Friday, April 11, 2008

April 11, 2008
I laugh at people like this.

write password and/or user name im word/wordpad and before starting wow copy it, when u see loggin screen of wow just click in password field and pres ctr+v... there you go..

Retarded. Simple as that.

What? Don't say you are surprised. I hope for your sake that you're not as stupid as that.

The longer explanation

Most good keyloggers will track everything you do on your screen, some even go as far as taking screen captures while you are doing it. For example you click your mouse, and the keylogger takes a 50x50 pixel (or more) screenshot centered around the area you clicked, registers the exact coordinates you clicked on the screen as well as the relative coordinates to the current window you clicked in. Any button on your keyboard that you press: a-z, 0-9, special characters, ctrl, shift, enter, arrows, everything. It will also keep track of anything you put into, or read from your copybuffer, check what applications you currently have loaded in memory or start. Some even go as far as blocking off certain applications, or loading new programs that will enable them to update themselves and communicate with their creator.

Keyloggers are nasty shit.

An example

Let's say we just logged into WoW, and your username is already filled in. A tool targetted specifically to hacking wow accounts could disable the "remember username" checkbox and force you to enter it again when you least expect it.

Let's say your password is "test"
You have stored this password in a text file on your desktop, not encrypted, and less than a few bytes on your HD. A keylogger would totally not notice you opened a 1Kb file and would absolutely for sure never ever send any files smaller than 10K to it's creator.
Totally.. right? Yes that was sarcasm.

Anyway, the file contains this string: This is just another piece of text which is an innocent long string.
You select the letters "te" and press Ctrl+C to copy this. Alternatively you could right click and select copy or cut, or use the menu option. The result would be the same. "te" would be placed in your system's copy buffer.
The keylogger of which you were not aware then sees something like "^c'te'"
You Alt tab back to wow, and paste that text into the password field. "^v'te'"
Then you repeat this for the letters "st" - "^c'st'" - "^v'st'"

You could even do "st" first, then press the leftarrow twice and paste "te", but obviously keyloggers notice this too. (We'll assume %3C for leftarrow)

It doesn't take rocket science to figure out your password when the keylogger gives your hacker this log :
* Application started : "c:\program files\messenger\msn.exe"
* Application started : "c:\games\world of warcraft\launcher.exe"
* File opened : "c:\users\desktop\obviouspasswordfile.txt"
* Keylog : "^c'st'^v'st'%3C%3C^c'e'^v'e%3Ct'/r"
* File closed : "c:\users\desktop\obviouspasswordfile.txt"

This might work

The best protection against keyloggers, is simply not getting one. Common sense will get you a long way, don't click flashy weird popups or banners. Don't click any when it's posted on the official WoW forums. Don't accept .exe files trough your MSN, Don't open .scr files trough email, etc, etc.

Get Firefox, it won't protect you from much, but it certainly won't hurt to use instead of Internet Explorer either.

As a point to note, there's the odd little application called Anti keylogger shield, but i have not tested, nor do i guarantee it works, nor do i guarantee that it'd not a keylogger in itself. Just do some research before you install anything. Supposedly it protects you from most keyloggers. Just don't take my word for it.

And remember, just because you're paranoid, doesn't mean they're not out to get you.