Interesting keylogger test

which is why it is a good practice to reboot immediately before using a credit card to pay on line.

 

I wonder if any of the malware programs would detect this keylooger, like a-squared Anti-Malware, Spyware Terminator, or Windows Defender? And still wondering about Dynamic Security Agent.

 

SafeSpace (with 'block keyloggers' activated) renders this keylogger useless when running in safespace. Even keystrokes entered in apps running in safespace are not detected by the keylogger.

Pretty good result for a free app.

 

Figured I would give the "on screen keyboard" a try that's built into XP.
And it failed also.
I guess that might just help with maybe a hardware keylogger.

 

You are very right about this. Keylogger seem to act immediately, but they have to be on board first. You don't get keyloggers that easy, unless you visit and download everything on the internet.

I use the same method as Long View : reboot first, which removes any keylogger as a "change" and then I go directly to the website.

My bank, which was the most dangerous activity (money !!!) on my computer, created such a complicated login procedure, that no keylogger is able to steal it. The password is changing constantly and the thief must have several attributes, to calculate this password, even a hardware device.

My freezing doesn't remove keyloggers only, it removes ANY change. Never heard of a scanner or any other software or real-time shield, that removes ANY change. The all remove something, but not all of it.

 

But can it remove the information that has already been taken?

 

Lol, that is very logical. But I guess the case of a hardware placed keylogger is for home users nearly 0 and if you´d be in a office you could check the keyboard cable.

No.

 

Of course not. When I remove any keylogger as a bad change, there is no keylogger to take information.

 

that's pretty impressive. safespace is a sweet app.

 

I reported failure of GW against this keylogger and have got a response from Brian. They will fix it for 32-bit version of GW.

 

Hi All

Would welcome some advice please.

I have Online Armor Free and Prosecurity and KKEYLOGGER TEST is kept in my downloads directory. I login to Windows XPSP2 as an administrator account

When I click on KEYLOGGER TEST I get pop ups from both Prosecurity AND Online Armor. So both are doing their job, BUT when I click Block from the popup I get the following message:

"Windows cannot access the specified device, path or file, you may not have the appropriate permissions"

Well as I said its an administrator account and Run Safer is not activated in Online Armor so there should not be a problem.

Then it gets weird, if I open up either Prosecurity or On line Armor I can then BLOCK KEYLOGGER TEST from within. No Windows messages about permissions.

Questions

1) Could this be a function of the Kelogger test?

2) Anybody else experienced it?

3) Hoow do solve it?

Thanks

Terry

 

Hello,

This method is totally unknown and new to me, and apparently for some security vendor too. I am currently investigating this keylogging method to add it to AKLT. I have already a rushed working version but I have to test it more.

Does someone know the discoverer and author of this tool ? Is it the "wuliyen" from the first forum link given on the first post ? Credits will be given to the author.

Regards,
gkweb.

 

Hi gkweb! Thanks for your time. I have no idea about the author. I just got it from PC Tools forums, from the mentioned thread.

I just PMed him and will let you know if I got any info!

 

DSA, DSA , DSA. The chant continues. Can Dynamic Security Agent stop the holy terror, that is this keylogger test?

 

How about sharing a link for EQS 3.5 that most of us can find. Would be greatly appreciated and especially interesting IF 3.5 is this formidable against intrusions.

Boot-To-Restore with Frozen snapshot is useless since keylogger would already captured you input.

LAYER APPROACH is infinitely more reliable in this case. Frozen snapshot is vulnerable to many exploits, even FD-ISR's permissions are easily by-passed with the likes of XYPloyer, so i wouldn't put all my eggs in just one basket.

 

The same applies to Deep Freeze (Reboot-to-restore).

The question I ask of myself is, how will a (software) keylogger get installed? It is an executable; how will it get installed? Is the probability of that happening such that I should worry about it?

On another front, it's been shown that a XSS script can send out the information you type while on a web page that has such script embedded. To me, that is more worrisome than a software keylogger.

----
rich

 

You can Google it and get a RC EQS 3.5 setup installer. I'll be checking this out tomorrow for sure.

 

I think so, the problem of a executable could become overshadowed eventually by keylogger scripts/exploits focussed on browser attacks who knows, anything is possible.

 

I concur with the above.

/C.

 

Is this the sort of thing that the noscript add on for Firefox is supposed to handle ?

 

Yes Currently, NoScript is the only tool against XSS.

 

Thanks - was worried for a millisecond - can now go back to being irresponsible.

 

Hello,

I have just released AKLT v3.0 which includes this new keylogging method :
http://www.firewallleaktester.com/news.htm

I had to add it to make AKLT complete, it has now 7 keylogging tests. Moreover, it does not use at all .NET, thus people who couldn't previously test will now be able to.

Thanks to aigle to have mentioned to me this topic.

Regards,
gkweb.

 

Are you sure?
https://www.wilderssecurity.com/showthread.php?t=188457&highlight=lINKsCANNER


https://www.wilderssecurity.com/showpost.php?p=1040594&postcount=14

 

I've been told that LS' solution doesn't cover all the XSS types and it's very basic currently.
NoScript is much more powerful and hard to bypass.