Fighting back keyloggers

Matok · October 31, 2007

Hi

The recent attempts of email impersonates to seduce TIF members into installing keyloggers got me thinking, why not fight back those scums?

Why not create a tool which will spam the keylogger's owner computer, maken it impossible for them to track down any valid information?

I didnt invest too much time in keyloggers researches but it seems to me that their mechanism is quite simple.

1. Make the user install your component(the most important step,once its on the user machine sky is the limit)

2. Make your component use window's hooking mechanism to record any keyboard events (quite simple).

3. Open a connection to the kl owner and send any interesting info.

Now, my plan is pretty simple but not without risks.

1. Install the keylogger - the riskiest part, most of them are easy to remove but who knows...

2. Track down the keylogger's destination IP by using a sniffer/Winsock DLL hooking mechainsm.

3. Remove the keylogger.

4. Blast the destination IP with false information using a simple TCP/UDP (depends on the protocol )client which will sends the info automatically in a configured interval (i can build such a tool in notime)

Thats it. Imagine 1000 tif members using such a tool simultaneously..

As i said, i didn't spent too much time researching the all keyloggers business but i dont see why it wont work.

What do you think?

are there any existing tools outthere?am i wrong regarding the keyloggers mechanism?

share your thoughts...

Collective · October 31, 2007

What a great idea, have tip.it solicit illegal denial of service attacks!

Not to mention the fact that 'the' keylogger probably sends its findings to an ftp/email server to be picked up later, not straight back to the kiddie's computer.

Matok · October 31, 2007

here we go..

What a great idea, have tip.it solicit illegal denial of service attacks!

Isn't that what keyloggers do? sending information in a configured interval?

Not to mention the fact that 'the' keylogger probably sends its findings to an ftp/email server to be picked up later, not straight back to the kiddie's computer.

whats the difference? data is sent. data is stored. it doesn't matter where and how as long as it keeps the kid busy with rubbish info.

Collective · October 31, 2007

Yes, here we go indeed. Another developmentally delayed script-kiddie who wants to fight crappy behaviour with more crappy behaviour. Joy.

Would it help if I put soliciting illegal activity in bold?

You should have stopped at step 3, thought for a second, and had step 4 finding out the name of whatever company/individual/ISP is receiving the keylogger's data and reporting it to them. In all likelihood they don't want their servers being used for such purposes any more than you want your RS account stolen.

Matok · October 31, 2007

wow..sooner than expected

Yes, here we go indeed. Another developmentally delayed script-kiddie who wants to fight crappy behaviour with more crappy behaviour. Joy.

Would it help if I put soliciting illegal activity in bold?

You should have stopped at step 3, thought for a second, and had step 4 finding out the name of whatever company/individual/ISP is being receiving the keylogger's data and reporting it to them.

first, "developmentally delayed", you can call your friends at home,not me.

second - i am c++ software engineer,for few years now, and judging by your attitude,older then you kid.

third - wars are dirty.

Last note - please dont pollute this thread anymore

(i had hard time restraining myself this time)

Collective · October 31, 2007

I'd be interested in knowing your definition of restraint, given that you all too quickly lowered yourself to attacking my "friends" and claiming to be a "c++ software engineer" (which you're clearly not).

Either way this thread is going nowhere. It can't be polluted because it was ridiculous to begin with.

Matok · October 31, 2007

for the last time

I'd be interested in knowing your definition of restraint, given that you all too quickly lowered yourself to attacking my "friends"

i am sorry but i have a major problem with disrespectfulness and believe me,i was restraint ( btw it wasn't aimed at your friends).

I guess that the fact you automatically assumed its "another script-kiddo who thinks he invented the world", did bring out the "best" of you.

and claiming to be a "c++ software engineer" (which you're clearly not).

again, assumptions,thats what i am talking about.

Yes, i am c++ software developer,currently dealing with VOIP tools but one of my first projects was developing an IP traffic simulator (which is exactly the tool i was suggesting).

