Web-based keylogger attack?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Web-based keylogger attack?

Post by ssj100 on 27/10/2010, 08:57

https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm

The above site simulates a web-based keylogger monitoring your strokes in the log-in box. I'll be doing some brief tests on various anti-logger applications. Any requests in particular? Feel free to test and post your own results too.

EDIT: I just want to mention that, even before any testing, I'm predicting that every third party software fails this. However, I'm predicting that Firefox with NoScript add-on will pass it.


Last edited by ssj100 on 27/10/2010, 09:39; edited 1 time in total

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 27/10/2010, 09:29

ssj!00,Please test with SpyShelter
Free or trial,plus I guess, Zamana.

noor


Last edited by noorismail on 27/10/2010, 09:31; edited 1 time in total (Reason for editing : spelling)

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 27/10/2010, 09:31

PS# I got nothing from MalwareDefender.

My fake name and password were recorded.

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 27/10/2010, 09:35

Interestingly, IE 6 potentially blocks this web-based logger by default (without any third party security software or browser add-ons):

By clicking "No", the test is passed.

With Firefox, you get a warning instead, but nothing is blocked as far as I can tell:


Anyway, testing on Windows XP, SP3, 32-bit, using Firefox 3.6.11:

NoScript add-on: I'm not sure if the test is even able to run! To be honest, I'm uncertain if this is a real PASS or not. The script that is forbidden to run is "microsoft.com" in this case, which is of course white-listed for me usually. I suppose if one were to come across a foreign script-based logger, it would easily be blocked by NoScript.

DefenseWall 3.08: FAIL

Prevx SafeOnline 3.0.5.217: FAIL


Last edited by ssj100 on 27/10/2010, 10:06; edited 7 times in total

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 27/10/2010, 09:45

Also my free KeyScrambler is doing nothing.
Every Keystroke is duplicated.

This is a surprise to me.

I never knew about "web-based key-loggers" very much.

I thought the main threat was those physical added to the system,(hardware)and those downloaded and allowed to execute.

Guess not.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 27/10/2010, 09:51

To be honest, I don't really know what the most common vectors of malicious key-logging attack is for the home user - I've never come across one before, even though I've searched hard.

I suspect these web-based keyloggers are script based and require scripts to be activated in order to successfully log your key-strokes. I just tested it with NoScript, and the results are as above.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 27/10/2010, 10:02

I thank you are spot on.
When I go to the site with JavaScript toggled off,(via my toolbar button)and enter my fake user-name/ password,no dialog box comes up at all,showing my strokes are recorded.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 27/10/2010, 10:16

By the way noor, I just tried to install SpyShelter in my VM XP and it BSOD'ed the VM haha. Sorry, but I may not be able to test it.

EDIT: same issue with Zemana Antilogger - I don't think these programs are compatible with VirtualBox. Perhaps someone who has either of these programs installed on their REAL system can post their results.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 27/10/2010, 10:40

oh,well as the great (and HOT!!) Doris Day said "che sarĂ , sarĂ !!"

In any event,I thank I will give up HIPs,and the like,and stick with Sandboxie,ShadowDefender,and default-off JavaScript.
I am bloody tired of pop-ups,the bulk of which I cant answer accurately,
and the up-shot of which do not protect me from this threat.


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 27/10/2010, 23:27

Taking a step back, ultimately, this is really just a marketing ploy from Microsoft to promote IE 9.

As you can see from my above post, even the "ancient" IE 6 is able to block these types of attacks, and Firefox gives a clear warning by default. I think the reason why most people don't see this warning in Firefox is because they have this option disabled here:


And when you really think about it, those who have reasonable computer common sense and experience will think twice if such a warning pops up when they are wanting to do their eg. online banking.

Regardless, NoScript for Firefox is indeed very powerful and will block these types of attacks which use foreign malicious script. I really don't see the hassle of NoScript that many describe. I simply keep a list of all the white-listed web-sites in a notepad file (NoScript has a function which allows you to do this with ease), and if I should do a clean re-install of the Firefox browser, I would simply re-load this notepad file into the NoScript settings. For the majority of my web-browsing with Firefox, I rarely have to enable any further scripts, since 99% of the time, I am visiting a web-site that I have already been to before (and is already in my white-list). For any dodgy or new sites, simply temporarily allowing all scripts would solve any headaches instantly.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by Sadeghi85 on 28/10/2010, 01:33

ssj, you don't need to try third party softwares against this, everything happens in the browser itself in this case, those softwares can't do anything about it.

Nothing new there. As you said it's a marketing ploy by Microsoft.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 28/10/2010, 08:42

Yes, I sort of knew from the start that this was a marketing ploy to some extent, but I had another motive in mind - to strongly suggest that third party anti-logging software is pretty much useless when it comes to protecting against malicious information logging "in-the-wild" and for the "average joe" at home. This marketing ploy by Microsoft doesn't prove anything, but perhaps it adds a dent of uncertainty to those who proclaim eg. "Prevx SafeOnline" is all I need. We musn't forget about "common sense" (and NoScript!).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by aigle on 28/10/2010, 10:32

Sadeghi85 wrote:ssj, you don't need to try third party softwares against this, everything happens in the browser itself in this case, those softwares can't do anything about it.

