Results 1 to 9 of 9

Thread: tracking Keyloggers to IRC

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    30

    tracking Keyloggers to IRC

    How could I find out if a virus is keylogging and sending data to some IRC channel. I would like to somehow figure out what irc channel its going to. In addition to that i would like to find some program that could trace an IP address to a person in an IRC channel and room. Anyone got any ideas?

    Critter

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    407
    Well, to see if your connected to any irc channel, you can do netstat, and that should show you any live connections. it would be like

    (whatever your computer is named):(port) irc.wherever.com:(port) Established

    If you see something like that, or any connections you think are a little too suspicios, you may have a keylogger.


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    How could I find out if a virus is keylogging and sending data to some IRC channel. I would like to somehow figure out what irc channel its going to. In addition to that i would like to find some program that could trace an IP address to a person in an IRC channel and room. Anyone got any ideas?

    OK you have two different questions here?

    1. If you have a keylogger you should see where it is going from your firewall logs/warning about blocking the outgoing connection? Your firewall and a keylogger detector should warn you of the problem. Depending on the keylogger software, you might be able to find the addys in the code?..........particularly the skiddie stuff.

    Try:http://www.styopkin.com and get "Keylogger Hunter" Unfortunately I think that the best stuff is payware or at least shareware

    2. As I understand it you might possibly be able to find the IP of someone on IRC or P2P in general, but what good would it do if they come in through an anonymous proxy, or worse a chain of them? Even if they came direct, if they are DSL or dial-up, it will change whenever they logoff.

    Now a lot of these chat places monitor for anonymous proxies, and drop the connection, or so I am told, if one is detected.

    You should not try to find a room...........just figure out why for yourself

    Of course the Gentlemen in Langley and the Washington Field Office would have little problem in detecting your goodself, should they so wish I also think that the IRS could do it, as no one has the balls to mess with them? BNDD, BATF are probably up there in the list too?

    Hope this helps

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Slarty's silly take on things:

    Unfortunately now you've typed the above, the owner of any keylogger running on your machine now knows you're on to them and will tell it to self-destruct immediately.

    Consequence: You won't know whether there was one or not.

    Conclusion: be afraid, very afraid

    More sane conclusion: use safe computing practices to avoid getting a malware-ridden box

    Slarty

  5. #5
    Member
    Join Date
    Nov 2003
    Posts
    30
    I don't have a keylogger on my machine. It was just a question i've been wondering.

  6. #6
    Member
    Join Date
    Nov 2003
    Posts
    30
    I don't have a keylogger on my machine. It was just a question i've been wondering.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OH yes you do!

    That is why post #5 and #6 are the same


    Cheers

  8. #8
    Member
    Join Date
    Nov 2003
    Posts
    30
    I can only laugh at that last remark. I pushed enter twice and it submitted it twice.


    Chris

  9. #9
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Critter, I'm sure that was a joke. You'll soon learn that a lot of senior members have a really wierd sense of humour (sorry nihil )
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •