RE: Most common keystroke loggers?

["Debasis Mohanty" <mail () hackingspirits com>]

-----Original Message-----
From: Blue Boar
Sent: Friday, December 02, 2005 12:15 AM
To: sjohnston () cavionplus com
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Most common keystroke loggers?

Shannon Johnston wrote:
> Hi All,
> I'm looking for input on what you all believe the most common 
> keystroke loggers are. I've been challenged to write an authentication 
> method (for a web site) that can be secure while using a compromised
system.

> > If, for some reason, you only care about the case where a "keylogger" is
installed, 
> > then you can go with some scheme like making the user pick numbers of a
randomly-scrambled 
> > keypad on the screen, with the mouse.

"Security" and "randomly-scrambled online keypad" are mutually exclusive ;-)


> > Note, however, that "keyloggers" that grab some portion of the screen
surrounding the 
> > mouse pointer every time you click have already been observed in the
wild.  They are 
> > designed to specifically defeat this kind of mechanism.

I posted a similar but yet an effective way of snatching the user
credentials directly from the input boxes while the user key'n them in a
pre-compromised box. The method shown is bit effective compared to the
screenshot grabbers in the sense that it directly get the clear text and the
***** text from the inputbox directly and donsn't save it until the user
submit the form.

The PoC (defeat-citibank-vk.zip) was created to defeat the virtual keyboard
concept of Citi-Bank used world wide. It can be downloaded from the
following link -  http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html .
Presently, the PoC wont work as CitiBank has made little changes in its site
after the release of the PoC. 

- D 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/