Topic: Is there any spyware that can...

[Pugnate]

Is there any spyware that can somehow record and send the passwords you enter on secure websites? I am not talking about 'phishing', but hacked browsers targeting legit websites.

[Xessive]

Is there any spyware that can somehow record and send the passwords you enter on secure websites? I am not talking about 'phishing', but hacked browsers targeting legit websites.

I wouldn't doubt that there probably are some out there. Sorry I couldn't provide any substantial information.

[beo]

ever heard of a keylogger?

[Xessive]

ever heard of a keylogger?

I don't think Pug's looking for one to use, I think he's worried about someone getting his info. A keylogger would only be one part of the malicious software, it would also need to transmit the data (hence the spyware).

[scottws]

Is there any spyware that can somehow record and send the passwords you enter on secure websites? I am not talking about 'phishing', but hacked browsers targeting legit websites.

Most certainly.  I'm not sure about hacked browsers, though it wouldn't surprise me if there were such things, but other types malware that include keyloggers definitely exist.

I know of a company that got the Backdoor.TDSS virus on one of their computers.  I'm not sure if it was that virus specifically or another one that came along for the ride, but at least one of the users of that shared computer had their personal bank account compromised.  Why someone would access anything like a bank account from a computer known to be infected by a virus is another matter, but it's proof that it definitely happens.

[Cobra951]

I don't think Pug's looking for one to use, I think he's worried about someone getting his info. A keylogger would only be one part of the malicious software, it would also need to transmit the data (hence the spyware).

That last part is why I like firewalls that block all traffic by default.  Even if malware filters into your system, it can't dial out.  That's unless it piggybacks on something you have to allow net access to, like the browser.  So if the keylogger is a hack or addon to the browser itself, you're screwed regardless.

What I would do if I suspected an infected browser is uninstall it (and if it won't let me, well, there's the definite answer), nuke all registry entries related to it, delete its directories, re-download directly from the official site and reinstall.  Then reinstall trusted addons.

I should add that a good firewall should also detect when an application (including the browser) is replaced by another file.  Mine warned me often when I had AVG running, because part of its daily update could include replacing the programs themselves.

[Pugnate]

I am just feeling a little paranoia I guess...

[scottws]

That last part is why I like firewalls that block all traffic by default.  Even if malware filters into your system, it can't dial out.  That's unless it piggybacks on something you have to allow net access to, like the browser.  So if the keylogger is a hack or addon to the browser itself, you're screwed regardless.

I agree with this, but I have personally found it pretty tough to implement in practice for a frequently used personal computer (a server is much easier to lock down like this).  I have several programs that use a random outbound port so this has proven to be problematic in the past.  On the Windows firewalls I've used like Kerio (before it got bought out and bastardized) it hasn't been too big a deal because you can often assign permissions by executable, but on my Linux laptop I've had lots of trouble with my FTP client.  It's like the traffic will go out but gets blocked when it comes back in (and it comes back in on a random port).  I would think it's a "RELATED" connection to my outbound and hence allowed, but it doesn't seem to work in practice.  I always have to disable my firewall on that laptop to do FTP stuff.

What I would do if I suspected an infected browser is uninstall it (and if it won't let me, well, there's the definite answer), nuke all registry entries related to it, delete its directories, re-download directly from the official site and reinstall.  Then reinstall trusted addons.

I would go further and run an offline virus scan via a boot disc or even wipe out Windows and start over.

[Cobra951]

The Kerio 2.15 philosophy is so simple, straightforward and effective that I can't understand why it seems to be so rare elsewhere.  FTP is only an issue at the router's firewall, where I need to make sure the right port is open (and where a roaming port would be an issue).  Kerio doesn't care, since it discriminates based on applications.  Once the ftp client gets my a-OK, everything works without compromising anything else.  I don't know what I'll do when I move on to Windows 7 (64-bit).

[scottws]

The Kerio 2.15 philosophy is so simple, straightforward and effective that I can't understand why it seems to be so rare elsewhere.  FTP is only an issue at the router's firewall, where I need to make sure the right port is open (and where a roaming port would be an issue).  Kerio doesn't care, since it discriminates based on applications.  Once the ftp client gets my a-OK, everything works without compromising anything else.  I don't know what I'll do when I move on to Windows 7 (64-bit).

You could always set up your old box as a Linux router/firewall and go through that, assuming you would be putting Windows 7 on a new machine.  I haven't gone that far yet, so I don't know how difficult it would be, but I bet it's pretty easy.  You could probably even make it a proxy if you wanted.

Also, the Windows 7 firewall allows much more granular control than the Windows XP SP2 and especially the Windows XP SP1 firewall did.

[Cobra951]

That sounds like a project.  I've yet to mess with Linux at all.  It's all speculation anyway, since I have no plans for a new system anytime soon.  I don't think shoehorning W7 into my old PC is a good idea either.

[Raisa]

yeah, if you have russian or chinese friends, they should be able to hitch you up with it.