Got a Keylogger Virus today

Well, I've changed my passwords/challenge questions on my resintalled, safe sytem.

While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that :rolleyes:), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.

The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.

An extra measure of safety against them theives :)
 
Keyloggers! Nassty things. We hates them, we does.

Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.

That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!

The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes, without it having to ask for your admin account name and password, and further, when a program is asking for a password (any time you are typing in a field that just shows dots instead of the letters you are typing) snoopers get nothing. Most web browsers on Mac OSX use the secure textfield for password entry, so the protection is pretty robust.

I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, and be readily detected and blocked by ClamAV or similar products. (I'm a big fan of ClamAVX, and have it doing daily updates, and constantly watching mail folders and my Downloads folder.)
 
easysurfer said:
While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that :rolleyes:), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.

The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.

An extra measure of safety against them theives :)
Click to expand...

This is a nice feature, but I believe you can still get in with the other computer by answering a security question.
 
FIRE'd@51 said:
OOPS - my mistake - my toggle was turned off :blush:
Click to expand...

Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?
 
FIRE'd@51 said:
Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?
Click to expand...


Yes. Would be the case. It's not foolproof, I'm sure, but an extra layer of security.

I was reading the other day (looking up on the Zbot virus). In one article the person who got his info stolen actually saw his computer being remotely controlled at the time. I made sure to change my router password...just in case.

I think with theives it's a matter making it not worth their effort so they move on to an easier mark. Like the locked bicycle analogy. I'd think the bicylce theif would first look for one with no or cheap lock before attempting those with several or a good sturdy lock.
 
M Paquette said:
Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.

That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!

The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes,
...

I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, ...
Click to expand...

Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.

Not sure about my Linux machines, I'd like something like that far a bit of added protection though.

Heh, heh, heh - seems we had a recent visit from an individual who loved to shout from the mountaintops that OSX was in no way any more secure than any other OS (and no, that doesn't make it 'bulletproof'). Nice to get an inside story from someone in the know. And thanks for working to protect us OSX users from keyloggers!

-ERD50
 
ERD50 said:
Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.
Click to expand...

Little Snitch is neat. It catches things communicating over your network that you might not be aware of. Key loggers aren't the only malware out there. There are nasties that sweep your files looking for interesting things like account numbers, statements, and SSNs, then transmit the findings back to Evil Central. I haven't seen these on Mac OSX yet, but it's only a matter of time before some jerk puts them inside of an otherwise useful-looking program and tricks people into installing it.
 
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?

That being said, I know there are lots of good things out there. Why do you think you can tell which is which?

______________________________

"They're all out to get you"
"They will.
"Resistance is futile."
 
I know, in my situation it's a case of "closing the barn door after the horse it out" or "if I only knew then what I know now", but after searching the web, I found and testing a couple programs that adds protection.

One is a simple, novel program called "keyscrambler" that scrambles keystroke info, so if the loggers intercept that, they just get gobblygook :)

The other is a program called "SnoopFree Privacy Shield" which acts like a hawk (firewall) and pounces on any programs that have keylogging characteristics.

More on the software....(two interesting approaches)..


(I got the free version, but the review is on the Pro version)
KeyScrambler: Excellent Protection from Keyloggers



SnoopFree Privacy Shield - Free software downloads and software reviews - CNET Download.com


Okay, for the keylogging software out there...BRING IT ON! :)
 
kumquat said:
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?

That being said, I know there are lots of good things out there. Why do you think you can tell which is which?
Click to expand...

Read reviews. Download only from known reliable sources, like from the home page of the authors of the SW, with plenty of solid reviews in mainstream web pages linking to the site.

-ERD50
 
kumquat said:
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?
Click to expand...
Almost everything on my Linux system is not only free, but also has public source code. Restricting my answer to free and open source software, one reason is the authors' pride and desire for reputation among their peers. Anyone can read the source code and judge the writer's skill, sophistication, and professionalism. They're not doing it to make a buck -- it's a different game for them altogether.
 
This thing's been keeping me up nights.

As a measure of security, I went ahead and also changed my sign-on ID to my other credit cards. So, my my old userid/password is floating somewhere in some shady internet cafe, those logon info won't work anymore :LOL:. Plus Vanguard is on lock-down only to my allowed computers.

On the otherside, I'll have to get a credit report soon to make sure no one's trying to be my imposter!

"Chekov..set shields down from red alert to yellow..."
 
I saw one of my free credit reports from annualcreditrepot.com.

Good news is I didn't see any hanky-panky going on. :D No new accounts opened or anything else out of the ordinary.

I'm going to wait til before the end of the year to order another free report from one of the other agencies.
 
FIRE'd@51 said:
OOPS - my mistake - my toggle was turned off :blush:
Click to expand...

Yes. The setting defnitely does work. I had my laptop set up as a recognized computer. I'm out of town now at a friend's place. Had computer unstability so did some restores. Tried to get on to Vanguard and "locked myself out". :angel:

Laptop coming up as unrecognized computer.

