Got a Keylogger Virus today

[Alan]

Quote:

Originally Posted by easysurfer A keylogger is one that I fear the most...never one impacted by one (that I know of ) until now.

A keylogger is a big fear of mine also and these days I only ever access the sites I do transactions at via "favorites" so that I never type in a url, and if a site offers to remember my username I will do so (eg Fidelity) so that I don't have to type in my username.

A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers (eg HSBC UK requires an 8 -12 digit PIN and each time you log in you are asked for a random subset of 3, such as 1st, 4th and next to last).

[yakers]

[QUOTE=Alan;993985

A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers.[/QUOTE]

I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.

[Alan]

Quote:

Originally Posted by yakers I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.

I agree about TD, but fortunately I don't log in too often. A collegue I knew at work also has an English bank account (I forget which) and a year back they sent him a card reader and a card (I think). As part of his login process he puts the card into the reader and it generates a code he has to enter.

[Livefree]

You should turn off system restore. This is an area that cannot be scanned by antivirus software. Then boot to Safe Mode and run a full scan and turn back on. Make sure Antivirus and Malwarebytes have the latest updates.

The best option is to wipe the disk like someone mentioned..you'll never know if you cleaned it..and all systems benefit from being wiped and reloaded about once a year..

[easysurfer]

Well, I got my system back up part way. Changed the password on my router, and importantly my main email. I kept on having this nightmare that some hacker would steal my main email, then reset all my accounts to that email. At least now, the virus is off my computer and my primary passwords are reset. I'm gonna change my others again as when I did that last night my computer still may have been infected!

I still have a lot of applications to reinstall. Hopefully, I'll get most of that done tonight -- buring the midnight oil.

Tommorrow, I'll access the damage to see if I get any other suspicious transactions besides just Discover card.

[easysurfer]

Well, I've changed my passwords/challenge questions on my resintalled, safe sytem.

While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.

The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.

An extra measure of safety against them theives

[M Paquette]

Keyloggers! Nassty things. We hates them, we does.

Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.

That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!

The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes, without it having to ask for your admin account name and password, and further, when a program is asking for a password (any time you are typing in a field that just shows dots instead of the letters you are typing) snoopers get nothing. Most web browsers on Mac OSX use the secure textfield for password entry, so the protection is pretty robust.

I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, and be readily detected and blocked by ClamAV or similar products. (I'm a big fan of ClamAVX, and have it doing daily updates, and constantly watching mail folders and my Downloads folder.)

[FIRE'd@51]

Quote:

Originally Posted by easysurfer While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers. The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict. An extra measure of safety against them theives

This is a nice feature, but I believe you can still get in with the other computer by answering a security question.

[FIRE'd@51]

Quote:

Originally Posted by FIRE'd@51 This is a nice feature, but I believe you can still get in with the other computer by answering a security question.

OOPS - my mistake - my toggle was turned off

[FIRE'd@51]

Quote:

Originally Posted by FIRE'd@51 OOPS - my mistake - my toggle was turned off

Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?

[easysurfer]

Quote:

Originally Posted by FIRE'd@51 Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?

Yes. Would be the case. It's not foolproof, I'm sure, but an extra layer of security.

I was reading the other day (looking up on the Zbot virus). In one article the person who got his info stolen actually saw his computer being remotely controlled at the time. I made sure to change my router password...just in case.

I think with theives it's a matter making it not worth their effort so they move on to an easier mark. Like the locked bicycle analogy. I'd think the bicylce theif would first look for one with no or cheap lock before attempting those with several or a good sturdy lock.

[ERD50]

Quote:

Originally Posted by M Paquette Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot. That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah! The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes, ... I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, ...

Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.

Not sure about my Linux machines, I'd like something like that far a bit of added protection though.

Heh, heh, heh - seems we had a recent visit from an individual who loved to shout from the mountaintops that OSX was in no way any more secure than any other OS (and no, that doesn't make it 'bulletproof'). Nice to get an inside story from someone in the know. And thanks for working to protect us OSX users from keyloggers!

-ERD50

[M Paquette]

Quote:

Originally Posted by ERD50 Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.

Little Snitch is neat. It catches things communicating over your network that you might not be aware of. Key loggers aren't the only malware out there. There are nasties that sweep your files looking for interesting things like account numbers, statements, and SSNs, then transmit the findings back to Evil Central. I haven't seen these on Mac OSX yet, but it's only a matter of time before some jerk puts them inside of an otherwise useful-looking program and tricks people into installing it.

[kumquat]

Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?

That being said, I know there are lots of good things out there. Why do you think you can tell which is which?

______________________________

"They're all out to get you"
"They will.
"Resistance is futile."

[easysurfer]

I know, in my situation it's a case of "closing the barn door after the horse it out" or "if I only knew then what I know now", but after searching the web, I found and testing a couple programs that adds protection.

One is a simple, novel program called "keyscrambler" that scrambles keystroke info, so if the loggers intercept that, they just get gobblygook

The other is a program called "SnoopFree Privacy Shield" which acts like a hawk (firewall) and pounces on any programs that have keylogging characteristics.

More on the software....(two interesting approaches)..


(I got the free version, but the review is on the Pro version)
KeyScrambler: Excellent Protection from Keyloggers



SnoopFree Privacy Shield - Free software downloads and software reviews - CNET Download.com


Okay, for the keylogging software out there...BRING IT ON!

[ERD50]

Quote:

Originally Posted by kumquat Devil's advocate here. Indeed, why do you think any program that is available free on the Interweb is "good for you"? That being said, I know there are lots of good things out there. Why do you think you can tell which is which?

Read reviews. Download only from known reliable sources, like from the home page of the authors of the SW, with plenty of solid reviews in mainstream web pages linking to the site.

-ERD50

[GregLee]

Quote:

Originally Posted by kumquat Devil's advocate here. Indeed, why do you think any program that is available free on the Interweb is "good for you"?

Almost everything on my Linux system is not only free, but also has public source code. Restricting my answer to free and open source software, one reason is the authors' pride and desire for reputation among their peers. Anyone can read the source code and judge the writer's skill, sophistication, and professionalism. They're not doing it to make a buck -- it's a different game for them altogether.

[easysurfer]

This thing's been keeping me up nights.

As a measure of security, I went ahead and also changed my sign-on ID to my other credit cards. So, my my old userid/password is floating somewhere in some shady internet cafe, those logon info won't work anymore . Plus Vanguard is on lock-down only to my allowed computers.

On the otherside, I'll have to get a credit report soon to make sure no one's trying to be my imposter!

"Chekov..set shields down from red alert to yellow..."

[easysurfer]

I saw one of my free credit reports from annualcreditrepot.com.

Good news is I didn't see any hanky-panky going on. No new accounts opened or anything else out of the ordinary.

I'm going to wait til before the end of the year to order another free report from one of the other agencies.

[easysurfer]

Quote:

Originally Posted by FIRE'd@51 OOPS - my mistake - my toggle was turned off

Yes. The setting defnitely does work. I had my laptop set up as a recognized computer. I'm out of town now at a friend's place. Had computer unstability so did some restores. Tried to get on to Vanguard and "locked myself out".

Laptop coming up as unrecognized computer.

I thought maybe just importing IE cookies would work..but apparently not.

Oh well ... So far, so secure.