Security Basics mailing list archives
RE: Key Loggers
From: "Scan America" <ghewitt () scan-america com>
Date: Mon, 27 Oct 2003 15:52:27 -0600
Ivan - I have had success finding and isolating Key Logging software with commercial anti-spyware products. The one I am using is Spy Sweeper (www.webroot.com) Keyloggers are explicitly sought, as well as variants (called traces). I "swept" one machine, only to find over 800 spyware instances, with nearly 3000 "traces." Basically, this means there were 800 different bugs and almost 3000 different forms of those 800. There is one I particularly despise, called Gator, which implants itself in the Registry, the startup programs and executables that are started by other Windows programs. It is a way of re-seeding itself and most humans won't be able to root it out of the registry. It also will seek out other hard-to-find instances of "malware" such as in-memory spyware and cookies of all types. For cookies you know you want to keep, you can tell the product to "always keep" certain cookies. Spyware that is caught is quarantined and you must go there to delete the references. In the Quarantine folder, yyou can see the explicit path to the spyware trace and the exact form of spyware it is infected with. At that time you can delete it or restore it. Note also that I do not sell, re-sell or represent webroot in any form. I am sure there are other products that also do a good job. This product works like AntiVirus software, in that it provides a subscription to their server-based list of spy-traces and you periodically update the spy definitions. Currently it has 13,012 known spy traces. Like AV software, you can test a drive or drives for spyware and/or schedule regular sweeps to run at specific periods of time. Gary M Hewitt, Pres Scan America Brookfield, WI ---------------------------------------------------------------------------- ----------------------- -----Original Message----- From: Alfred.Diggs () STIS com [mailto:Alfred.Diggs () STIS com] Sent: Friday, October 24, 2003 6:17 PM To: ivan.hernandez () globalsis com ar; s7726 () yahoo com Cc: security-basics () securityfocus com Subject: RE: Key Loggers A few ways to find keyloggers. 1. Check your task manager for anything out of the ordinary. (after a few years of windows you know all the running apps.) 2. Run a firewall on your computer like zonealarm as it will block (or at least ask) and email servers from sending out email. (most keyloggers have a build in email server) 3. You can try writing some funky word and then searching for it but most keyloggers encrypt the data and it may not be found easily (be mindful if while your typing your special word you change a character it will be recorded as myspecii<BS>alword BS=BackSpace to kill the extra i) Good Luck Alfred -----Original Message----- From: Ivan Hernandez [mailto:ivan.hernandez () globalsis com ar] Sent: Friday, October 24, 2003 3:56 PM To: s7726 () yahoo com Cc: Security-Basics Subject: Re: Key Loggers s7726 wrote:
Is there a way to determine if a running process is logging keys? Can you say look at whether or not it is implementing hooks or something? I am interested to know if someone has put a key logger on a few machines. Thank you S7726 at yahoo dot com
I would first (in doubt) disconnect the machine from the network and start analysing the traffic, then search for any changing file each time you press a key ! also writing a strange word and searching for it can be useful sometimes ivan hernandez --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Key Loggers s7726 (Oct 24)
- Re: Key Loggers Ivan Hernandez (Oct 24)
- Re: Key Loggers Eric Hagen (Oct 27)
- Re: Key Loggers Al Sez (Oct 28)
- Re: Key Loggers ~Kevin DavisĀ³ (Oct 29)
- Re: Key Loggers Eric Hagen (Oct 27)
- Re: Key Loggers Ivan Hernandez (Oct 24)
- <Possible follow-ups>
- RE: Key Loggers Alfred . Diggs (Oct 27)
- RE: Key Loggers Scan America (Oct 27)
- RE: Key Loggers s7726 (Oct 27)
- Re: Key Loggers Rense Buijen (Oct 27)