Failure of Anti-Keyloggers

Discussion in 'privacy problems' started by aigle, Jun 19, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Martin,s Undetectable Keylogger

    hxxp://www.geocities.com/martinisthebest1703/
    ( change hxxp to http)

    For Modes-- pls it is not a link to a malware( this keylogger is just a test software).

    I tried this keylogger against following security softwares.

    ZA Pro
    Online Armor
    SpySweeper
    SpywareDoctor
    WindowsDefender
    SnoopFree
    Bazooka scanner

    To my surprize, none of them was able to detect this key logger. Only programme that detected thsi KeyLogger was KL-Detector

    hxxp://dewasoft.com/privacy/kldetector.htm

    and it was able to detect the keylogger as it uses a different technique to detect the key loggers. I just wonder if there is a real good Anti-Key Logger software that can be relied upon.
     
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    muk repeatedly polls "getKeyState" - it's not a very reliable method and it can be defeated simply by typing quickly.

    The new OA Kernel mode driver detects keyloggers that use this method.
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    aigle,

    you should make this test using only programs that detects key logger behaviours and not programs that detect key loggers by signature, like SpySweeper, SpywareDoctor, WindowsDefender, Bazooka scanner... ;)
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    BOClean detects it and has for some time, as " someone " sent it to them !


    StevieO
     
  5. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    There was an older thread around here somewhere in which some of the members here did some keylogger tests with Martin's Undetectable Keylogger. I remember Security task manager being one of the programs that could find it too, along with Boclean. But it really is just a test program. It's not like it's hidden like a real keylogger would be, so why should it be detected?
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    There's no reason it should be especially by the programs or method used in testing.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Actually I expected ZA Pro, OA and SnoopFree to detect it as they are based upon behaviour.
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Yep. I had code to detect this behavior ages ago - but because it's not particularly reliable method of keylogging I treated it as a low priority and scheduled it to be included in Kernel mode.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    BTW as u said, I tried to defeat it by rapid typing but no success.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I have no knowledge of Keyloggers but I just think that even if a key logging method is not reliable, it should be detectable( correct?)as I can see on my system it is recording every single click.
     
Thread Status:
Not open for further replies.