Malware | Trojans & Keyloggers | ICSS Student |Gopal Roy

Malware

Malware | Trojans & Keyloggers | ICSS Student |Gopal Roy

Category : Blog

Malware

Malware means malicious software.in fact, it has been a problem for ages.it is basically a program designed to infect a computer without the owner’s knowledge.

Malware

Type of Malware

Malware exists in Manu forms. Some common types of malware that one needs to keep track of are:

  1. Trojan Horse-Trojan virus or Trojan horse is a common type of malware.it is mostly used to control the victimized computer rather than infect or destroy files on it.A Trojan, horse once installed into the victim’s system, can give the hacker complete access to the victim’s computer Trojan are of the most dangerous forms of malware.

Trojan Horse

2. Computer Virus-A computer virus is a malicious program, which is mostly developed to infect a computer once it infects a computer, it replicates itself, A virus needs another host on which it can get attached in order to infect a computer.

Computer Virus

 

3. Worms- Worms are almost similar to computer viruses. The only difference is that a computer virus does not require another host to attach to in order to infect a computer. Once a worm infects a computer.it replicates itself. Computer worms are major threats to large networks.

Worms

4. Keyloggers- It is a hardware or software device, which monitors every keystroke, screenshots,chats,etc ,typed on a computer . A key logger program does not require physical access to the user’s computer. Any person whit basic knowledge of computer can use a key logger.

Keyloggers

5. Adware- Adware stands for Advertisement-supported Software. Adware is commonly designed to display Advertisement on a computer .However, some adware may contain harmful viruses and spying programs, which can harm the computer system.

Adware

 

After understanding malwares, their types and their function, learn about keyloggers in detail.

Keyloggers:

Keyloggers are of two Types:

  • Hardware Keyogger
  • Software Keyogger

Hardware keylogger IS USED FOR keyloggers loggers. A hardware keylogger is plugged between the keyoggers plug and the USB or PS/2 port socket, and it works with PS/2 keylogger and USB Keyboards looks similar to a normal USB drive or any other computer peripheral. Due to this, the victims can never about that is a keyogger. Hardware keyogger has inbuilt memory. Which stores the typed keylogger.

Keylogger

1.Hardware keyloggers

 

Hardware keyloggers

 

2. ps/2 keylogger

 

ps/2 keylogger

 

3.  Usb keylogger

Usb keylogger

 

Keygrabber – Best Hardware Keylogger

Keygrabber is one of the best and most popular hardware keyloggers across the globe. The is primarily because of its large storage capacity. Keygrabber keystroke recorder comes in a standard version-4MB memory capacity, 2,000,000 keystrokes(over 1,000 pages of text), and a Venom version 2 billion keystrokes (over 1 million pages of text), organized into an advance flash FAT file system. It is compatible with all the three operating systems,i.e., windows, Linux and Mac OS.

Keygrabber

 

Features of hardware keylogger:

*Observer www.e-mail and chat usage by children and employees

*Monitors employee productivity

*Protects children from online hazards and predators

*saves a copy of the typed text

*Records all keystrokes-even Facebook Password

*Huge memory capacity, organized as an advance flash FAT system

Features of hardware keylogger

 

Software Keyloggers:

The hardware keylogger is useful only if you have physical access to the victim’s computer However, if you don’t and if by any chance the victim notices it and knows about your intention, It is only then that the software keylogger come into the picture.

Hardware

Software keylogger can also be classified into two types:

*Local Keylogger

*Remote keylogger

Local keylogger: They are used to monitor local computer(even your own PC).They are easy to install and are completely undetectable.However,once installed in the computer, they become

Really difficulty to find them. This is because the keylogger hide themselves from the Task manager. Windows registry,etc.

Whenever you want to see logs, screenshot,etc,press a short key (example,ship+ctrl+f10)

There are hundreds of keyloggers available nowadays.However,some of them are user-friendly and actually capable of hiding themselves once they are installed.

keylogger

 

Some popular local keyloggers are:

  • Spy Agent
  • Refog Keylogger

Spy Aggent:

Spy Agent is an award-winning software, which is used to monitor both local and remote computers. It invisible monitors all computer usage and internet activities.spyAgent’s logging capabilities are unmatched. Spy agent can log anything from what the users type, to the files they print and programs they run-all time stamped by date for easy viewing .ALL logs are easily saved and exported for later use.spyagent can be confifured to log all users on you computer with ease.spyagent monitors and log both sides of all chat conversations made on chat clients (supported clients include the latest versions of AOL,AOL instant Messnger,MSN Messenger,ICQ pro and ICQ Lite).

Spy Agent

Spy Agent keylogger:

Features of spy agent keylogger

It records:

*Keystroke monitoring

*Internet Connections

*Internet Conversations

*Website activate

*E-mail sent and received

*File/documents accessed and printed

*Windows activate

*Application usage

*Screenshot capturing

*Clipboard logging

*Events logging

*Activity logging

Refog is extremely powerful and has very low antivirus detection rete. It is one of the leading remote passwords hacking software combined whit Remote Install and Remote Viewing features. Once installed on the remote PC (s),the user only needs to login to his/her personal Refog account to view activity logs of the remote PC.This means that the user can view logs of the remote PC from any where in the would, as long as he/she has Internet access.

