Keylogger question

G

gubar

Posts: 105   +0
Hi,

just been helped clean my system after a keylog infection, posting this question in this general forum because I believe that one is for active help only.

I found the infected file, and it held personal details (passwords etc), thankfully it was caught early.

My question though is, how would this have been used? It was just a text file, not sure if another file was removed during cleaning. Would there have been an application on my computer which would have sent this information out? Or would the creator have tried to access my computer somehow?

Thanks for any info,

gubar
 
I know this information doesn't clearly tell you what the end result could be from a key-logger, but maybe the information may point you in the right direction, as to become more knowledgeable with it.

Information Secured From About.com

Definition: A keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal passwords or credit card information.

Keylogger software is freely available on the Internet. These keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Web server.

Detecting the presence of a keylogger on a computer can be difficult. So-called anti-keylogging programs have been developed to thwart keylogging systems, and these are often effective when used properly.

Trojan Virus Key-logger Information Secured From About.com

In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. Some keyloggers are sold as commercial software - the type a parent might use to record their children's online activities or a suspicious spouse might install to keep tabs on their partner.

Keyloggers may record all keystrokes, or they may be sophisticated enough to monitor for specific activity - like opening a web browser pointing to your online banking site. When the desired behavior is observed, the keylogger goes into record mode, capturing your login username and password.

Some sites attempt to thwart keyloggers by having the user respond to visual cues they must point to with their mouse instead of using their keyboard. However, some keylogger trojans also capture screenshots, thereby negating the effect of this strategy.

Keyloggers and other forms of remote-access trojans tend to be the most determined malware, taking extra steps to stealth its presence, including through the use of rootkits.

The best defense against keyloggers is prevention. One of the most common infection sources is peer-to-peer (P2P) filesharing networks, such as Kazaa, Morpheus, Gnutella, and dozens of others. Keyloggers are also commonly sent as email attachments and via links in instant messages that point to the infected file.

Too often, people are lulled into a false sense of security, believing, for example, that if they simply switch to a different browser they will be safe from harm. It's simply not so simple. To stay safe means becoming proactively engaged in your own security.

Hope this all helps, if not a little bit!
 
You would have to post your question in the Virus and Malware Removal forum. However, before posting please read the "stickies" (permanent threads at the very top of the forum) and follow their directions.
 
Zen said:
I know this information doesn't clearly tell you what the end result could be from a key-logger, but maybe the information may point you in the right direction, as to become more knowledgeable with it.

Information Secured From About.com

Definition: A keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal passwords or credit card information.

Keylogger software is freely available on the Internet. These keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Web server.

Detecting the presence of a keylogger on a computer can be difficult. So-called anti-keylogging programs have been developed to thwart keylogging systems, and these are often effective when used properly.

Trojan Virus Key-logger Information Secured From About.com

In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. Some keyloggers are sold as commercial software - the type a parent might use to record their children's online activities or a suspicious spouse might install to keep tabs on their partner.

Keyloggers may record all keystrokes, or they may be sophisticated enough to monitor for specific activity - like opening a web browser pointing to your online banking site. When the desired behavior is observed, the keylogger goes into record mode, capturing your login username and password.

Some sites attempt to thwart keyloggers by having the user respond to visual cues they must point to with their mouse instead of using their keyboard. However, some keylogger trojans also capture screenshots, thereby negating the effect of this strategy.

Keyloggers and other forms of remote-access trojans tend to be the most determined malware, taking extra steps to stealth its presence, including through the use of rootkits.

The best defense against keyloggers is prevention. One of the most common infection sources is peer-to-peer (P2P) filesharing networks, such as Kazaa, Morpheus, Gnutella, and dozens of others. Keyloggers are also commonly sent as email attachments and via links in instant messages that point to the infected file.

Too often, people are lulled into a false sense of security, believing, for example, that if they simply switch to a different browser they will be safe from harm. It's simply not so simple. To stay safe means becoming proactively engaged in your own security.

Hope this all helps, if not a little bit!
Click to expand...

Hi Zen,

I never realized you had posted this until I recieved instant notification relating to the next two posts - so I'd like to offer a very belated thanks! Very detailed and useful information.

Thanks again,

gubar
 
I didn't see reference to 'calling-home' so I'll offer this:

Any file which contains the data captured is just data (also a very poor implementation).
This would then need to be accesses by some remote command-control server to suck that data up to the intruder,
OR wait for a new browser session to contact the intruders site.

The hard to detect key-loggers would keep data in memory only and thus not disclose their presence via the file (regardless of the file name or location).

They would also have a backdoor(ie: an ipaddress & port) to call-home and push the data collected.
This is where your firewall *might* protect you, but that depends upon the controls in the FW and they very from vender to vender.
Most all can control a destination+port number and some can allow programA to use that pair while restricting all other programs from doing so.

The nightmare is a key-logger calling home on ports 80, 443 or 110
(the first 2 are web server access ports and the latter is the common email reading port).
As we all use these and the FW must open them, the sole stop-gap criteria is the application itself. If your browser is corrupted, then there's no way to stop the data from being pushed.

Now guess the most common FW configuration - -
  • block all incoming, unbound data (ie no existing connection from/to the origin IP)
  • allow all outgoing new connections
 
I think you should also be aware for phishing attempts. They masquerade websites and steal sensitive information. For example, a phishing attack on Facebook would mean that when you enter the website, you will be redirected to another URL which will look exactly like Facebook and when you enter the password they can retrieve it. No one really notices the address and the attack pulls off easily without you knowing it. Newer techniques place a picture of the address of the website you assume you are in, in place of the phishing site's address bar.
 
You must log in or register to reply here.

Similar threads

Shawn Knight
Amazon terminates $1.4B acquisition of Roomba maker iRobot over EU regulatory concerns
Replies
2
Views
175
mbrowne5061
M
midian182
Debates rage after PC retailer denies claim it sent customer an RTX 3050 instead of RMA'd RTX 4070 Ti
Replies
11
Views
137
Marco Mint
M
midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
285
p51d007
p51d007

Latest posts

Back