Javascript Keylogger Test

I couldn't get this to start for some reason ?

Anyway, some of you might like to see if it'll run for you, & then test it

Forget about whether or not your AV/AM detects it, that's not the point What is though, do dedicated Anti KL Apps such as Zemana/SpyShelter/Prevx/Trusteer/KeyScrambler etc etc detect it, and/or block the logging ?

So let's see what happens, if you get it to run etc that is !

From the readme.txt

 

I thought at least a few of our Super keen testers would be onto this & posting their results by now !

Maybe you couldn't get it work either, or ?

Be nice if you could as i couldn't but really wanted to

EDIT

Well i've just heard by PM that a Major testing house is Very interested in this Even if nobody else is yet anyway ! So expect to see them using this technique in future testing

 

Hmm... I missed it. Sure will test but busy at the moment. Wil post back after some days or more, I hope.

Thanks, looks very interesting indeed.

 

Can,t download the file.

 

Better place to get it is here:

http://code.google.com/p/javascript-keylogger/downloads/list

It's actually an old test (old as in April 2010) and it's not being developed anymore.

 

Look forward to it

I didn't post that link just in case it wasn't allowed Your link is in my link

@ jmonge

 

I've tried OA++ in Fx 6..result - failed
Please see the attached screenshot..
waiting to see comodo d+ along with dedicated antiloggers..

 

WebrootSecureAnywhere = PASS

EDIT: WSA detects it on execution. So I rebooted to a fresh snapshot, turned off WSA install the key-logger and tested it.
All key strokes were captured.

Enabled WSA via the start menu and as soon as WSA started the Key-logger was detected and shut-down + quarantined.

 

How about getting it out of the Quarantine and make an exception for it and see if SafeOnline/Identity shield can block the logging technique itself?

 

Windows 7

 

Got it working myself on my win7 x64 VM, with Opera 10.50. Put protection for both HTTPS and HTTP sites to max and it was able to log keystrokes, though I'm not sure if WRSA was protecting it as it is a local HTML file, not an URL.

That's because the keylogger.exe is a local server listening to the keystrokes send by the Javascript to local IP, and Windows firewall doesn't give it access by default.

 

This was also what I was thinking. Did further tests, with an interesting outcome.
Restored the file from quarantine GO WSA

I am limited to 5 uploads, the results are repeated, either blocked or not.

IE was only partially bypassed(intranet setting turned off by default) With only the first keystroke being captured. This was identical for all tests with IE.

Chrome was completely bypassed
The fullscreen shot is where specific protection was added for that particular page by WSA identity shield, but as mentioned above it is not a URL and I expected this to fail.

 

i was only able to make the first test work.

anyway, IE9 on W7 passed.
Chrome failed.

for the last couple months my daily browser has been Chrome while IE9 is only used for sensitive stuff/online banking.

after this test, i feel better for having used IE9 for banking.

 

good idea

 

That makes perfect sense.
One good thing about Chrome is how quickly they patch.
Seems like much faster than IE vulnerabilities.

 

anyway, i did the test with UAC on which means IE was in Protected Mode.

i don't know if IE9 would still be protected with UAC off though...

 

did anyone test spyshelter please share ur findings?

 

What exactly were you testing? The browsers or WSA? If the latter, then why does that mean that Chrome was completely bypassed? Wouldn't it be WSA?

 

WSA was at no time bypassed, if I take the key logger out of quarantine and restore it back to my system and allow it, what outcome do you expect

I had to ignore 4 security warnings for it to work in the first place

As for IE and Chrome, well IE partly blocked the logger and Chrome didn't.

This test has absolutely no scientific value at all, BoerenkoolMetWorst asked me to restore it from quarantine and I did.
Then posted my results

 

My test:

Antivir - no reaction
OA detected start of program - passed
Threatfire detected Internet connection - passed
FF + Noscript - passed > Noscript turned off - passed
Keyscrambler changes every key - passed

 

good test

 

I guess because it's not a typical one-exe-keylogger like those "in the wild". The AV companys must first find and consider this keylogger as a threat and would then add the signature of this KL. This KL is a much better test for behaviour analyser.

 

check my post @ 7.21

 

Oh, OK. Now I understand the test you've done. I was confused, because I didn't understand what exactly you were testing, if WSA or the browsers.

I got a vague memory that IE treats local htmls differently, blocking certain actions.

I may be wrong, though. There's been a very long time since I last used IE, in a proper way.

I don't have a test system. Still, you could always block JavaScript in Google Chrome, and then allow on a per-site basis. I'm talking about real situations, not necessarily this test. I'm wondering if this would make Google Chrome block the keylogger or if there's more to it?