Keyloggers seem to be as elusive as any of the rogue apps out there (spyware, virii, etc.). And personally, I find unwanted keyloggers the most reprehensible of the lot. I've turned up quite a few in the past, but always wondered if it was more by chance.
Eyecre8, I did search the forum but found precious little so I started this thread. I've tried the program and it seems to work well, analyzing more than just log files. I have yet to run it against any keyloggers on a test machine, but it looks like I'll get to it this weekend once I ghost a W2K machine I got laying around. I've got a copy of the old Starr Commander somewhere, which I know uses encrypted output, so we'll see.
I think some spyware programs pick them up. I know when I run spysweeper on some computers things come up and I think MS Anti picks up some keyloggers too.
I would try EWIDO and A-Squared as detectors. But it must also depend on the type of keylogger you have. If it has been physically installed and is not "phoning home" then you would have to rely on software.
If it attempts to contact outside of its location then firewalls, IDS, and anti-malware programs should catch it.
There is also the question of hardware keyloggers.
It is an interesting question, as some keyloggers are legitimate software. A lot of the malware ones come as the payload of something else, so detecting and blocking that would be the way to go.
Just my £0.02
:)
http://www.keyghost.com is a good example of of a hardware keylogger and now that they make keyboards with them built in it could be even harder to detect hardware based keyloggers. With the regular hardware keyloggers you just have too look at the back of your computer to see if something is connected or not.
Without a doubt, hardware-based keyloggers are the more difficult ones to catch. Software keyloggers must report back to it's primary user in some form (e-mail, etc) and in either case, must transfer out of your system.. by which case, your firewall should pick it up (or like suggested, IDS or anti-malware program).
Physical security is just as important sometimes, and must be monitered just as closely.
He-heh, any hardware keyloggers that work on laptops? :cool:
Yes there are..................OK we are now going into the realms of law enforcement and the intelligence community ;)Quote:
He-heh, any hardware keyloggers that work on laptops?
Yes there are?
Oooohhh, noooooo...
:eek:
Is it possible to install a key-logger on a machine over the internet without the recipient knowing? Then retrieving that information at a later date?
How would this be done and how would you find out if it is done to your machine?
JRUMJ
Is it possible to install a key-logger on a machine over the internet without the recipient knowing? Then retrieving that information at a later date?
Yes, most certainly...............members on this site might remember me testing this about 18 months ago "Lover Spy" it was called. The promoter of it is looking at prime bubba time :D
1. It "phones home" either through a dialler or internet link.Quote:
How would this be done and how would you find out if it is done to your machine?
2. Through a router/firewall that blocks or monitors unauthorised connections and through an IDS that monitors for unusual activity.
3. Scanners :D
4. 9mm Parabellum & fear
As to how it is done.............if you are stupid , you open/download something that you should not.
Otherwise, if you are stupid, you do not understand physical security, or the need for a good lawyer and a pre-nuptual contract?
Is it possible to install a key-logger on a machine over the internet without the recipient knowing?
That's exactly how it's done. I found one on a friend's computer that was activated using Internet Explorer to access about a dozen-and-a-half different bank sites including Citibank, Key Bank, wells Fargo, PNC and e-Gold. Found the tech sheet on it at Trendmicro.jp. It'd activate, record, then send off the data via IRC. Not sure how it got on there, but I'm sure the install was socially-engineered. This one sounds similar:
http://www.theregister.com/2006/02/0...eylogs_losses/
And simple spy ware would find this in your computer correct? Like ad-ware or spy-bot? I would think this would not be difficult to find if you were scanning for one.
JRUMJ old chap,
Please go here:
http://www.ewido.net/en/
The software is on a 14 day trial, after this the interactive protection stops, but as a private user you can still update it and use it as an on demand scanner. It must find at least 150,000 scumware, a lot of which are missed by AVs and more specialist tools.
Then go to http://www.emsisoft.com/en/software/free/ and get A-Squared.
Install and update them then reboot into SAFE MODE and run them. I bet you get a surprise :eek:
Also run your AV in safe mode and defrag as well.............that is cool because all this stuff that gets regularly updated like pattern and signature files will only defrag in safe mode. As they are interacive scanners a fragmented file affects performance ;)
Spybot and Ad-Aware both missed that particular keylogger. RAV antivirus online scan didfind it though. RAV's since been bought out by M$, which is using their AV technology for Vista's built-in AV app.
You do understand how normally that would be taken as a possible social engineer attempt at us teaching you how to illegally put a keylogger on a system without the other users knowledge, right? Just curious... we don't promote malicious activity here, so just for future reference, k? ;)Quote:
Is it possible to install a key-logger on a machine over the internet without the recipient knowing? Then retrieving that information at a later date?