Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Most common keystroke loggers?
From: Gustavo (gugdiasgmail.com)
Date: Thu Dec 01 2005 - 19:16:55 CST
2005/12/1, Nick FitzGerald <nickvirus-l.demon.co.uk>:
> Some South American banks currently under massive identity
> theft/keylogging "attack" (like Banco Brasil) apparently don't talk to
> others in the banking industry, as some have recently started using
> such "on-screen keyboards" to "defeat" the keylogging attackers that
> hound their customers. Within a very short time period we saw some of
> those keyloggers adapt by adding screenshot-grabbing of a small area
> around the mouse point hot-spot. Seems they talked with uninformed
> "security consultants" rather than folk who know how systems work, what
> malware is, what it can do that it may not be doing today and, in this
> case, what has already been tried and trivially beaten...
They (Banco do Brasil) are currently using a software, automatically
installed into the user's system without his explicit knowledge
(coming together with the java visual keyboard) that is meant to
prevent malwares. The software, named Gbuster and installed as
gbieh.dll, works silently and uses malware techniques to avoid being
deleted or uninstalled, giving no such option.
> If you don't understand that all the I/O on the "compromised" machine
> (for the types of machine we are talking about) can be intercepted, you
> shouldn't be trying to answer the OP's question (and if the OP
> understood that, he would not have asked as he would have realized he
> was aiming at doing the impossible).
Agree. I answered based on the premise he wanted to get rid of the
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/