Tools to sniff out keyloggers?

Discussion in 'Black Hat SEO Tools' started by Saulyx, Jul 15, 2012.

  1. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Hi there,

    So i'm looking for tools to back track key loggers, especially the ones that send logs via SMTP and IMAP.

    I am already using Cian&Abel to track down FTP data, however it's not working that well with mail stuff. As for wireshark - it's a bit tricky, could someone recommend something good?


    Thanks
     
  2. Techxan

    Techxan Elite Member

    Joined:
    Dec 7, 2011
    Messages:
    3,092
    Likes Received:
    3,600
    Occupation:
    Local SEOist
    Location:
    TEXAS (you have to yell, its the law.)
    e-scan for windows anti virus, it will get hem and remove them.
     
  3. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Removing them isn't really what I'm after, I'm after tracking down where my logs are being passed to ;)
     
  4. unknownymous

    unknownymous Regular Member

    Joined:
    Jan 22, 2012
    Messages:
    272
    Likes Received:
    144
    Location:
    unknown
    New UD keylogger are used/distributed every 3 months. The best way to solve it is:

    Reformat your PC Then install eset nod32 or any good AV.
    That will rid off any shit in your system. :)


    For tracking the the receiver email or FTP used by hack3r ..Hmmm.. I forgot it anyway. :suspicious:
     
    Last edited: Jul 15, 2012
  5. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Getting rid of it is not my problem, tracking it down is what i'm after, it's not spinning on my main frame anyway
     
  6. cool0403

    cool0403 BANNED BANNED

    Joined:
    Dec 29, 2008
    Messages:
    564
    Likes Received:
    717
    One tool that has always worked for me much better than any vmware or sandbox is to use procmon. It monitors registry,file,processes, threads etc

    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
    I use it all the time to actually see what exe's do when i find them suspicious.
     
  7. csguy

    csguy BANNED BANNED

    Joined:
    Jul 13, 2012
    Messages:
    396
    Likes Received:
    42
    Look for an smtp sniffer.
     
  8. Tsongkie

    Tsongkie Regular Member

    Joined:
    Dec 22, 2006
    Messages:
    207
    Likes Received:
    149
    Location:
    Pearl of the Orient Seas
    Home Page:
    A network monitor for smtp traffic will do the trick. Also check your http requests with a tool like http analyzer.
     
  9. dannyduberstein

    dannyduberstein Junior Member

    Joined:
    Nov 1, 2011
    Messages:
    192
    Likes Received:
    107
  10. m0r0n

    m0r0n Registered Member

    Joined:
    Jun 13, 2011
    Messages:
    74
    Likes Received:
    55
    Occupation:
    {footprint}
    Location:
    {location|%k%w}
    Just run everything in sandbox 1st and watch for the thing its installing,
    for semi manual av program i prefer unhackme + sysinternal suite + unlocker (no fud thing can bypass your brain)
     
  11. csguy

    csguy BANNED BANNED

    Joined:
    Jul 13, 2012
    Messages:
    396
    Likes Received:
    42
    I use httpscoop for http traffic on mac.