Either way this thread is going nowhere.

maybe

Hydraides · October 31, 2007

Sounds like a great idea, get those darn keyloggers

Illegal Activity ftw \

JoeDaStudd · October 31, 2007

The whole idea seems a little wacky to me.

Your encouraging people to infect there PC with key loggers (and possibly more dangerous software), of which your not even sure you can remove.

I like the idea of revenge on key loggers, but anyone with common sense wouldn't install one in the first place.

The point Collective makes about the other options to retrieve the data is a very good one. As it makes the plan useless if they use another method apart from a direct Host to Master communication.

This plan of your has the potential to backfire too, if the key logger is using host machines to collect the data from other hosts before retrieving it, you could be spamming innocent users.

Nadril · October 31, 2007

wow..sooner than expected

Yes, here we go indeed. Another developmentally delayed script-kiddie who wants to fight crappy behaviour with more crappy behaviour. Joy.

Would it help if I put soliciting illegal activity in bold?

You should have stopped at step 3, thought for a second, and had step 4 finding out the name of whatever company/individual/ISP is being receiving the keylogger's data and reporting it to them.

first, "developmentally delayed", you can call your friends at home,not me.

second - i am c++ software engineer,for few years now, and judging by your attitude,older then you kid.

third - wars are dirty.

Last note - please dont pollute this thread anymore

(i had hard time restraining myself this time)

Dear god, wars? Worrying about script kiddies getting your little runescape account is not a WAR its a matter of not being stupid enough to download one in the first place.

If you really are so much older than us you certainly do not show it. Fighting illegal behavior with more illegal behavior isn't the way to go about it, especially when the easiest solution is right in front of you, don't download them in the first place.

And do you really think it would 'get rid of those darn keyloggers'? Sure, maybe -- possibly it could do something to the script kiddies computer, but chances are like Collective said the data is being put on a different ftp server all together. In that case its all a matter of just using something different.

I also seriously doubt you are a c++ software developer.

Matok · October 31, 2007

first let me begin by clarifying that this discussion is theoretical. I didnt try it myself yet and don't encourge anyone to do so,unless he perfectly knows what he is doing.

The whole idea seems a little wacky to me.

Your encouraging people to infect there PC with key loggers (and possibly more dangerous software), of which your not even sure you can remove.

...

Risky indeed.

This plan of your has the potential to backfire too, if the key logger is using host machines to collect the data from other hosts before retrieving it, you could be spamming innocent users.

Possible, as mentioned earlier, i didnt do any keyloggers research before posting this.Yes,this can be a problem.

...its a matter of not being stupid enough to download one in the first place.

obviously,still i hate people who take advantage of other people stupidity and can't tell you the countless time i've seen people(kids) get hacked in RS.

....Fighting illegal behavior with more illegal behavior isn't the way to go about it,

well,this is a basic moral issue. Not that i have a desire to play the "Charles Bronson over IP" but i still think this kind of people deserve the worst.

especially when the easiest solution is right in front of you, don't download them in the first place.

see above.

I also seriously doubt you are a c++ software developer.

sorry to disappoint you

Nadril · October 31, 2007

obviously,still i hate people who take advantage of other people stupidity and can't tell you the countless time i've seen people(kids) get hacked in RS.

And likewise just as much I hate the stupidity that surrounds people getting their accounts stolen. Considering that a large part of getting an account stolen via keylogger is your own happenings its just as much fault theirs as it is the script kiddy.

well,this is a basic moral issue. Not that i have a desire to play the "Charles Bronson over IP" but i still think this kind of people deserve the worst.

And I think that people should learn about internet security, even the 'hard' way. What is better to lose, a runescape account or your credit card number / bank account?

Phil · October 31, 2007

No we shouldn't sink to their level. Tipit will never encourage this type of activity.

Fighting back keyloggers

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Important Information