Ultimate Keylogger on Giveawayoftheday

Discussion in 'other anti-malware software' started by SourMilk, Mar 7, 2009.

Thread Status:
Not open for further replies.
  1. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I'm confused about this "physical access to your pc" to install a commercial keylogger. Surely if a hacker has negotiated past your defence they could install one of these commercial keyloggers just as easily as a none commercial one. Have I missed something glaringly obvious here?

    muf
     
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you.
     
  3. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    well most people don't design their own keyloggers.
     
  4. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    Generally malware is installed on people's computers without their knowledge. So what's your point ?

    I would think that, in addition to a backdoor, trojan, rootkit (to name a few), a commercial keylogger could be installed. I'm sure 'hackers' won't care much for copyright ;)

    If signatures exist for the keylogger in question, they could make modifications to adapt.

    I tend to think of the creation of keyloggers as unethical.

    Employers spying on their employees, parents on their children, it's just wrong.

    I'm sure you can come up with exceptions, but rules tend to have exceptions :)
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I'm also at a loss at what point you making. You think keyloggers come from sources other than hackers? Not many. Regardless of how a keylogger gets on your pc and whether it is commercial or none commercial the two types still do the same thing, that is to log your keystrokes or screen capture.

    What i've often wondered is why security application's discriminate between them. I don't want any type on my pc so I'd like my security app to tell me about any application or file that is on my pc that is capable of logging keystrokes. It's as if the commercial keyloggers have a 'get out of jail' card they can use on all the security apps. I just don't get it. "They used a commercial keylogger to get your credit card details. Sorry but we don't detect commercial keyloggers". Like I said, I just don't get it...

    muf
     
  6. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"
    Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

    But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place.
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    that's why i believe after your firewall a hips program is a must to protect the entire system in real time:thumb:
     
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Surely not.
    Just allow the installer to run and see what happens.

    UltimateKL.jpg


    Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
    That's a serious problem and therefore it should be recognized.

    Cheers
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thank you, ive been trying to explain how this type of keylogger is an actual commercial program that needs to be installed with an installer and to do that u need to actually physically be at the computer and install it, so tbh i dont really care if this app and others like it are whitelisted for parents i suppose, since my user account is passworded and nobody uses my computer other than me :D thx alex
     
  10. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    As far as I see ukl is trivial windows-hook based keylogger. Nothing too special there. I dunno why OA allows it. The reason can be anything but not inability to catch winhooks.
     
  11. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Recognized and fixed.


    Mike
     
  12. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    Not surprised at all that Zemana failed to detect it.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    CFP detects the global hook it installs. Once denied this hook, keylogger can,t work and is shut down.
     

    Attached Files:

    • 2.jpg
      2.jpg
      File size:
      65.2 KB
      Views:
      148
    • 3.jpg
      3.jpg
      File size:
      14 KB
      Views:
      147
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Also labelled suspicious by heuristics.
    If allowed to hook, it can log keystrokes and clipboard without any pop ups but screen capture still can be detected by CFP.
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      57.4 KB
      Views:
      148
    • 4.jpg
      4.jpg
      File size:
      64.4 KB
      Views:
      150
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    GesWall- I tried by running keylogger inside GesWall.

    1- Keys logging -- GesWall PASSED
    2- Clipboard loggingt --- GesWall FAILED
    3- Screen capture ----- GesWall FAILED

    It,s interesting as latest GW now claims to intercept clipboard logging and screen capture. I will post over there forums.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Hi, can you tel how did you test?
     
  17. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    OS: Windows XP SP3
    I have tested it with the GOTD installer (Setup.exe) and the installer from their website (ultimatekeylogger.exe).
    Both with the same result.
    After I allowed only the installer to run (Untrusted), the UKL starts up right after the installation is finished and is able to record inputs and actions, like visited websites etc.
    There is no other OA pop-up and the UKL process is Untrusted in OA Programs, which is pretty irritating.
    But it will be solved anyway.

    Cheers
     
  18. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Sorry for the delay coming back to this thread but Zemana Antilogger does detect and block Ultimate Keylogger, see the screenies. Only managed to get the second pop-up, the first one came up before the installation of Ultimate Keylogger was finished, it appeared to install and the pop-up shown here came up. Blocked both, and they show as such in the screenshot from Zemana. Although there is a short cut on the desktop and an entry in Start > all programes Ultimate Keylogger appears to be dead, it cannot be opened.
     

    Attached Files:

  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Are you sure it is the proper way to test. When you allowed it to install and run, it already has hooked the system, so after that yoiu are not supposed to get an alert from a HIPS.

    This is the way I tested. I disable CFP. Installed UKL and let it run. Then I killed it via ProcessExplorer. Enabled CFP and then started UKL by double clicking the main exe. CFP alerted about its execution and allowed it to run. It was the pint when i got a pop up alert about a global hook that if I block, keylogger is dead.

    CA=an you test like this? If u allow this hook, keylogger wil work without any more pop ups( except for screen capture).
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Hmm... where is the 2nd pop up? Also what about screen capture alert?
    Can u try like i posted above?
     
  21. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    The screen shot above is the second pop-up, the one I got after it appeared to have installed. There is no screen capture alert, Ultimate Keylogger is neutered, it does not run. Will have another go later to see if I can capture the first pop-up again that I got while installing.

    Have just shut down Zemana, stopped protection, and I can now open the Ultimate Keylogger GUI. Reactivated Zemana and it does not detect Ultimate Keyloggers presence. Will see if I have time later to activate Ultimate Keylogger and see if Zemana detects it when it is active.
     
  22. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    This is the first pop-up received when installing Ultimate Keylogger with Zemana enabled. I blocked but once I had clicked block it continued to install leading to the second pop-up as in my previous post which I also blocked. Again, I was unable to open or activate Ultimate Keylogger unless I disabled Zemana protection, on reactivation Zemana again failed to detect Ultimate Keylogger although the GUI was open and I was typing in Notepad. Very strange.
     

    Attached Files:

  23. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Unfortunately the same result like before, the way of testing makes no difference here.
    And there is no prompt about a global hook or whatever, only some prompts if I open the UKL logs.
    Let's say it's related to the Beta status of this OA version.

    Cheers
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.