Nothing new there. As you said it's a marketing ploy by Microsoft.
Totally agree!
avatar
aigle
Member
Member

Posts : 21
Join date : 2010-07-25

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 28/10/2010, 22:35

I thank overall,this has been a good thing.
I use XP,so no IE9 for me,yet just playing around with this little Microsoft ploy,has lead me to tighten up the notifications my Firefox browser is able to give me,and ever so often,take a look at "View page info".

I keep Java Script default disabled,but sooner or latter there comes that moment when logging into a site is needed to score the latest "must have".

You can bet I will be a little more mindful.

In 2005,using a public access computer at my public library I ordered a
book from Amazon.
Three days latter my supermarket declined my debit card.
I found it had been frozen,due to "suspicious activity"
I also found that at that moment my card had been tapped for over $1200.00. (Maybe no big thing for some,but absolute disaster for me!!)

I also found there were pending charges for maybe twice that.
To make a long story short,after filing multiple offense reports with the police,God knows how much paperwork with my bank,and many sleepless nights, Visa credited my account with what was stolen.

Was this a man in the middle?

I doubt it.
I thank I just failed to clear my browsing history,and some little punk bought his lady a few Louis Vuitton knock off handbags at ole' noors expense.

But at that moment I vowed I would never buy anything,or pay anything online again.
Since then I have become somewhat arrogant about my "semi-bulletproof"
security.

Its good to be reminded,if you are not proactive,you are dead in the water.

noor


Last edited by noorismail on 28/10/2010, 22:36; edited 1 time in total (Reason for editing : speeling)

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 08:06

It seems NoScript is more powerful and more configurable than I thought:
http://forums.informaction.com/viewtopic.php?f=10&t=5269#p22938

I'm still in the process of getting my head around everything this "Giorgio Maone" is writing (he is one smart chap!), but it appears he knows exactly what he's talking about, which is very refreshing.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 29/10/2010, 09:32

Very nice exchange between yourself and Giorgio Maone.
Not sure how much I understand however.

I would use NoScript,(indeed I have tried several times.)
But for some reason even if I "allow scripts globally",I find
it breaks online movie sites such as Loombo.

With default Java script disabled via my toolbar button,
it is much easier,and in this case I am still able to defeat
the Microsoft ploy,mentioned earlier.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by languy99 on 29/10/2010, 09:41

is there a way to test secure login? It has a setting marked Activate javascript protection at login, I bet that secure login would stop the microsoft page.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 09:50

noorismail wrote:I would use NoScript,(indeed I have tried several times.)
But for some reason even if I "allow scripts globally",I find
it breaks online movie sites such as Loombo.
Let me test it out. Can you give me specfic links that break with NoScript installed? It might be worth mentioning to the developer.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 09:59

languy99 wrote:is there a way to test secure login? It has a setting marked Activate javascript protection at login, I bet that secure login would stop the microsoft page.
Don't think there's any way to test Secure Login against that Microsoft site.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 10:08

By the way, for those who missed it and are interested in configuring NoScript to block http content (non-secure) on https web-sites (which is what this whole thing is about!), Giorgio Maone describes it here:
http://forums.informaction.com/viewtopic.php?f=10&t=5269#p22941

Code:
Site ^http://
Accept from .ABC123
Deny from ^https://
ABC123 = web-site addresses you want exempt from the rule.

This really works nicely on that Microsoft test page. I exempt ".live.com" in order to log into my Hotmail account. Note that Giorgio Maone attacks Hotmail in that thread for having such behaviour haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 29/10/2010, 11:48

ssj100,I cant get any vids to work from this site:

http://stagevu.com/videos

with no script.

Of course I also have to allow JavaScript in my set-up as well.


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 14:11

Sorry, I don't think I'll be able to test this properly, as I'm too lazy to install the DivX Plus Web Player for Windows. I tried it in VirtualBox but it didn't quite work either - the video played, but there was no sound (probably because I don't enable the sound card in my VM's haha), and there was no picture showing. However, the same thing occurs with or without NoScript installed.

What exactly happens for you with NoScript?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by Sadeghi85 on 29/10/2010, 16:54

noorismail wrote:ssj100,I cant get any vids to work from this site:

http://stagevu.com/videos

with no script.

Of course I also have to allow JavaScript in my set-up as well.


noor

No problem here, installed DivX, temporarily allowed that page(had to do it two times to allow videoegg.com) and the video played with sound.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 29/10/2010, 17:21

Yes, NoScript causes NoProblem. Haha, sorry.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Post by Dude111 on 30/10/2010, 01:40

ssj100 wrote:It seems NoScript is more powerful and more configurable than I thought
Yes SSJ,surfing WITH SCRIPTS DISABLED is the best way (However,SOME SITES WONT WORK W/O THEM (Which is a disadvantage))

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum