This Keylogger Defeats Zemana And Comodo D+

Once again, in Zemana open up Settings and click Expert Mode in General Settings and again in Expert Settings.

 

Hey Guys,

I wrote 16k in 2007. And until this post on Wilders, no one has ever heard of it. It's a simple program. The source code is available on the website for download and has been for more than a year. It's a proof of concept on how to write a passive keystroke logger. All of this is explained on the website. If you don't know what a passive keystroke logger is, then read the source code.

I'm sure there are other passive keystroke loggers available (written by bad guys) that go right around AV products and intend to do harm, but 16k is not one of them.

Edit:

Here's the source code: http://16s.us/16k/16k.cpp
Here's who it is written by (me) : http://16s.us/address/

 

I think you hit the nail on the head. I am using safe mode not paranoid for CIS. As far as Zemana goes Im not sure why someone else had it catch it. I had Zemana installed with all features enabled. idk I will look into it.

 

I will try this later today to see if I get a different result.

 

Needless to say DefenseWall alerts to it and Zemana alerts to it if in 'Expert' mode. Prevx never batted an eyelid.

 

I have everything on expert mode, which asks for confirmation on every signed applications except signed MS applications, but even with them on ask, it still doesn't ask.

As I said, I have everything on Expert mode. Besides if you set it to expert in one tab, it is also automatically on expert settings in the other tab.

 

The keylogger defeated Sandboxie as well. I opened up the keylogger in a very restricted environment but can still capture my keystrokes in an other sandbox where I keep my browser... however, it's not as if the keylogger can send the sensitive data to anyone as Sandboxie won't allow it any access to the Internet.

 

This is a legit software as that website is the home page of the producer.
Comodo has digital signature for it, so it's not malicious.

 

Could you give more of an explanation? What do you mean by "I opened up the keylogger in a very restricted environment"? What restricted environment?

 

Comodo doesn't need to be on paranoid to block it. Execution control has to be set limited or higher. Sandbox settings should have automatically trust trusted installes and automatically run installers/updaters out of the sandbox, unchecked.

 

This +1
For better protection on Comodo

 

Not a bypass. SBIE doesn,t block simple keyloggig infact. Not a feature of it i mean. It can however stop the data leak by keylogger according to its configuration.

 

Yes, but you might still want to be aware of and choose to block a legit keylogger. Zemana AL has an option to:

"ignore certificates and ask for confirmation for all keyloggers (so called Employee Monitoring)"

 

I sent a message to a Zemana Blog
and answer :

http://i54.tinypic.com/16k84lv.jpg

e mail : http://blog.zemana.com/2011/01/zemana-antilogger-x64-antikeylogger.html

note : I used google translation to translate to English

 

Comodo D+ does have an option to disable auto trusting, it's just their lazy users asking them to white list every single damn thing on earth.

The first thing i do when installing Comodo is ALWAYS disable auto trusting and deleting the whole vendor list. PERIOD!

 

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

If nobody in the Norton community used this file then it will give a yellow warning with the following message: You are the first user....

But you can run the file if you want to run it.

If WS.Reputation.1 kicks in then Norton analyzes as a threat and removes it from the system.

 

Not sure about the trusted installers one. What's wrong with trusting their whitelist? Personally I think it makes our lives easier.

Now the other one, running installers outside the sandbox automatically, I agree with, I think. Why on earth would they have this checked by default? I suppose it allows for easier installations and installations that work, but it also allows nasties to get in much more easily. I am on the fence about this setting.

 

Nothing wrong if they allowed us to disable it (With that i mean create my own trusted installer list)

 

To clarify - SafeOnline does protect against this threat as long as you are typing on a secured website (which is what it intends to protect). The file uses a very simplistic keylogging technique which is blocked by SafeOnline and every other antikeylogger that I'm aware of. We haven't bothered marking it as malicious via signatures as SafeOnline will protect all entered data.

 

KIS also blocks it, if you disable trusting apps with a digital signature on PDM.

 

I didn't say there was anything wrong with it, I was just curious why people would, that's all.

I've also seen you use that rolling eyes quite a bit...you do know in what context to use that emoticon right?

 

Just for the records... browser security in ZA Extreme jam the keylogger (on defaults).
The keylogger log keys but the wrong ones...

 

Thats the coldest one

 

Hahaha, i just love using emoticons (I'm kiddy)

Because, it's trusting things i don't want to, even if it was legit.
Ex. Let's say your cousin installs a keylogger in your PC made by company Noob, then D+ auto trusts that file because it was signed by company Noob.
Wait what . . . it's allowing my cousing to keylog me?

Anyways, why would you trust 99% of those companies if you don't even know them!
I have read like 1/5 of that list, and i can swear i don't know like 90% of it! (And that's a conservative number)

It's like trusting your PC to unknown dudes . . .

 

I do hate the fact there's no easy way to remove all those trusted software vendors from COMODO's trusted vendors list, except removing one by one They are so many! The last time I tried COMODO in a virtual machine (like 2 months ago), there was no way to remove them, other than that.

Has it changed