Refog

 

Features of Refog Keylogger are as follows:

  1. Keystroke recording: Once installed and running. Refog registers all keys pressed by the user, thus action as a keylogger. This function captures all data that has been entered using the keyboard, including chats, username,password,e-mail, search queries and other content. In addition to key logging, refuge is also enabled to log clipboard text.
  2. Web History Logging: Even If users delete their prowler history, the information is retained in refog’s log database, and is always available via the reports function. All relevant information can be collected including URLs visited page titles, etc.
  3. Application monitoring: since Refog can record all programs executed on a PC, it is hence possible to establish if a child is playing game instead of doing homework, an employee is wasting time logs etc sitting in any part of the world.

You can find tons of Remote keyloggers on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rete.one keylogger worth the price is win spy.

Refog

 

Remote Keylogger:

Remote keylogger are used for the purpose of monitoring a remote pc, once a remote keylogger is installed on your computer the attacker can get your keystrokes, your webcam shots, chat logs etc sitting in any part of the world.

You can find tons of Remote keylogger on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rate. One keylogger worth the price is win Spy.

Remote Keylogger

 

Winspy Keylogger:

WinSpy Software is a complete stealth Monitoring software that both monitor your Local PC and remote PC.It includes remote install and real-time remote PC viewer. Win spy software will capture anything the user sees or type the keyboard.

WinSpy Software

 

Features:

*Remote Screen Capture

*Remote Monitoring

*Remote PC Browser

*Notify’s User Online

*Remote Sound Listening/Recording

*Remote Camera view/Recording

*Remote File Launch

*Dualside Chat Recording

*Remote shutdown

*Remote FTP

*Webcam-motion Detect

*WebAccess Remote PC

*SMS Intruder Alert

*Works behind Firewall

WinSpy

 

RAT (TROJANS):

Rat or ‘Remote Administration Tool’s is one of the most dangerous types of malware. It is very similar to a Trojan. Once a RAT is installed in a computer, the attacker can do almost anything on the remote computer, such as installing a keylogger, shutting down the computer, infecting files, uploading & downloading files, etc If this is successful, the Trojan can operate with increased privileges, and go about installing other malicious codes. If the user has administrative access to the operating system, the Trojan can do anything that an administrator can.

A Compromise on any system on a network may have consequences for other system on the network. Particularly vulnerable are system that transmit authentication material, such as passwords, overshared networks in clear text or in a trivially encrypted from, which very common. If a system on such a network is compromised via a Trojan (or another method), the intruder may be able to record usernames and password or other sensitive information as if navigates through the network.

Some common types of RATS are:

*ProRat

*Lost Door

 

RAT (TROJANS)

 

FUNCEHION:

Trojan work similar to the client-server model. Trojan come in two parts, Client and server part. The attacker deploys the Client to connect to the server, which runs on the remote machine when the remote user(unknowingly) executes the Trojan on the machine. The typical protocol user by most Trojan is the TCP?IP protocol;however,some functions of the Trojans may mark use of the UDP protocol as well.

When the server is activated on the remote computer, it will try remain in a stealth mode or simply stay hidden, This is configurable, for example, in the Back Orifice Trojan, the server can be configured to remain in stealth mode and hide its processes.Onec activated, the server starts to listen on default or configured ports for incoming connections from the attacker.it is usual for Trojan to also modify the registry and/or use some other auto-starting methods.

FUNCEHION

 

Most Trojan use auto-starting methods so that server are restarted every time the remote machine reboots/starts, which in turn also notifies the attacker. As these features are being countered, new auto-starting methods are evoling.The Startup method ranger from associating the Trojan whit certain common executable files such as exploere.exe to the known methods such as modifying the system files or the Windows Registry. Some of the Popular system files targeted by Trojan are Auto start Folder, Win.ini,system.ini,wininit.ini,winstart.bat,Autoexec.bat ,Config.sys

Now, after getting the clear idea about RATS (TROJANS),let us see as to how we can even use Trojan to hack into a system.

FUNCEHION

 

ProRat:

ProRat is a powerful remote administrator tool ( RAT ) based on backdoor Trojan . It opens a port on the infected system , which allows the client to perform various operations on the infected computer . ProRat cannot to users over the WANs ( Wide Area Networks ) . It can connect only over LANs ( Local Area Networks ) . However , once ProRat is installed , almost impossible to remove it without up – to date antivirus software .

The following procedure is usually followed by a hacker to take control of the victim ‘ s computer using ProRat . it also dis cusses some of the author is using functions , which can be  performed with the help of this Trojan . Here the author is using the term `you ‘ to the hacker .

ProRat

 

 

Most Popular Training Courses at Indian Cyber Security Solutions:

 

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 


Leave a Reply

Show Buttons
Hide Buttons