A keylogger that bypasses even SpyShelter

Hello there,

by coinicdene I just found a little keylogger which installs itself as a firefox adon and is able to bypass SpyShelter (premium version). This software which has been obviously developed for experimental reasons is called "nifty keylogger" and can be found here: https://addons.mozilla.org/en-US/firefox/addon/kl/

The idea of running a logger as a firefox addon seems to be quite smart..

 

I wonder does it also bypass Zemana AL Free.

 

And I wonder if this keylogger bypasses DefenseWall, AppGuard, tightly configured Sandboxie, NovirusThanks EXE Pro?

 

yes it does

 

Off course it does

Why do you think Active-X filtering (no add-ons) is promoted as a security measure of IE. Do you really expect that an add-on which surfs on the credentials of the parent application, will be detected?

Are you surprised that it hurts when you shoot yourself with a gun? Security is not magic, just programmed code

 

We had a similar discussion in this thread. Anyone know if these are generally the same add-ons? The author's name for the nifty key-logger seems really familiar. I swear I read about it on here already.

This is the other thread that came to mind.
httx://www.wilderssecurity.com/showthread.php?t=340941&highlight=keylogger

 

Tested it on FF v3.6.14

User Name = Testing



Password = 123*$@+



So it correctly captured the keys, but missed the fact that i had moved the mouse from the User Name area to the Password area ! Still i suppose it wouldn't be too hard to figure things out.

Not a peep out of WSA/Zemana/MBAM, but then i didn't expect they would detect anything, due to how it's implimented.

I have a feeling that i possibly tested this before on here, or something Very similar ?

 

@ Techwiz

Hi, thanks for the reminder

 

Being a long time DefenseWall user, I have used Firefox in the past and I know that while running FF as untrusted any addons will fail to install, FF needs to run as trusted for any extensions to install, at least that was my experience.
So I do believe this keylogger would not be successful against DefenseWall.
This is of course based on prevention, not detection.

 

I thought keyscrambler might have helped by at least scrambling what the keylogger was recording...but it doesnt.

 

Hmm so far it seems the only protection is not to install a keylogging addon in firefox as once its installed ,its regarded as a normal windows process?,Does anything actually detect or warn of this type of keylogging?....or is this whole thing more show than actually being a threat?

 

What happens when you install it on system with HitmanPro.Alert protecting the browser?

 

nothing...(using public beta 2.5)

 

Simple solution. Dont install the add on. Addon's for FF dont just install themselves.

 

It probably is something like this:
https://www.wilderssecurity.com/showthread.php?t=340672

 

CWS, if SBIE users install a malicious addon, the addon hijacks Firefox and we are done. The KL starts, runs and has internet access along Firefox.

Bo

 

Actually, you're not completely done for if the sandbox is emptied and you didn't recover anything,

@whitedragon551: One can say that for virtually all malware out there. Extremely unlikely in real-world scenarios unless using unpatched software.

 

I wish you were right but you are wrong. Installing a malicious keylogger/addon is one way that keyloggers can hurt Sandboxie users. Read the last sentence. Bottom line, don't install unknown addons.

http://www.sandboxie.com/index.php?DetectingKeyLoggers#defend

Bo

 

This is an addon in Firefox. You literally have to search for addons. Read the description and say hmm this looks like a good idea I think Ill install this, install the add on and restart your browser. This is 100% user choice. Even using unpatched software this poses no threat unless the end user is ignorant.

 

@bo elam: My point is illustrated only 5 lines above in the same link. Of course you shouldn't install unknown addons, but one isn't completely susceptible with the right mindset.

@whitedragon551: Although sneakier, you literally have to install the malware yourself in virtually all cases. Ignorance is still applied. I'm just surprised Mozilla allowed this in their store.

 

Yes J L, deleting the sandbox is the best recourse we SBIE users have. But CWS was asking "And I wonder if this keylogger bypasses..tightly configured Sandboxie, ...? The answer is yes. If you are using a restricted sandbox, installing an addon that's a keylogger, is the one way that keyloggers can hurt SBIE users.

The thread is about keyloggers and addons and if you are a Sandboxie user, you don't want to install one cause its gonna hurt you. Personally, I am extremely careful about any addon that I install because I know that SBIE aint gonna do nothing about it. Its good to know what Sandboxie does for us but its more important to know what it doesn't do.

Cheers

Bo

 

+1 Bo.

 

So, the only way is not to install it at all, but could you put restrictions in your SBIE after you installed and block it to do whatever it does?

 

Well, even if you install it and than change it back to untrusted, DW should protect you plus DW and its hips should alert you when this keylogger is trying to do anything-because Mozilla Firefox is untrusted as well everything in Mozilla except Mozilla's own updates/upgrades.