Javascript Keylogger Test

It's always a pleasure reading your sharp thoughts about software, m00nbl00d! I'll add you as a friend, as you seem to be as interested as I am in security!

 

I'm pretty sure that Chrome would block all of these KLs too. So i fully trust NoScript for FF, but i always see it as only one security layer.

 

Without NoScript: fail
With NoScript and site allowed: fail
With NoScript and site blocked: pass

Whether the lauching of the executable or internet connection of the executable is blocked by the software does not matter for the test. The keylogging is done by the javascript, and would then normally be sent to an attacker, however it is sent to an internal IP adress and the executable is just a local server receiving the sent keystrokes.

Also, I'm not sure if the keylogger is compatible with all browsers and versions, it doesn't seem to work on some, and I don't think that is because of protection from the browser. The keylogger is already a year old after all.

 

A majority of the AV labs are not detecting the file.

 

That is what I had expected, thanks

 

Thanks guys for testing so far Still a few possible Anti-KL's missing that could be tested though, if you get the chance I only wish i had been able to as well

Interesting that many AV/AM's are still failing to notice it after over a year I guess it "might" be due that www etc being way off their radar But the main purpose of this test is not their detection etc, but rather if Anti-KL's intercept & block it etc

Quite revealing how different browsers are able to handle it, or not !

 

Both Spyshelter and Zemana fail on Win7 x64 - not a peep out of either of them. I couldn't get the keylogger to run on XP or Vista x86. However, I'm not at all convinced that this keylogger has any similarities to the approaches used by real malware, hence the failure to detect/prevent it by most applications. Because of its 'local server' approach it appears to be hooking Winsock dll's rather than the approach of Zeus-type malware of hooking Wininet.dll for outbound http communication. Hence the reason neither Spyshelter or Zemana would detect or block it.

 

very true

 

Thanks for the new test tool.

 

It doesn,t run on my system.

 

To be fair, OA has all the power to handle it correctly, but I'm not sure that the current development team is able to gain from that power

 

Interesting, especially as SS is "supposed" to be x64 compatable !

Nor mine or a few others