Scan network for keystroke loggers?

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Have a management-type that read about keystroke logging as a hacking
tool in a business journal, and now he'd like to have the network
scanned for these and reported on a regular basis. Does anyone have a
suggestion for a simple tool to scan a range of IP addresses or
systems and report on the presence of keystroke loggers?
Alternatively, one that can be launched in a login script and record
results to a file?

Thanks,

Jeff
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Very interesting situation. Keystroke logging, from the best of my
knowledge, is essentially an arbitrary piece of running code that has
made hooks into the Win32 API to perform the capture. I can imagine
that there are thousands of variants floating around, all probably have
different attack vectors.

A possible solution is to develop some sort of process scanner that is
launched from a domain script, that runs in the background that reports
a list of processes at an interval to a master server, which in turn
then compares the process list to known 'logger' trojans. The master
server can then notify an administratior of the possible threat. On top
of that, the client app can terminate the process immediately ..
Just an idea.

Sticky stuff.. mainly since there is no 'one way' to perform keystroke
logging.

HTH!
-Sean

Jeff Cochran wrote:

> Have a management-type that read about keystroke logging as a hacking
> tool in a business journal, and now he'd like to have the network
> scanned for these and reported on a regular basis. Does anyone have a
> suggestion for a simple tool to scan a range of IP addresses or
> systems and report on the presence of keystroke loggers?
> Alternatively, one that can be launched in a login script and record
> results to a file?
>
> Thanks,
>
> Jeff
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

On Tue, 17 Aug 2004 11:53:58 -0400, Sean Aitken
<sean.aitken@tekelec.spamtrap.com> wrote:

>Very interesting situation. Keystroke logging, from the best of my
>knowledge, is essentially an arbitrary piece of running code that has
>made hooks into the Win32 API to perform the capture. I can imagine
>that there are thousands of variants floating around, all probably have
>different attack vectors.
>
>A possible solution is to develop some sort of process scanner that is
>launched from a domain script, that runs in the background that reports
>a list of processes at an interval to a master server, which in turn
>then compares the process list to known 'logger' trojans. The master
>server can then notify an administratior of the possible threat. On top
>of that, the client app can terminate the process immediately ..
>Just an idea.
>
>Sticky stuff.. mainly since there is no 'one way' to perform keystroke
>logging.

There are a few keystroke logger scanner programs out that claim to
detect them, though I've never seen one work so I couldn't tell. I
like the idea of a process scanner, that might help on a lot of
fronts, but way to much effort to develop for just what I need. I
have yet to find a keystroke logger installed on our systems, but that
doesn't mean there *aren't* any. While my main goal is to satisfy the
request, I am developing a curiosity in it myself now.

Thanks,

Jeff


>HTH!
>-Sean
>
>Jeff Cochran wrote:
>
>> Have a management-type that read about keystroke logging as a hacking
>> tool in a business journal, and now he'd like to have the network
>> scanned for these and reported on a regular basis. Does anyone have a
>> suggestion for a simple tool to scan a range of IP addresses or
>> systems and report on the presence of keystroke loggers?
>> Alternatively, one that can be launched in a login script and record
>> results to a file?
>>
>> Thanks,
>>
>> Jeff
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Jeff Cochran wrote:
> Have a management-type that read about keystroke logging as a hacking
> tool in a business journal, and now he'd like to have the network
> scanned for these and reported on a regular basis. Does anyone have a
> suggestion for a simple tool to scan a range of IP addresses or
> systems and report on the presence of keystroke loggers?
> Alternatively, one that can be launched in a login script and record
> results to a file?

How would your management type person propose that a network tool to detect
keyloggers detect and report a hardware key logger that people insert
between the keyboard and computer?

If it deals with every "known" software based keylogger out there, how does
it detect something I made up myself last night with a copy of C# at home
and smuggled into work on a usb pen drive?

Rob
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi Jeff.

I don't know of a simple tool but if he is willing to spend the money Pest Patrol has
a corporate version. I have not tried the corporate version myself, but they do offer
a free trial version. --- Steve

http://www.pestpatrol.com/Products/PestPatrolCE/
http://www.filterguide.com/pestpatrolcorp.htm --- explains options for network use.

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:413125bf.359178821@msnews.microsoft.com...
> Have a management-type that read about keystroke logging as a hacking
> tool in a business journal, and now he'd like to have the network
> scanned for these and reported on a regular basis. Does anyone have a
> suggestion for a simple tool to scan a range of IP addresses or
> systems and report on the presence of keystroke loggers?
> Alternatively, one that can be launched in a login script and record
> results to a file?
>
> Thanks,
>
> Jeff
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

On Tue, 17 Aug 2004 19:02:51 GMT, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:

>I don't know of a simple tool but if he is willing to spend the money Pest Patrol has
>a corporate version. I have not tried the corporate version myself, but they do offer
>a free trial version. --- Steve

I've been looking at Pest Patrol Corporate anyway to help combat
spyware/scumware/malware, just not yet convinced it's ready for prime
time. I kind of expect all the competitors to introduce similar
products in the next six months.

But Pest Patrol does advertise keystroke logger detection. I may have
to start installing a few to see if it detects it as a test.

Thanks,

Jeff

>http://www.pestpatrol.com/Products/PestPatrolCE/
>http://www.filterguide.com/pestpatrolcorp.htm --- explains options for network use.
>
>"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
>news:413125bf.359178821@msnews.microsoft.com...
>> Have a management-type that read about keystroke logging as a hacking
>> tool in a business journal, and now he'd like to have the network
>> scanned for these and reported on a regular basis. Does anyone have a
>> suggestion for a simple tool to scan a range of IP addresses or
>> systems and report on the presence of keystroke loggers?
>> Alternatively, one that can be launched in a login script and record
>> results to a file?
>>
>> Thanks,
>>
>> Jeff
>