# How to Fool a Keylogger



## gopi_vbboy (Sep 7, 2008)

*How to Fool a Keylogger with common sense*

These days Agents spy on u everywhere, in college, at work, maybe a trojan virus on your home PC which keylogs your paswords and mails it to someone else. If u think u r being logged, try this: 

*Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS. 
* 
Haha, keylogger fooled....

The Data recorded by Keylogger is now not WINDOWS BUT NDOWWIS

U can use several variations of this.......the idea is do enter data but with some mouse activities or cursor activities in between......i mean not to enter the data in one go.........even now Virtual Keyboards are available......this is little time consuming but all time safe method.


----------



## iMav (Sep 7, 2008)

I don't know why but I am just chuckling at this one.


----------



## victor_rambo (Sep 7, 2008)

But how shall you fool HTTP packet sniffers?


----------



## gopi_vbboy (Sep 7, 2008)

I was talking abt the general keylogger program which record the keystrokes.....always don;t try to type ur Password in one go....


----------



## shaunak (Sep 7, 2008)

Quite a nifty trick...


----------



## the.kaushik (Sep 7, 2008)

i am not sure but for password we can use the MS virtual kb also  also now a days banks are giving virtual KB on there site like citibank


----------



## ThinkFree (Sep 7, 2008)

I already use that method while using shared computers.


----------



## gopi_vbboy (Sep 7, 2008)

ya right...now virtual keyboards are present......but its clever always not to go the direct way.say for gmail when u login d....we don;t have any virtual keyboard......

the things is do somethin in between entering password...this mixes the data the keylogger records


----------



## NucleusKore (Sep 7, 2008)

Nice trick, never thought about it

And Rohan, can http packet sniffers work if you use ssl for transmission?


----------



## thewisecrab (Sep 7, 2008)

Now why didnt I think Of that?


----------



## sreenidhi88 (Sep 7, 2008)

nice .had not thought of it before.agents can still try variants of wiodnws and still get the password.
i had seen few tutorials from irongeek  months before.i am not  sure if it is packet sniffing or port sniffing .tht guy used nmap and i didnt follow the rest of the tutorial.
atlast the output was

www.gmail.com/jkhfashasasjlajs"VICTIM'S USERNAME"?!@##kdhfkdhf"VICTIM'S PASSWORD"


----------



## ╬Switch╬ (Sep 7, 2008)

I do that and also mix it with the username as well.


----------



## krates (Sep 7, 2008)

*Re: How to Fool a Keylogger with common sense*



gopi_vbboy said:


> *Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS.
> *



if someone start using this trick he will waste so much time


----------



## Cool Joe (Sep 7, 2008)

^^Hey, for your security, you need to sacrifice some things.

Nice trick bro. Good one.
BTW, what if all our chat messages are logged? It'll be damn stupid trying to type every chat message like that.


----------



## Garbage (Sep 7, 2008)

*Re: How to Fool a Keylogger with common sense*

wasting a minute is more worth than compromising your account... isn't it ??

@ NucleusKore,

If you use SSL, packet sniffer can still capture your data. Only difference is that, your data is encrypted, and it's "more" (it's a relative term I know..  ) difficult to recover password or other things from that dump.


----------



## MetalheadGautham (Sep 7, 2008)

iMav said:


> I don't know why but I am just chuckling at this one.


+1


----------



## R2K (Sep 7, 2008)

ya..  why r u taking so much pain for just typing a password..instead use 
MS virtual kb....simple


----------



## casanova (Sep 7, 2008)

That virtual keyboards are prone to back sniffing. Anybody can look above your shoulders.


----------



## R2K (Sep 7, 2008)

^^
well.... in that case ...don't u think those back sniffers can record ur passwords even when u are typing it on a physical keyboard


----------



## NucleusKore (Sep 7, 2008)

*Re: How to Fool a Keylogger with common sense*



Garbage said:


> and it's "more" (it's a relative term I know..  ) difficult to recover password or other things from that dump.



In that case I think it would be advisable to login using the increased security feature provided in yahoo mail and hotmail. Gmail anyway uses ssl. Just mentioning it for th ebenefit of our readers.


----------



## thewisecrab (Sep 7, 2008)

MetalheadGautham said:


> +1


+2 
It's still good..nevertheless


----------



## gopi_vbboy (Sep 7, 2008)

Hey

thanks u for all that pouring replies

See its all upto u....u want to be secure .......its better to be clever

i remember my fav quote abt security



> The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. (Jakob Nielsen)


----------



## sreenidhi88 (Sep 7, 2008)

R2K said:


> ^^
> well.... in that case ...don't u think those back sniffers can record ur passwords even when u are typing it on a physical keyboard



can anyone tell  me what is back sniffing( someone sniffing behind u )???


----------



## RCuber (Sep 7, 2008)

sreenidhi88 said:


> can anyone tell  me what is back sniffing( someone sniffing behind u )???


