Summary of Anti-keyloggers

Discussion in 'other anti-malware software' started by toploader, Aug 24, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    a scan of the spytector zip....
     

    Attached Files:

    • scan.jpg
      scan.jpg
      File size:
      59.1 KB
      Views:
      108
  2. RJensen

    RJensen Guest

    The payed (full) version of Spytector is undetectable, not the trial available on the website.
     
  3. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    Hi RJ, thanks for your reply - if that's the case then it isn't apparent from their website

    quote " The trial version of Spytector is fully functional"

    i presume you are saying that the paid for version has a different signature from the trial version (presumably each commercial version has a different sig to it's fellows?) - a signature that is not in any AV data base? but i also presume the trial uses the same stealthing tecniques as the paid for version.

    if that's not the case then one would not be able to evaluate how good it is at hiding itself before paying for it.
     
    Last edited: Dec 7, 2005
  4. controler

    controler Guest

    Boclean does not detect the trial server at this time.

    On a side point, I am using the beta of vmware. In the past, I could run off a snapshot and if I installed crap on it, I could delete the snapshot and be back to time before that. For some reason today, I deleted my snapshot and when I reopened my VM all the crap I had downloaded was still there.
    Have you seen this DA?

    controler
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    "Spytector keylogger is completely invisible and undetectable on the user's desktop and cannot be seen in the task manager, it's injected into explorer.exe on the startup and whenever the log must be sent it will inject in the default browser or/and in the default emailer (for firewall bypass necessity).

    It doesn't matter if the monitored computer is behind a firewall or a router, in a LAN or if it has a dynamic IP address, the logs will be sent at your email or FTP address."....

    looks like it uses process injection. i would have thought a good hips would pick that up?

    looks like this one should be used as a leak test for your favourite firewall.
     
  6. controler

    controler Guest

    Default Ghostwall install gives no peep.
     
  7. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    to be fair to ghost wall it has no outbound checking so i would not expect it to block the k/l phoning home. i would like someone to test this keylogger with LnS or Outpost or ZA or Tiny/Kerio/Sygate. i would have thought they should pick this up??
     
  8. BlackBerry

    BlackBerry Guest

    Maybe a quote from their FAQ could help: "12. Is Spytector detected by antivirus applications?


    Spytector shouldn't be detected by antivirus applications, it is a commercial legitimate keylogger (monitoring tool). Our customers should be able to use Spytector on their computers in the same time with their antivirus software, so the version they receive must be (and will be) undetected."
     
  9. hang'emhigh

    hang'emhigh Guest


    That's only if the keylogger is not added to the defs of the AV. Not all AVs detect all the same malware for various reasons e.g. the AV company is afraid of being sued by the makers of the keylogger, so they don't include detection for it. Or the defs for a particular keylogger just haven't been added yet to the AV, etc. AVs like KAV for example detect more keyloggers than any other AV I've tried and don't seem to be afraid to do so.

    I heard so many claims about this or that keylogger being undetectable to all AVs (and other anti-malware) and then through testing I have found quite the opposite to be true. It's all marketing hype most of the time. They just want their keylogger to look like the biggest and baddest keylogger around. But most of the time the keylogger will be detected by most of the major anti-malware programs like KAV, Pest Patrol, Spycop, Security Task Manager, etc etc. and in the case of kernel level keyloggers Unhackme, Blacklight beta or RootkitRevealer.
     
  10. m3dusa

    m3dusa Guest

    Spytector trial version is detected, the full version isn't. I know for sure :D
     
  11. controler

    controler Guest

    We already know each customer gets a differnt file when they download it.
    From my testing, you can save the server as any file name.

    I know BoClean does not detect it. I know that Unhackme Pro does.

    Your typical proactive apps should stop it also.

    controler
     
  12. hang'em

    hang'em Guest

    Isn't detected by what?
     
  13. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    One question:
    Does anyone know if there are any Keylogger (or Trojan or Rootkit) tests on different porducts?

    This is a very good way to know whether the anti-malware comes up with what it claims.
    Without these tests, we just don't know how specialised anti-malware like anti-keyloggers or anti-trojans would perform.
     
  14. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Would you mind uploading your full version (if you have) and scanning by the multi-scanner, so we could know whether they are detectable or not?
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I beleive keyloggers must be detected by behaviour, not by signatures.
    SnoopFree, OA and ZAP are good in that.
     
  16. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Agree, especially keyloggers and trojans tend to be bespoke or custom-made for selected targets. An average malware writer can simply write that to defect all signature-based AV/AK.

    Unforunately Snoopfree seems to be able to detect hook-based keyloggers.

    Could anyone recommend any good anti-keyloggers (free or paid) which have excellent behaviour blockers?
     
  17. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I heard that a keylogger can still do the logging without hooks or drivers. I am not sure how it works. Could anyone explain about that?

    What anti-keyloggers are capable of blocking such kinds of logging (keys, mouses, screenshots)?
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I have not much knowlege that how keyloggers work but snoopfree stops key stroke logging and screen reading etc very effectively in my experience.
     
  19. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    IMHO most Keyloggers work very simple. There are hook based or kernel based keyloggers. The second one is very code intensive and rarly used. For the first one a security application only has to intercept GetKeyState and GetAsyncKeyState.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    thanks for clarifying.
     
  21. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Rarely used... I would not use this as a reason to make me feel safe.

    There is a way around, a hacker will use it. He may even create tools/tutorials to help others to create keyloggers of the same kind. They will not sit here and don't advance.

    We just don't know how common this method is in the underground. Hackers will not tell you they are using this technology to steal your passwords unless discovered. We only realise only after the problem becomes serious or widespread over the world, and the media starts to tell us about the new technology.

    There my be even some unknown technology or methods they are using to steal our personal data. They won't show you their weapons until discovered.

    Even if it is rarely used today, it may be very popular in future. Years ago, people may think the technology used by rootkits are rare, if they ever heard of it. It is well-known now.

    Think ahead. We should do something before it becomes too common.

    PS: By the way, I heard actually hackers no longer rely on hooks to steal passwords. The old methods become useless since more and more security products block it. They are making use of new methods and technology.
     
    Last edited: Oct 20, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.