HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 68 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow Anti-Keylogger software?
EH-Net
May 26, 2012, 05:15:21 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Anti-Keylogger software?  (Read 3902 times)
0 Members and 1 Guest are viewing this topic.
chaseN_Mdown
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: August 06, 2011, 08:59:54 PM »
I was wondering if anyone can recommend any anti-keylogger software.

Preferably free.

Thanks in advance!
Logged
3xban
Sr. Member
****
Offline Offline

Posts: 373


View Profile
« Reply #1 on: August 07, 2011, 09:14:54 AM »
Are you looking to detect it?  Most current AV software should pick up on it unless the attacker buried it in a rootkit with anti-AV measures.  Most enterprise installs of AV contain heuristic scanning which can sometimes pick up on them.  Also are you looking to detect physical keylogging devices?  You may also want to look into some rootkit detection software (rootkit revealer comes to mind).  It might pick up on rootkits that may be hiding keyloggers.

Another way to try and detect is by utilizing more advanced firewall rules.  Be sure to block outgoing traffic, might even want to do a block all on the specific system and let all traffic hit the wall.  Run a local packet sniffer on the interface (rawdump is nifty or Wireshark).  That way you can see if any apps are trying to send out traffic even though you have nothing opened.  Its not the keylogger that is the troubling part, but the data it is sending.

hope this helps.  Now you got me a little more curious on the topic...
Logged
Certs: GCWN
3xban
Sr. Member
****
Offline Offline

Posts: 373


View Profile
« Reply #2 on: August 07, 2011, 09:42:14 AM »
Came across this site: http://seussbeta.tripod.com/data.html might be of some use.
Logged
Certs: GCWN
chaseN_Mdown
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #3 on: August 07, 2011, 12:44:49 PM »
Yes I am looking to detect it. And eliminate hopefully.
It will be software related not physical.

Thanks for the suggestions. The site you linked me to was informative and made me a bit less paranoid.I will look into rootkit detection. I see RootKit Revealer is on CNET so that will be my first try. 

I've already installed and ran Ad Aware Free and am thinking about Avast Free for anti virus. What are your thoughts about those?

Do you have a suggestion for a free firewall?

It's actually not a very exciting story. Talked to a few people online. Was sent files. Clicked to open. Computer started acting weird. Eventually gave a warning that a keystroke logger was detected (windows firewall) and here I am.

Logged
3xban
Sr. Member
****
Offline Offline

Posts: 373


View Profile
« Reply #4 on: August 07, 2011, 09:03:24 PM »
Win XP or win7?  ad-aware is great for detecting ad-ware/spyware related threats but may not detect more advanced programs.  I've never actually used avast.  I currently use NOD32 and that runs pretty well, they have 2 flavors, Internet Suite and their AV only.    Windows 7's firewall is decent enough.  It has much more advanced features than the standard XP firewall.  With keyloggers you really want to watch the traffic going out, its one thing if they are just logging but if you see traffic leaving your system when you have nothing running, well then you got a problem.

Standard XP firewall doesn't offer much other than inbound traffic exceptions.  Get a hold of RawDump or Wireshark and get a scan of your traffic when nothing is running.  Wireshark will give you a nice live feed of the data as it is happening.

Also for future preventive measures you can work with this Powershell script that will copy a new hosts file to your system with a blacklist of bad domains. 

http://www.sans.org/windows-security/2010/09/14/hosts-file-block-domains

Oh back to AV, Microsoft's free AV - MS Security Essentials - is pretty decent, I've had it catch bad stuff where others have not.  And its free for non-commercial use.

Good luck!
Logged
Certs: GCWN
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.22 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.