SpyShelter new leak test tool has been released
I asked them for some example, so they created keylogger based on this leak.

Note about kaspersky; I click restrict. When i click block, leak test doesnt work, it is not surprise.

Thanks maymoons :thumb:

nice;)

Small correction. KIS passes the test. You only need to either disable automatic mode or use the Virtual keyboard.

-{ Quote: "Small correction. KIS passes the test. You only need to either disable automatic mode or use the Virtual keyboard." }-

Sory, You are wrong. KIS failed.
It is not SSLT v1.4 keylogger test.
You can see new test there see picture
I have real app based on that leak (keylogger)

-{ Quote: "Sory, You are wrong. KIS failed.
It is not SSLT v1.4, it is different test.
New leak test didnt released yet officially." }-
Ooops, yes you're right, didn't notice the icon is different in the screenshot.
Any idea when it's going to be posted on their site, or can you PM me the leak test?

Screenshot from test

WOOO i had 100% trust in Zemana ;D
I know this is another lame test but it still counts ::)

-{ Quote: "SpyShelter new leak test tool has been released
I asked them for some example, so they created keylogger based on this leak.

Note about kaspersky; I click restrict. When i click block, leak test doesnt work, it is not surprise." }-
the link to download pls?

-{ Quote: "the link to download pls?" }-

It's on the SpyShelter website unter the video :P
But here you have: -http://www.spyshelter.com/download/AntiTest.exe- :D

The newest SpyShelter new leak test tool is flagged like suspicious by Avast.

I sent to Avast'support a False Positive warning.

SpyShelter is working like a charm here - with System Protection only enable, a very good Real Time Protection!!!

It was also detected by PrevX, Panda, Avast, and G-Data. I reported to Panda and they confirmed it is clean.

-{ Quote: "File name:
SS new leak test.exe
Submission date:
2010-09-02 16:43:05 (UTC)
Current status:
queued (#8) queued (#8) analysing finished
Result:
0/ 43 (0.0%)" }-

I upload virustotal. Result: 0/43 no dedection!
Vendors can download from virustotal.com that file, MD5:8705a896c0e3d3da485188f1147247be

-{ Quote: "It was also detected by PrevX, Panda, Avast, and G-Data. I reported to Panda and they confirmed it is clean." }-
Also detected by Norton as medium risk, and quarantined, unfortunately.

-{ Quote: "I upload virustotal. Result: 0/43 no dedection!
Vendors can download from virustotal.com that file, MD5:8705a896c0e3d3da485188f1147247be" }-

Odd when ever I download Antitest.exe I get MD5: 41f1e55475c4806642cda2f7b519d523

This file has detects from: PrevX, Quickheal, Avast!, and G-Data (Avast Engine)

detected by Comodo av also:)

My comodo AV didn't detect it.

Comodo in Safe Mode with no sandboxing passed all except WebCam, Sound Record and screenshot tests 4 & 5.

A month or so ago, a friend became concerned about the possibility of a keylogger getting installed. A bit of searching around the internet reveals that there have been some exploits. Below are some that I found. Based on this, I determined that one's security against remote code execution exploits, and secure policies about not responding to spam protect adequately against a keylogger being installed -- it's just another binary executable.

Perhaps I've missed something, so I'm curious why one would want a product that actively monitors a keylogger being installed. Are there other ways a keylogger can get installed besides the methods described below?

By the way, based on what other vendors have written in the past about flagging test executables, it would seem the best proof would be to test with a real keylogger malware executable, and not a leak test.

----
rich



REFERENCES

CVE-2010-0806 Exploit in the Wild
http://research.zscaler.com/2010/04/cve-2010-0806-exploit-in-wild.html
MS10-018
-{ Quote: "The vulnerability impacts Internet Explorer 6, 6 SP1, and 7
The binary is a World of Warcraft keylogger." }-Worth reading if you suspect you have recently contracted a Keylogger
Wed, Dec 31 2008
http://www.curse.com/forums/p/71996/376192.aspx
-{ Quote: "A few weeks ago several exploits became publicly available for MSIE (KB960714), and FireFox (UTF-8 and location.hash) which allow for an attacker to execute arbitrary code. The victim does not need to download anything or accept anything (often refered to as a "drive by" attack).
Not only was this dll a password stealer for World of Warcraft. It also attempted to collect your "Secret Answer" to your Warcraft account..." }-EXPLOIT of IE6 Vulnerability in the Wild
April 2006
http://www.nist.org/news.php?extend.102
-{ Quote: "The exploit installs a keylogger that captures bank and credit card information." }-Flash player exploit installs keylogger
Aug 2005
http://www.tacticalgamer.com/hardware-software-discussion/116889-flash-player-exploit-installs-keylogger.html
-{ Quote: "A major use is to install a keylogger to steal the passwords of WoW players," }-Cyber criminals using eCards to deliver malicious rootkit and keylogger exploits
http://www.keylogger.org/news-world/cyber-criminals-using-ecards-to-deliver-malicious-rootkit-and-keylogger-exploits-1209.html
-{ Quote: "The Australian eCard scammers placed a malicious hyperlink in the email, which first sends the user's web browser to an exploit server. The exploit server checks to see if the user's web browser has been patched for the latest software vulnerabilities, and if it's unpatched, the server silently force-downloads a rootkit and a keylogger onto the user's computer before redirecting the web browser to an authentic Yahoo! Greetings card.
The actual exploit, known as MDAC,...
[this is MS06-014]" }-Key Logger Malware: Key Stroke and Screen Capture
October 6, 2008
http://webcache.googleusercontent.com/search?q=cache:NrppttqQU78J:usa.visa.com/download/merchants/key-logger-malware.pdf+keylogger+exploits&hl=en
-{ Quote: "Key loggers, like most malware, are distributed as part of a Trojan Horse or virus, either sent via e-mail (as an attachment or by an infected web link or site) or, in a worst case scenario, installed by a hacker with direct access to the victim’s computer." }-Common spam hides keylogger Trojan
Trojan: Mal/Zbot-U
http://www.sophos.com/security/threat-spotlight/061810-threat-spotlight.html
-{ Quote: "Different Mal/Zbot-U malware may perform different malicious actions, but will typically include keystroke logging.

