1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tools to sniff out keyloggers?

Discussion in 'Black Hat SEO Tools' started by Saulyx, Jul 15, 2012.

  1. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Hi there,

    So i'm looking for tools to back track key loggers, especially the ones that send logs via SMTP and IMAP.

    I am already using Cian&Abel to track down FTP data, however it's not working that well with mail stuff. As for wireshark - it's a bit tricky, could someone recommend something good?


    Thanks
     
  2. Techxan

    Techxan Elite Member

    Joined:
    Dec 7, 2011
    Messages:
    3,093
    Likes Received:
    3,585
    Occupation:
    Local SEOist
    Location:
    TEXAS (you have to yell, its the law.)
    e-scan for windows anti virus, it will get hem and remove them.
     
  3. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Removing them isn't really what I'm after, I'm after tracking down where my logs are being passed to ;)
     
  4. unknownymous

    unknownymous Regular Member

    Joined:
    Jan 22, 2012
    Messages:
    272
    Likes Received:
    144
    Location:
    unknown
    New UD keylogger are used/distributed every 3 months. The best way to solve it is:

    Reformat your PC Then install eset nod32 or any good AV.
    That will rid off any shit in your system. :)


    For tracking the the receiver email or FTP used by hack3r ..Hmmm.. I forgot it anyway. -.-
     
    Last edited: Jul 15, 2012
  5. Saulyx

    Saulyx Junior Member

    Joined:
    Jan 10, 2010
    Messages:
    107
    Likes Received:
    5
    Getting rid of it is not my problem, tracking it down is what i'm after, it's not spinning on my main frame anyway
     
  6. cool0403

    cool0403 BANNED BANNED

    Joined:
    Dec 29, 2008
    Messages:
    565
    Likes Received:
    718
    One tool that has always worked for me much better than any vmware or sandbox is to use procmon. It monitors registry,file,processes, threads etc

    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
    I use it all the time to actually see what exe's do when i find them suspicious.
     
  7. csguy

    csguy BANNED BANNED

    Joined:
    Jul 13, 2012
    Messages:
    396
    Likes Received:
    42
    Look for an smtp sniffer.
     
  8. Tsongkie

    Tsongkie Regular Member

    Joined:
    Dec 22, 2006
    Messages:
    207
    Likes Received:
    148
    Location:
    Pearl of the Orient Seas
    Home Page:
    A network monitor for smtp traffic will do the trick. Also check your http requests with a tool like http analyzer.
     
  9. dannyduberstein

    dannyduberstein Junior Member

    Joined:
    Nov 1, 2011
    Messages:
    189
    Likes Received:
    105
  10. m0r0n

    m0r0n Registered Member

    Joined:
    Jun 13, 2011
    Messages:
    72
    Likes Received:
    55
    Occupation:
    {footprint}
    Location:
    {location|%k%w}
    Just run everything in sandbox 1st and watch for the thing its installing,
    for semi manual av program i prefer unhackme + sysinternal suite + unlocker (no fud thing can bypass your brain)
     
  11. csguy

    csguy BANNED BANNED

    Joined:
    Jul 13, 2012
    Messages:
    396
    Likes Received:
    42
    I use httpscoop for http traffic on mac.