I thought maybe just importing IE cookies would work..but apparently not.

Oh well ... :whistle: So far, so secure.
 
While rare, it is possible for some anti-malware programs to display false positives. In other words, it is possible that you may not have had a keylogger installed. Of course, I can't say that with certainty since I don't know your specifics. I usually double-check the file/program in question to make sure before removing it.
 
I use low-tech way of dealing with risk of keylogger. I never type in a user ID or password directly when logging in. Instead, I copy and paste each letter one by one from some other text or document when I enter this information. It can be a little time-consuming when searching for and finding the right letter from some other text or document, but since I'm not entering the information directly using my keyboard, a keylogger would never be able to track them. For me the minor hassle is worth it.
 
CoopersBeach said:
I use low-tech way of dealing with risk of keylogger. I never type in a user ID or password directly when logging in. Instead, I copy and paste each letter one by one from some other text or document when I enter this information. It can be a little time-consuming when searching for and finding the right letter from some other text or document, but since I'm not entering the information directly using my keyboard, a keylogger would never be able to track them. For me the minor hassle is worth it.
Click to expand...

Interesting. I assume this works, but does anyone know for sure?

I often copy/paste them now (cause I can't remember some of them anyhow) - it just made me think about a similar plan that might be easier. I've got a little program right on my menu bar that is a sort of keyboard macro thing (Autokey for Linux, but I'm sure there are equivalents). I could have my PWs entered in there (under an odd description that I would remember), and when I select that with my mouse, it gets entered into the text box that my cursor is set at. That might just emulate keystrokes though, I don't know.

Although, the fact that I'm on Linux probably means no one is targeting these systems anyhow, or at least the odds are far, far lower.

-ERD50
 
CoopersBeach said:
.............Instead, I copy and paste each letter one by one from some other text or document when I enter this information..............
Click to expand...

Interesting. This is how I write letters, only with scissors and paste.
 
I wonder if the on-screen keyboard would be safe from keyloggers. I am using it to type this. Takes a long time; whew.
 
GregLee said:
Almost everything on my Linux system is not only free, but also has public source code. Restricting my answer to free and open source software, one reason is the authors' pride and desire for reputation among their peers. Anyone can read the source code and judge the writer's skill, sophistication, and professionalism. They're not doing it to make a buck -- it's a different game for them altogether.
Click to expand...


I have been using Linux and UNIX for years and never had any viruses. I only use my Linux machine to log into my accounts. I guess the evil people who write viruses don't bother with Linux or it has better security than Windows.?

My Dad has had several viruses and I had to reinstall the Windows OS. It was in some of the system files, kept coming back. I have 3 windows machines here at home and never had any problems over the years but I don't download anything unknown and have firewalls and AVG on them.

Recently, a friend got one on his windows PC and it was in a PDF file! Somehow it got executed from the PDF and reinstalled. It took 2 OS reinstalls before he figured out what was happening.
 
Tell me if this is stupid or not. I keep my passwords on a flashdrive and than just copy and paste.
 
CoopersBeach said:
I use low-tech way of dealing with risk of keylogger. I never type in a user ID or password directly when logging in. Instead, I copy and paste each letter one by one from some other text or document when I enter this information. It can be a little time-consuming when searching for and finding the right letter from some other text or document, but since I'm not entering the information directly using my keyboard, a keylogger would never be able to track them. For me the minor hassle is worth it.
Click to expand...

Does that work with the auto fill or remembered user ID and password in Firefox?
 
Yes, I've seen that Antivirusnow fake run before. It pretends that it flagged a virus and starts disabling stuff and you see the hard drive light flickering.
 
CoopersBeach said:
I use low-tech way of dealing with risk of keylogger. I never type in a user ID or password directly when logging in. Instead, I copy and paste each letter one by one from some other text or document when I enter this information. It can be a little time-consuming when searching for and finding the right letter from some other text or document, but since I'm not entering the information directly using my keyboard, a keylogger would never be able to track them. For me the minor hassle is worth it.
Click to expand...

This will block a simple keylogger, but the Bad Guys know about alternate ways to enter a password, including on-screen keyboards and whatnot. Most of the more sophisticated loggers will also generate a recording of screen activity around areas in question (which is why secure text entry schemes also print dots or * for each character entered, rather than the actual text.)
 
You must log in or register to reply here.

Similar threads

T
I Can't Believe I Got a Tick Gardening!!!
Replies
22
Views
838
ITTN
I
T
Treasury Direct questions
Replies
9
Views
1K
big-papa
big-papa
M
A little nervous about a potential scam, any bankers?
2
Replies
27
Views
2K
Bryan Swink
B
R
I "made" $65K today. Why am I having a hard time donating to charity???
2 3 4
Replies
87
Views
9K
threegoofs
T
P
So disappointed with my Honda experience
2 3 4
Replies
77
Views
5K
Koolau
Koolau

Latest posts

Back
Top Bottom