The spammers behind this scheme use fake Statement of fees emails such as:
In this case, attached to the emails is a file called Statement_of_Fees_2009-2010.zip, which itself contains a Trojan that Sophos detects as Mal/Zbot-U. Sophos also detects the ZIP file as Troj/Invo-Zip." }-Windows Shortcut Vulnerability keylogger
Troj/Chymin-A
http://www.sophos.com/security/threat-spotlight/073010-threat-spotlight.html
-{ Quote: "Troj/Chymin-A was first seen when it attempted to spread by an exploited Windows Shortcut (CVE-2010-2568, detected by Sophos as Exp/Cplink-A).

The keylogging component is dropped in this folder with the filename ".dll" (empty filename, DLL extension). " }-

------------end references-----------------------

I usually turn off keyboard and screen monitoring in Comodo. The chances that 1) I will download a keylogger 2) the AV scan won't catch it, and 3) the firewall won't block it, are pretty slim.

-{ Quote: "Screenshot from test" }-
Hi maymoons! What is this test? The file I downloaded is named antitest.exe and has a GUI.???

To be fair, I tested it against Prevx, and it was detected immediately. However, I 'infected' myself on purpose to see how Prevx did when being 'infected'.

Prevx SafeOnline could not stand a chance against this new TestTool. Even though settings at max on a https site, it could take screenshots, log my keystrokes and access to my clipboard.

What a piece of wonderful TestTool!

I tried it.... I let it RUN!!! Prevx Passed all tests except all the System Protection and Screenshot tests.


Prevx SafeOnline latest stable build. v.3.0.5.199 Settings: MAXIMUM
TestTool: Running as Admin
Browsers: Running as Admin

Prevx Detected the tool (but I let it run and infect me)

Browser: Opera

Keylog (Passed)
Webcam (N/A) (I don't have a webcam LOL)
Clipboard (Passed)
SYSTEM PROTECTION test (All tests failed)
Screenshot tests (All tests failed but...)



Browser: Internet Explorer

Keylog (Failed)
Webcam (N/A) (I don't have a webcam LOL)
Clipboard (Passed)
SYSTEM PROTECTION test (All tests failed)
Screenshot tests (All tests failed but...)


Browser: SRWare Iron

Keylog (Failed)
Webcam (N/A) (I don't have a webcam LOL)
Clipboard (Passed)
SYSTEM PROTECTION test (All tests failed)
Screenshot tests (All tests failed but...)


You had to make Spyshelter TestTool the main window to click the screenshot button... thus Prevx does not intercept screenshots since you have to make the browser the main window for Prevx to block the screenshot. (not really a fail for me but still. as long as it can take screenshot even a tiny corner of my browser I consider it a fail)

-{ Quote: "Conclusion:
Prevx SafeOnline must be working differently under different browsers no? and Opera is working good with PrevxSOL?" }-

Can anyone try KeySrambler?

Thanks

-{ Quote: "Originally Posted by aigle

Can anyone try KeySrambler? "Sic"" }-

Can't you ?

-{ Quote: "Can anyone try KeySrambler?

Thanks" }-

Keyscrambler PASSED Keylogging test. :thumb:
the rest FAILED


Other tests here (http://www.wilderssecurity.com/showpost.php?p=1758188&postcount=22)

Yes, i just tried too. KS did its job well.

Thanks for testing.

-{ Quote: "By the way, based on what other vendors have written in the past about flagging test executables, it would seem the best proof would be to test with a real keylogger malware executable, and not a leak test.

----
rich" }-
This.
Just another marketing tool... :dry:

BTW: I do not intend to say SpyShelter doesn't work. I actually installed the free version a couple of months ago and it's a great, strong and powerful app. I just don't rely on these sponsored leaktests to make decision...

I tested Panda Cloud Free and Avast Free against the SpyShelter KeyLogging test tool and there was no reaction ... :ouch:

Are the other free AV (Avira or AVG) able to detect the SpyShelter keylogger? :doubt:

There is a Free version of SpyShelter if you are scared about loggers :P
There is no (in my opision) free AV (except CIS) that will detect loggers :D

the first post in this thread says Zemana failed this test. I suppose it did technically. But Zemana did PASS all of the screenshot tests and keylogging test. The only test it FAILED was the driver test. So I still say Zemana is very strong in blocking keyloggers.

Has anyone tried it against GesWall?

I would like to understand what the first post in this thread constitutes as a PASS or FAIL. Because it says keyscrambler free PASSED. I am sure Keyscrambler FAILED the registery tests and the screen capture tests. So how exactly did it PASS??? As I said Zemana passed all tests except the driver test.

-{ Quote: "Screenshot from test" }-
Hi, pls tel us what is this test? Thanks

@3x0gR13N
@aigle

Sory, i am a bit late. I was busy, i will upload test tool tonight and i will sent link to you

Thanks. No problem. Take your time until you are free.:)

I sent SS test tool via PM

Ok, got it. Thanks

GesWall- Passed the keylogger test( I renamed it to a.exe ).

CIS- Passed. On default settings treat it as trusted, probably because it,s just a POC. If I run it sandboxed in CIS, Keylogger fails to intercept keys.

On paranoid settings with ProActive mode, CIS gives physical memory access alert, just like GesWall.