Re: Key Loggers
From: Al Sez (aer_at_efn.org)
Date: 10/28/03
- Previous message: Sys Sec: "Personal Firewall for Business use"
- In reply to: Eric Hagen: "Re: Key Loggers"
- Next in thread: ~Kevin Davisł: "Re: Key Loggers"
- Reply: ~Kevin Davisł: "Re: Key Loggers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Eric Hagen" <eric@sandpile.net>, "Ivan Hernandez" <ivan.hernandez@globalsis.com.ar> Date: Mon, 27 Oct 2003 17:28:05 -0800
How about a search on all files that have been updated in the last, say,
five minutes?
Al
----- Original Message -----
From: "Eric Hagen" <eric@sandpile.net>
To: "Ivan Hernandez" <ivan.hernandez@globalsis.com.ar>
Cc: <s7726@yahoo.com>; "Security-Basics" <security-basics@securityfocus.com>
Sent: Sunday, October 26, 2003 11:21 AM
Subject: Re: Key Loggers
>
>
> > I would first (in doubt) disconnect the machine from the network and
> > start analysing the traffic, then search for any changing file each
> > time you press a key !
> > also writing a strange word and searching for it can be useful sometimes
> > ivan hernandez
>
>
> Well, I would say that if it's not sent directly to the network, it's
> probably saved in an encrypted format. There aren't too many keyloggers
> that would save their files in plaintext. The trick is that saving the
> file in plaintext means that it comes up as a search result EVERY time
> you shearch for text (because you have to type the search string in
> order to search!!).
>
> I've done a bit of research in this topic, but have yet to find anything
> solid. There are some anti-keylogger countermeasures, but they are
> mostly based on signature detection. There are some that monitor for
> running processes watching the keyboard buffer, but the word is that
> kernel hooks are almost impossible to detect in software. Again, I'm
> no expert, but this is what I"ve found while reading about the topic.
> The only way I can think of detecting it is to both watch the network
> traffic AND watch the I/O traffic to the disc.
>
> Eric Hagen
>
> --------------------------------------------------------------------------
-
> Visual & Easy-to-use are not words that you think of when talking about
> network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that
> makes the complex - easy
>
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
- Previous message: Sys Sec: "Personal Firewall for Business use"
- In reply to: Eric Hagen: "Re: Key Loggers"
- Next in thread: ~Kevin Davisł: "Re: Key Loggers"
- Reply: ~Kevin Davisł: "Re: Key Loggers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
