Re: Recently detected keylogger
From: xmp (xmp_at_example.com)
Date: 09/22/04
- Next message: T. Sean Weintz: "Re: A good firewall for a win2k3 server?"
- Previous message: Walter Roberson: "Re: Recently detected keylogger"
- In reply to: Walter Roberson: "Re: Recently detected keylogger"
- Next in thread: Dave McCarthy: "Re: Recently detected keylogger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Sep 2004 16:39:57 GMT
Walter Roberson wrote:
> Unless, that is, the logger compresses or encrypts the log. If I were
> writing a stealth key logger, I certainly wouldn't leave the log as
> plain text (I might be tempted to bury the data in the registry though ;-) )
The OP could use Filemon from sysinternals.com to catch it. Some of the
better keyloggers and trojans have rootkit features though which help
them hide. Keyloggers vary, some use plaintext or a simple XOR cipher.
Others have fairly sophisticated encryption. The key would be finding
where the logger is emailing or FTP'ing to.
michael
- Next message: T. Sean Weintz: "Re: A good firewall for a win2k3 server?"
- Previous message: Walter Roberson: "Re: Recently detected keylogger"
- In reply to: Walter Roberson: "Re: Recently detected keylogger"
- Next in thread: Dave McCarthy: "Re: Recently detected keylogger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
