Hosting Provided By

Re: Keystroke logger detection

From: John H <surfcityjohn(at)yahoo.com>
Date: Fri Mar 21 2003 - 19:35:13 EST

I recently investigated a trojan that installed BPK (BlazingTools Perfect Keylogger) which proceeded to FTP the captured information to a site. Lovely little trojan.

BPK is regarded by many as one of the best keyloggers. It attempts to hide itself. And yes, it can hide itself quite well. Then again, a person with the right tools can easily see the process running. Using Task Manager on the victim Windows 2000 box showed no processes running. So in that regard, it hides itself well from the general computer user.

A couple clicks to www.sysinternals.com and a download of Process Explorer v5.25 exposed BPK, plus a lot of other valuable information. I recommend anyone doing any investigative work on Windows systems, download all of their MONitoring tools. Great stuff!

This is just my most recent experience with a commercial keylogger.

Your mileage may vary.

John Herndon
Security Consultant

steve baker <stephenbbaker@hotmail.com> wrote:
> My client has recently requested that we verify the security on each of our

Received on Mon Mar 24 10:15:33 2003

This message: [ Message body ]
Next message: Lists: "Re:"
Previous message: Clark, Andre M.: "Re: Keystroke logger detection"
In reply to: steve baker: "Keystroke logger detection"
In reply to Lists: "Re: Keystroke logger detection"
Next in thread: securityfocus(at)att.net: "Re: Keystroke logger detection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:38 EDT