Ultimate Keylogger on Giveawayoftheday

[muf]

I'm confused about this "physical access to your pc" to install a commercial keylogger. Surely if a hacker has negotiated past your defence they could install one of these commercial keyloggers just as easily as a none commercial one. Have I missed something glaringly obvious here?

muf

[alex_s]

Quote:

Originally Posted by muf

I'm confused about this "physical access to your pc" to install a commercial keylogger. Surely if a hacker has negotiated past your defence they could install one of these commercial keyloggers just as easily as a none commercial one. Have I missed something glaringly obvious here?

muf

Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you.

[TechOutsider]

Quote:

Originally Posted by firzen771

that is because a lot of programs dont detect commercial keyloggers ON PURPOSE. this doesnt mean u are less secure, as long as you have a password to your user account, there should never be a prob with someone installing a commercial keylogger like this without u knowing, and who in ur house would want to anyways?

well most people don't design their own keyloggers.

[Fly]

Quote:

Originally Posted by alex_s

Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you.

Generally malware is installed on people's computers without their knowledge. So what's your point ?

I would think that, in addition to a backdoor, trojan, rootkit (to name a few), a commercial keylogger could be installed. I'm sure 'hackers' won't care much for copyright

If signatures exist for the keylogger in question, they could make modifications to adapt.

I tend to think of the creation of keyloggers as unethical.

Employers spying on their employees, parents on their children, it's just wrong.

I'm sure you can come up with exceptions, but rules tend to have exceptions

[muf]

Quote:

Originally Posted by alex_s

Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you.

I'm also at a loss at what point you making. You think keyloggers come from sources other than hackers? Not many. Regardless of how a keylogger gets on your pc and whether it is commercial or none commercial the two types still do the same thing, that is to log your keystrokes or screen capture.

What i've often wondered is why security application's discriminate between them. I don't want any type on my pc so I'd like my security app to tell me about any application or file that is on my pc that is capable of logging keystrokes. It's as if the commercial keyloggers have a 'get out of jail' card they can use on all the security apps. I just don't get it. "They used a commercial keylogger to get your credit card details. Sorry but we don't detect commercial keyloggers". Like I said, I just don't get it...

muf

[alex_s]

Quote:

Originally Posted by muf

I'm also at a loss at what point you making. You think keyloggers come from sources other than hackers? Not many.

commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"

Quote:

Regardless of how a keylogger gets on your pc and whether it is commercial or none commercial the two types still do the same thing, that is to log your keystrokes or screen capture.
What i've often wondered is why security application's discriminate between them. I don't want any type on my pc so I'd like my security app to tell me about any application or file that is on my pc that is capable of logging keystrokes.

Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place.

[jmonge]

Quote:

Originally Posted by alex_s

commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"


Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place.

that's why i believe after your firewall a hips program is a must to protect the entire system in real time

[subset]

Quote:

Originally Posted by alex_s

The problem may originate from executable been signed by trusted vendor, for example.

Surely not.
Just allow the installer to run and see what happens.




Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers

[firzen771]

Quote:

Originally Posted by alex_s

commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"


Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place.

thank you, ive been trying to explain how this type of keylogger is an actual commercial program that needs to be installed with an installer and to do that u need to actually physically be at the computer and install it, so tbh i dont really care if this app and others like it are whitelisted for parents i suppose, since my user account is passworded and nobody uses my computer other than me thx alex

[alex_s]

Quote:

Originally Posted by subset

Surely not.
Just allow the installer to run and see what happens.

Attachment 206979


Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers

As far as I see ukl is trivial windows-hook based keylogger. Nothing too special there. I dunno why OA allows it. The reason can be anything but not inability to catch winhooks.

[MikeNash]

Quote:

Originally Posted by subset

Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers

Recognized and fixed.


Mike

[Blue Ring]

Quote:

Originally Posted by 333halfevil

Seems Online Armor doesn't detect the keylogging, screenshots or clipboard logging.

Nor does Zemana detect it...It's definitely logging however.

Not surprised at all that Zemana failed to detect it.

[aigle]

CFP detects the global hook it installs. Once denied this hook, keylogger can,t work and is shut down.

[aigle]

Also labelled suspicious by heuristics.
If allowed to hook, it can log keystrokes and clipboard without any pop ups but screen capture still can be detected by CFP.

[aigle]

GesWall- I tried by running keylogger inside GesWall.

