Small undetected Keylogger
PostPosted:Sat Aug 21, 2010 12:54 pm
Anil started a blog in 2004/5 under the name Wng_z3r0 which i used to visit from time to time - http://spyware-free.us - This is what it used to look like - http://web.archive.org/web/200707010742 ... re-free.us - can't seem to load the Rootkit page though - http://spyware-free.us/labels/rootkit.html - via - http://web.archive.org ?
Yesterday i was looking through my old internet favourites to clear out for non working links etc. I found his site has now moved to - http://wngz3r0.info
He has written a small Keylogger with source - http://wngz3r0.info/2010/07/keyloggers- ... l-to-write - that as expected is either undetected/unknown by the vendors, and i imagine lots of other people too.
Result: 0 /42 (0.0%) - http://www.virustotal.com/file-scan/rep ... 1282393199 - This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Scanner results : Scanners did not find malware! - http://virscan.org/report/103eb70aed7ff ... ad5d4.html - Note: This file has been scanned before. ? Therefore, this file's scan result will not be stored in the database.
Zemana blocks it straightaway
and Prevx won't allow it to work, as tested on HTTPS and HTTP www's.
It does work on text in documents/notepad etc. One thing i discovered with it is, it misrepresents a handful of lesser used characters for others ? Regular ones like numbers and letters and many others are fine though !
I'm not saying it's a brilliant KL as obviously it has it's faults, just found it interesting that up until now. it's slipped through the net. In it's present state it can't be hidden, so not really much of a threat, but it could still be used to trick etc "some" people no doubt.
Yesterday i was looking through my old internet favourites to clear out for non working links etc. I found his site has now moved to - http://wngz3r0.info
He has written a small Keylogger with source - http://wngz3r0.info/2010/07/keyloggers- ... l-to-write - that as expected is either undetected/unknown by the vendors, and i imagine lots of other people too.
Result: 0 /42 (0.0%) - http://www.virustotal.com/file-scan/rep ... 1282393199 - This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Scanner results : Scanners did not find malware! - http://virscan.org/report/103eb70aed7ff ... ad5d4.html - Note: This file has been scanned before. ? Therefore, this file's scan result will not be stored in the database.
Zemana blocks it straightaway
and Prevx won't allow it to work, as tested on HTTPS and HTTP www's.
It does work on text in documents/notepad etc. One thing i discovered with it is, it misrepresents a handful of lesser used characters for others ? Regular ones like numbers and letters and many others are fine though !
I'm not saying it's a brilliant KL as obviously it has it's faults, just found it interesting that up until now. it's slipped through the net. In it's present state it can't be hidden, so not really much of a threat, but it could still be used to trick etc "some" people no doubt.