Exposing KeyLoggers Goal

10 Oct

Our goal is to develop simple instructions to expose the presence of keyloggers on a PC and identify who is responsible so the instructions can be shared with activists and dissidents. This post describes why this is so important.

The majority of network traffic is often one way,  from the internet down to the PC.  The PC sends short, simple requests for data or specific pages that are then delivered to it.

Blogging and online activities like email are obvious exceptions but the local keystrokes are still usually small in comparison to the data sent down to paint a graphic intensive page or a screen of video.

Keyloggers may encrypt the logged information they send home but the IP address must always be in clear text. Confirming a keylogger is present and identifying where the information is being sent goes a long way toward proving who is responsible.

Step 1 – Download WireShark

10 Oct

Wireshark  is a free, open source software package that sniffs data.

Here are initial instructions about how to set up Wireshare to analyze a suspect PC’s outbound traffic.

Questions:

1)  What will the network interface look like?  Specifically what hardware will you need to set it up?

2)  Can you use a PC that may have a keylogger on it to do the analysis or is it best to use a virgin PC that has never touched the internet?

3)  Will any of the Other Wireshark Tools help here?

4)  What is the best way to detect and protect against ARP Spoofing?

Design a site like this with WordPress.com
Get started