lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47ed8a210512011716g51f2913bu@mail.gmail.com>
Date: Fri Dec  2 01:17:04 2005
From: gugdias at gmail.com (Gustavo)
Subject: Most common keystroke loggers?

2005/12/1, Nick FitzGerald <nick@...us-l.demon.co.uk>:
> Some South American banks currently under massive identity
> theft/keylogging "attack" (like Banco Brasil) apparently don't talk to
> others in the banking industry, as some have recently started using
> such "on-screen keyboards" to "defeat" the keylogging attackers that
> hound their customers.  Within a very short time period we saw some of
> those keyloggers adapt by adding screenshot-grabbing of a small area
> around the mouse point hot-spot.  Seems they talked with uninformed
> "security consultants" rather than folk who know how systems work, what
> malware is, what it can do that it may not be doing today and, in this
> case, what has already been tried and trivially beaten...

They (Banco do Brasil) are currently using a software, automatically
installed into the user's system without his explicit knowledge
(coming together with the java visual keyboard) that is meant to
prevent malwares. The software, named Gbuster and installed as
gbieh.dll, works silently and uses malware techniques to avoid being
deleted or uninstalled, giving no such option.

> If you don't understand that all the I/O on the "compromised" machine
> (for the types of machine we are talking about) can be intercepted, you
> shouldn't be trying to answer the OP's question (and if the OP
> understood that, he would not have asked as he would have realized he
> was aiming at doing the impossible).

Agree. I answered based on the premise he wanted to get rid of the
keylogging, only.

Regards,
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