Question about Keylogging Trojans

[rikilii]

I recently suffered the same fate suffered by hundreds of WoW players -- I got my account information stolen by a keylogger and my account was hacked, gold stolen, etc.

Since the attack, I have been a lot more careful about my internet security, using Firefox and Zonealarm, and making sure never to turn off my virus scanner. Nevertheless, last night, I managed on 2 ocassions to pick up known keyloggers, which were promptly squashed by McAfee (the one that actually got me was not detected).

Here's my question . Does anyone know anything about the typical capabilities of these keylogging programs? Do they just record keystrokes, or do they typcially record detailed information about mouseclicks and pasted text?

The reason I ask, is that I have been taking steps that might make it more difficult to capture my passwords. For instance, instead of typing my password in order, I might type the last 4 letters, mouse click at the beginning, and type the first 4 letters. Or I might copy and paste a portion of my password from a document or webpage, and type in the rest.

Anyone think this will help?

 

[Medea]

There are quite a few articles on how keyloggers work. As examples:

1. From newbie.org (a short definition):
"A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans)."

2. Introduction to Spyware Keyloggers
(a more detailed explanation)
http://www.securityfocus.com/infocus/1829

If you google it, you probably will find an article which will satisfactorily answers your questions.

BTW, Microsoft issued a patch today - yep, two weeks early - for security flaws in IE browsers:
"However, the growing number of attacks using the loophole forced it to move early.
Cyber criminals are known to be using the bug to install keyloggers, adware and spyware and take over Windows PCs.

So, for starters, best to begin by downloading and installing that patch.

IMHO, ActiveX still poses a threat for these types of little buggers to get onto your system.

And while you're googling, learn how to set up a limited user's account. It's probably one of the best ways to prevent malware from getting a foothold in installing itself on your system.

Good luck!

 

[rikilii]

Thanks for the info.

I just found out that Windows has a built in virtual keyboard, and I might try using this to further protect myself.

Is there any relatively convenient way to determine if screenshots are being taken when I mouseclick?

 

[John]

McAfee's detection rate is not all that great, and their software is extremely bloated. You may want to consider uninstalling it and install AOL Kaspersky. It also wouldn't hurt to scan for spyware and adware using the trial versions of Spy Sweeper and Spyware Doctor. Click the link in my sig for additional info and links to the programs.

 

[nweaver]

stop the goatse porn, and you wouldn't get all the keyloggers.

 

[schneiderguy]

you shouldnt be getting 3 trojans a night by browsing the internet as long as you stay away from porn sites

 

[rikilii]

I assume y'all are kidding, but in case you're not, these WoW-related trojans are all from WoW-related websites, including some very reputable ones that have been hacked.

Besides, I'm VERY careful when I download pron.

 

[imported_LoKe]

Don't download things you aren't sure of. I doubt these places are very reputable if their files are being infected and distributed to the public without them noticing, and doing something about it. Don't try to cover up your ignorance; now you know what you have to look for, and now you know how to be careful when using your computer. Don't download just anything, and that includes hacks and mods.

Also, some key-loggers record screencaps, as well as many other things.

 

[alent1234]

what kind of porn sites are you surfing? if you surf porn use firefox.

 

[UsandThem]

Originally posted by: alent1234
what kind of porn sites are you surfing? if you surf porn use firefox.

Do you think anybody would honestly answer that?

 

[rikilii]

Originally posted by: LoKe
Don't download things you aren't sure of. I doubt these places are very reputable if their files are being infected and distributed to the public without them noticing, and doing something about it. Don't try to cover up your ignorance; now you know what you have to look for, and now you know how to be careful when using your computer. Don't download just anything, and that includes hacks and mods.

Also, some key-loggers record screencaps, as well as many other things.

Wow, that was uncalled for. Who's covering up ignorance? I fully admit that I'm ignorant, so there's nothing to cover up. But don't haul off with ignorant accusations unless you know what you're talking about. The only ignorance that I see is the assumption that you can only get these things by downloading things from suspicious websites.

One of the websites that was inadvertantly distributing these trojans, which I won't mention here because they've apparently fixed the problem, is one of the top WoW fansites on the internet. The trojan was being distributed, it appears, through a malicious banner ad, and it didn't require clicking on the ad or downloading anything.

So to be clear, I didn't download anything. I just did what I've been doing for the last 10 months--I went to that site to get information.

 

[LanceM]

How is a WoW fan site not evil and suspicious?

EDIT: When you received the logger, was everything up to date? Browser? Antivirus? Etc.?

 

[shamgar03]

Use opera webrowser! Its the best and (for now) the most obsecure (get it...?). Never ever touch IE. Just don't. I don't really understand how you are getting so many trojans. I have never gotten a virus on my machine. Tips:
Use firefox or opera
Don't download activex protocals (unless its from microsoft sites)
When you download something, scan it for virus'/trojans BEFORE you run it. Usually viruscanners add a right click item to do this.
Run behind some sort of firewall, even a router is sufficient for the most part

 

[rikilii]

Originally posted by: shamgar03
Use opera webrowser! Its the best and (for now) the most obsecure (get it...?). Never ever touch IE. Just don't. I don't really understand how you are getting so many trojans. I have never gotten a virus on my machine. Tips:
Use firefox or opera
Don't download activex protocals (unless its from microsoft sites)
When you download something, scan it for virus'/trojans BEFORE you run it. Usually viruscanners add a right click item to do this.
Run behind some sort of firewall, even a router is sufficient for the most part

The first round of keyloggers I got were not detected by my antivirus software, and the outgoing signal that led to my account getting hacked was not stopped by my router's firewall.

The second round of keyloggers I picked up appear to have come in while I was using FF. They were promptly killed by McAfee.

 

[gorcorps]

Mcafee has a pretty low detection rate on that... get something else. Kaspersky would the the best choice for purchased products.