1- Keys logging -- GesWall PASSED
2- Clipboard loggingt --- GesWall FAILED
3- Screen capture ----- GesWall FAILED

It,s interesting as latest GW now claims to intercept clipboard logging and screen capture. I will post over there forums.

[aigle]

Quote:

Originally Posted by subset

Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers

Hi, can you tel how did you test?

[subset]

Quote:

Originally Posted by aigle

Hi, can you tel how did you test?

OS: Windows XP SP3
I have tested it with the GOTD installer (Setup.exe) and the installer from their website (ultimatekeylogger.exe).
Both with the same result.
After I allowed only the installer to run (Untrusted), the UKL starts up right after the installation is finished and is able to record inputs and actions, like visited websites etc.
There is no other OA pop-up and the UKL process is Untrusted in OA Programs, which is pretty irritating.
But it will be solved anyway.

Cheers

[Dark Star 72]

Sorry for the delay coming back to this thread but Zemana Antilogger does detect and block Ultimate Keylogger, see the screenies. Only managed to get the second pop-up, the first one came up before the installation of Ultimate Keylogger was finished, it appeared to install and the pop-up shown here came up. Blocked both, and they show as such in the screenshot from Zemana. Although there is a short cut on the desktop and an entry in Start > all programes Ultimate Keylogger appears to be dead, it cannot be opened.

[aigle]

Quote:

Originally Posted by subset

OS: Windows XP SP3
I have tested it with the GOTD installer (Setup.exe) and the installer from their website (ultimatekeylogger.exe).
Both with the same result.
After I allowed only the installer to run (Untrusted), the UKL starts up right after the installation is finished and is able to record inputs and actions, like visited websites etc.
There is no other OA pop-up and the UKL process is Untrusted in OA Programs, which is pretty irritating.
But it will be solved anyway.

Cheers

Are you sure it is the proper way to test. When you allowed it to install and run, it already has hooked the system, so after that yoiu are not supposed to get an alert from a HIPS.

This is the way I tested. I disable CFP. Installed UKL and let it run. Then I killed it via ProcessExplorer. Enabled CFP and then started UKL by double clicking the main exe. CFP alerted about its execution and allowed it to run. It was the pint when i got a pop up alert about a global hook that if I block, keylogger is dead.

CA=an you test like this? If u allow this hook, keylogger wil work without any more pop ups( except for screen capture).

[aigle]

Quote:

Originally Posted by Dark Star 72

Sorry for the delay coming back to this thread but Zemana Antilogger does detect and block Ultimate Keylogger, see the screenies. Only managed to get the second pop-up, the first one came up before the installation of Ultimate Keylogger was finished, it appeared to install and the pop-up shown here came up. Blocked both, and they show as such in the screenshot from Zemana. Although there is a short cut on the desktop and an entry in Start > all programes Ultimate Keylogger appears to be dead, it cannot be opened.

Hmm... where is the 2nd pop up? Also what about screen capture alert?
Can u try like i posted above?

[Dark Star 72]

Quote:

Originally Posted by aigle

Hmm... where is the 2nd pop up? Also what about screen capture alert?
Can u try like i posted above?

The screen shot above is the second pop-up, the one I got after it appeared to have installed. There is no screen capture alert, Ultimate Keylogger is neutered, it does not run. Will have another go later to see if I can capture the first pop-up again that I got while installing.

Have just shut down Zemana, stopped protection, and I can now open the Ultimate Keylogger GUI. Reactivated Zemana and it does not detect Ultimate Keyloggers presence. Will see if I have time later to activate Ultimate Keylogger and see if Zemana detects it when it is active.

[Dark Star 72]

This is the first pop-up received when installing Ultimate Keylogger with Zemana enabled. I blocked but once I had clicked block it continued to install leading to the second pop-up as in my previous post which I also blocked. Again, I was unable to open or activate Ultimate Keylogger unless I disabled Zemana protection, on reactivation Zemana again failed to detect Ultimate Keylogger although the GUI was open and I was typing in Notepad. Very strange.

[subset]

Quote:

Originally Posted by aigle

CA=an you test like this? If u allow this hook, keylogger wil work without any more pop ups( except for screen capture).

Unfortunately the same result like before, the way of testing makes no difference here.
And there is no prompt about a global hook or whatever, only some prompts if I open the UKL logs.
Let's say it's related to the Beta status of this OA version.

Cheers