How to Prevent Keyloggers?

[Cozy Monica]

Some time ago, I saw that there was a huge epidemic of some virus that could be installed whenever you visited an infected website through your browser, and it added a keylogger to your computer.

This left you vulnerable to having your banking information, all of your logins, anything you typed, stolen.

I've talked to a few people in the biz that have had trouble with domain names being stolen because of this. A keylogger grabbed their logins and the thieves went to work quickly changing all of your domain name information so that they would now own it.

I find this concerning because when I read about keyloggers, there doesn't seem to be any sure fire way to prevent them. A lot of virus scanners and spyware scanners simply do not detect them, and even when detected, they can be very difficult to remove.

Does anyone have any experience with this or advice?

[balls_deep]

if you are browsing without blocking scripts you deserve to be logged and hacked.

Is anyone still using ie?

[Cozy Monica]

Thing is, this can be coming from sites you trust, because the sites themselves are infected. They just pass on the virus. So you can be choosing to allow scripts on a site you trust, and boom, you've got problems.

[Hyballs]

Thats going to be a pain in the ass if it becomes widespread....or is it already?

[Hammer]

Another good reason to use Macs I guess.

[Titmowse]

When I use the Windoze, I always use TypeItIn for my passwords. I dunno if it helps but it can't hurt:

http://www.wavget.com/typeitin.html

It's pretty handy for submitting galleries to multiple TGPs too.

[Cozy Monica]

One thing I learned while reading up on this is to use tools like you've mentioned Titmowse.

If you use something to remember logins and fill in forms for you, or even copy and paste things instead of typing them, then a keylogger can't nab it because the item was not typed.

However, most of the keyloggers are installed with a tool that also does screen captures, so you have to somehow find something that won't actually show the password on the screen, just a row of stars or something. Although most logins are like that.

Hyballs, it was pretty widespread last year so I'm not sure how much of a problem it is now. But it does still happen.

[Titmowse]

I had not heard about the screencap thing.

Hell, I don't know. I have run a few keylogger removal programs in the past but never found anything. Most of my problems come from stoopid spyware and browser hijackers.

Go Linux, baby! You don't need a dual core processor. You can boot up in either windows or whatever Linux distro you choose. Hell, there are some distros you can run entirely from a USB memory stick.

These days, I just run Windoze so I can make Flash animations.

Come to the OpenSource side...the water's fine!

[Boonestoons]

Quote:

Originally posted by Hammer
Another good reason to use Macs I guess.

Don't get too comfortable with a Mac. Sure they're less likely for hackers to attack but because of this a well intentioned hacker would catch millions of Macs unawares if they really wanted to.

[pyratas]

Monica,

I'm quite sure the commercial freebies will kill any cooties, but always run them in safe mode and afterward use a registry cleaner for the final cleanup.

For example, if you're referring to a logger that can take *screenshots*, you're looking at a program implement only running as an executable.......Even at server level this cannot be hidden.

The only thing I can think of is the goverment's "Magic Latern" which is somewhat of an urban legend/myth by now, but I have heard that several AV companies sided with them and decided NOT to to add it to their detection (years ago). However, I'm guessing that Magic Lantern is long gone already.

I can't even install a logger on my company's servers without going through many loopsholes (basic Symantec pics up everything available upon installation), and luckily I talked management out of not using them, Suckers.

As far as I know, MS systems in Safe Mode cannot hide background programs. If anyone knows otherwise, let me know!

Boot in Safe, check your running programs, google anything you're wary of, and run the top anti-logging software (spybot? Still? I suppose yes!)

All the crap found in cookies and registry won't be capturing screens or keystrokes as you've described as far as I know, and I've been doing this for a long time now.

--Jamie

(IT of 8 years)

[crockett]

Quote:

Originally posted by Hyballs
Thats going to be a pain in the ass if it becomes widespread....or is it already?

It's not like Macs are any better about being secure. The hackers in most cases just don't bother.

There was a virus on Macs not long ago and it shows just how full of shit Apple is. They didn't publicly release the info until someone else came forward.

So if that's the case, who knows how many other times Apples have been infected but no one was notified. At least MicroSucks is upfront and honest about it.

If Apple's were more used you would certianlly see more public exploits on them aswell.

[Cozy Monica]

Hey Pyratas, it's awesome to get your feedback on this as you have a lot more knowledge of such things!

I wasn't sure that Spybot could catch keyloggers.

I guess the reason I thought it couldn't is I read an article where someone installed a keylogger as an experiment and ran their various antivirus and antispyware programs to see if they could find them, and they didn't, including search and destroy.

[pyratas]

Quote:

I guess the reason I thought it couldn't is I read an article where someone installed a keylogger as an experiment and ran their various antivirus and antispyware programs to see if they could find them, and they didn't, including search and destroy.

I'm guessing that since you didn't put a link to the article, it's not remembered where it's from.

I'll try to find a similar article and recreate the experiment at work.

There's a number of loggers out there, so, I'll try a handful and see how to catch/remove them if spybot in safe mode doesn't work.

I'll report back in a couple days in this thread!

Thanks for the info, I love tinkering with our network and getting paid to experiment!

[artwilliams]

This will fix you right up, guaranteed

[Cozy Monica]

Pyratas, make sure you start a new thread for your experiment, I'm super interested!

[pyratas]

Quote:

Pyratas, make sure you start a new thread for your experiment, I'm super interested!

Funny you should mention new thread, I'm actually working on a new SITE for this sort of stuff using Joomla.

It's called "The Angry IT" and has tech reviews, networking advice, ethical hacking techniques/tips, an "Ask the IT" section, and drops more "F-Bombs" than Richard Pryor!


Anyways, I'll let you know the results of keyloggers of various formats by Monday.

[raymor]

Quote:

Originally posted by crockett
It's not like Macs are any better about being secure. The hackers in most cases just don't bother.
...
If Apple's were more used you would certianlly see more public exploits on them aswell.

If you understod the history of Windows or
Mac OS X, or had a basic understanding of
the two systems, you wouldn't think of saying
such thing. The whole idea of Microsoft operating
systems from the very start was to provide a
system that was stripped of any mutlti-user or
network related features, primarily security features,
so that the system would run with 4MB of RAM.
That's why is was called DISK operating system -
it ran from a DISK rather than being a network
operating system like BSD, on which OS X is based.

Network operating system like OS X are based
on the assumption from the very beginning that
many people will be using the system. For decades
now BSD type systems have thus needed to protect
one user's stuff from another user, and protect the
system itself from all of the users so even if I give
you a login to my system you can't mess with
anything. Microsoft's system have been based
on the opposite assumption - there's just one user
using the computer in their own home. It's not
connected to network, so there's no need to worry
about any kind of security. Microsoft has been
playing catch up trying to stick hundreds of bandaids
all over the place now that virtually every system is
connected to the internet. There still working around
their core system that has no security support, though -
no file permissions, ownership, etc.
That's why the National Security Agency uses
POSIX systems similar to FreeBSD or OS X -
the whole system has always been designed for
security. Specifically the NSA uses Linux, but
Linux FreeBSD and Mac OS X share the same
pedigree.

[pyratas]

Test #1 is done --

I'm using 5 keyloggers on multiple systems, using a variation of security and detection.

I will run 4-6 more tests this weekend and produce my results for all.

(Please note, this is all XP based)

--Jamie


Believe me, I'm interested in the results as well!