A keylogger that bypasses even SpyShelter

Discussion in 'other anti-malware software' started by Oddo, Dec 5, 2013.

Thread Status:
Not open for further replies.
  1. Oddo

    Oddo Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    12
    Location:
    Schweden
    Hello there,

    by coinicdene I just found a little keylogger which installs itself as a firefox adon and is able to bypass SpyShelter (premium version). This software which has been obviously developed for experimental reasons is called "nifty keylogger" and can be found here: https://addons.mozilla.org/en-US/firefox/addon/kl/

    The idea of running a logger as a firefox addon seems to be quite smart..
     
  2. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    I wonder does it also bypass Zemana AL Free.
     
  3. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
    And I wonder if this keylogger bypasses DefenseWall, AppGuard, tightly configured Sandboxie, NovirusThanks EXE Pro?
     
  4. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    yes it does
     
  5. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    Off course it does

    Why do you think Active-X filtering (no add-ons) is promoted as a security measure of IE. Do you really expect that an add-on which surfs on the credentials of the parent application, will be detected?

    :argh: Are you surprised that it hurts when you shoot yourself with a gun? Security is not magic, just programmed code
     
  6. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    We had a similar discussion in this thread. Anyone know if these are generally the same add-ons? The author's name for the nifty key-logger seems really familiar. I swear I read about it on here already.

    This is the other thread that came to mind.
    httx://www.wilderssecurity.com/showthread.php?t=340941&highlight=keylogger
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Tested it on FF v3.6.14

    User Name = Testing

    nift1.png

    Password = 123*$@+

    nift2.png

    So it correctly captured the keys, but missed the fact that i had moved the mouse from the User Name area to the Password area ! Still i suppose it wouldn't be too hard to figure things out.

    Not a peep out of WSA/Zemana/MBAM, but then i didn't expect they would detect anything, due to how it's implimented.

    I have a feeling that i possibly tested this before on here, or something Very similar ?
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Techwiz

    Hi, thanks for the reminder :thumb:
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Being a long time DefenseWall user, I have used Firefox in the past and I know that while running FF as untrusted any addons will fail to install, FF needs to run as trusted for any extensions to install, at least that was my experience.
    So I do believe this keylogger would not be successful against DefenseWall.
    This is of course based on prevention, not detection.
     
    Last edited: Dec 5, 2013
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    I thought keyscrambler might have helped by at least scrambling what the keylogger was recording...but it doesnt.:rolleyes:
     
  11. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Hmm so far it seems the only protection is not to install a keylogging addon in firefox as once its installed ,its regarded as a normal windows process?,Does anything actually detect or warn of this type of keylogging?....or is this whole thing more show than actually being a threat?
     
  12. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
    What happens when you install it on system with HitmanPro.Alert protecting the browser?
     
  13. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    nothing...(using public beta 2.5)
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Simple solution. Dont install the add on. Addon's for FF dont just install themselves.
     
  15. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,769
    Location:
    Nicaragua
    CWS, if SBIE users install a malicious addon, the addon hijacks Firefox and we are done. The KL starts, runs and has internet access along Firefox.

    Bo
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Actually, you're not completely done for if the sandbox is emptied and you didn't recover anything,

    @whitedragon551: One can say that for virtually all malware out there. Extremely unlikely in real-world scenarios unless using unpatched software.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,769
    Location:
    Nicaragua
    I wish you were right but you are wrong. Installing a malicious keylogger/addon is one way that keyloggers can hurt Sandboxie users. Read the last sentence. Bottom line, don't install unknown addons.

    http://www.sandboxie.com/index.php?DetectingKeyLoggers#defend

    Bo
     
  19. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    This is an addon in Firefox. You literally have to search for addons. Read the description and say hmm this looks like a good idea I think Ill install this, install the add on and restart your browser. This is 100% user choice. Even using unpatched software this poses no threat unless the end user is ignorant.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @bo elam: My point is illustrated only 5 lines above in the same link. Of course you shouldn't install unknown addons, but one isn't completely susceptible with the right mindset.

    @whitedragon551: Although sneakier, you literally have to install the malware yourself in virtually all cases. Ignorance is still applied. I'm just surprised Mozilla allowed this in their store.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,769
    Location:
    Nicaragua
    Yes J L, deleting the sandbox is the best recourse we SBIE users have. But CWS was asking "And I wonder if this keylogger bypasses..tightly configured Sandboxie, ...? The answer is yes. If you are using a restricted sandbox, installing an addon that's a keylogger, is the one way that keyloggers can hurt SBIE users.

    The thread is about keyloggers and addons and if you are a Sandboxie user, you don't want to install one cause its gonna hurt you. Personally, I am extremely careful about any addon that I install because I know that SBIE aint gonna do nothing about it. Its good to know what Sandboxie does for us but its more important to know what it doesn't do.

    Cheers:)

    Bo
     
  23. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    +1 Bo.
     
  24. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
    So, the only way is not to install it at all, but could you put restrictions in your SBIE after you installed and block it to do whatever it does?
     
  25. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
    Well, even if you install it and than change it back to untrusted, DW should protect you plus DW and its hips should alert you when this keylogger is trying to do anything-because Mozilla Firefox is untrusted as well everything in Mozilla except Mozilla's own updates/upgrades.
     
    Last edited: Dec 6, 2013
Loading...
Thread Status:
Not open for further replies.