ROFLMAO


----------



## Ecko (Sep 7, 2008)

+1 to ur trick
Atleast its innovatiive like Google


----------



## iinfi (Sep 8, 2008)

nice you posted this here.

i v been using this stuff for 4-5 years. it jus occurred to me once while logging into my bank site, i always use this for bank sites only.
there are several methods by which your a/c can be compromised and this trick is not a comprehensive security tool. 
this trick will easily fool simple keyloggers whose sole aim is to keep a tab on ur key strokes.


----------



## R2K (Sep 8, 2008)

sreenidhi88 said:


> can anyone tell  me what is back sniffing( someone sniffing behind u )???



back sniifers are those ppl like u who just pry on other peoples movements and keep watching them for some reason


----------



## gopi_vbboy (Sep 9, 2008)

@all
thanks for u replies


----------



## Krazzy Warrior (Sep 9, 2008)

nice*s269.photobucket.com/albums/jj44/visio159/Unismilies/45large.png


----------



## casanova (Sep 9, 2008)

R2K said:


> ^^
> well.... in that case ...don't u think those back sniffers can record ur passwords even when u are typing it on a physical keyboard



Not necessarily. They would not access my office pc and even if they have it most keyloggers would be detected by the antivirus. I would be having control on what is happening on the system I am using  but I cannot control the back sniffers.


----------



## mehra.rakesh (Sep 9, 2008)

LOLLZ .. Really really good one ..


----------



## dheeraj_kumar (Sep 9, 2008)

I have an idea about controlling back sniffers... How about using some sort of password manager and using it on sites? 

But yeah, how to prevent access to that password manager itself is a question... obviously a master password would be highly secure but highly vulnerable to back sniffers...

Password Managers secured by Biometrics is the key...


----------



## sreenidhi88 (Sep 9, 2008)

R2K said:


> back sniifers are those ppl like u who just pry on other peoples movements and keep watching them for some reason


ppl like me?watd u mean??


----------



## R2K (Sep 10, 2008)

^^
lol...man I was just joking I felt u were just annoying me by refering to my previous post about back sniffers.....sorry if it hurt u...



casanova said:


> Not necessarily. They would not access my office pc and even if they have it most keyloggers would be detected by the antivirus. I would be having control on what is happening on the system I am using  but I cannot control the back sniffers.



Well ... I thought we were talking about shared PCs...


----------



## pagalnokia (Sep 12, 2008)

why struggle so much dude, use the software called Key scrambler and this is also available as a plugin to Firefox
and also most of the latest keylogger can also capture screenshots for every mouse click, so its better to use a software called Anti-keylogger Private keyboard, that doesnt let the keylogger capture the screenshots


----------



## gopi_vbboy (Sep 12, 2008)

@pagalnokia

i agree...but this trick is for those who need performance....remember every plugin/program u add slows ur browser.....and we don't login all the time....n who can believe these plugins....possibly they might be sniffer too...i mean not all ppl know to download plugin form trusted source...


@all thanks for reply
actually back sniffer are like network data monitors....so better have ur data sent encrypted..thats the only sol.


----------



## anarchist (Sep 12, 2008)

iMav said:


> I don't know why but I am just chuckling at this one.


^+3

*en.wikipedia.org/wiki/Key_logger#Non-technological_methods


----------



## gopi_vbboy (Sep 12, 2008)

@above

thanks.....that can xplain better than my way of xplanation


----------



## Sreekuttan (Oct 16, 2008)

nice work..


----------



## devilinearth (Oct 16, 2008)

There are two methods.

1)Use windows virtual keyboard for typing user names and passwords.
2)Create a text file,and in that just type all the letters from A to Z,and numbers from 0 to 9.And after that for entering username and password,just copy paste each letter one by one.

Regards


----------



## gopi_vbboy (Oct 16, 2008)

@above

ya ur way is also good...i have seen Virtual keyboard with changing key locations in SBI site.......


----------



## dheeraj_kumar (Oct 17, 2008)

^^ Thats been existing for a long tme.

*in.youtube.com/watch?v=dAAGci_AnRk


----------



## hariharakumar (Oct 17, 2008)

Nice tip man really great


----------



## pagalnokia (Oct 20, 2008)

all the people above, do you think keyloggers wont capture the screen shots  and wont they capture the mouse clicks that you make on Virutal keyboard,  they do capture every mouse click you make and if the button that you click is not highlighted they give out the (x,y) co-ordinates along with the picture that is captured so that the location of the cursor is know (cursor doesnt usually appear in the screenshots taken my keyloggers) 

@devilinearth
you mentioned the first method of virtual keyboard that is of no use now a days for the keyloggers have become so intelligent, YOU CANNOT STOP THEM
 and the second method you mentioned was to make a text file and blah blah blah.....
buddy remember Keyloggers do also capture the clipboard, so when you are copying a text (or even each alphabet to enter your login details) all those are captured. So now tell me where exactly you can stop the keyloggers. NOT POSSIBLE MAN, am an Ethical Hacker and i keep doing research on all this stuff and regularly go through the forums and spend enough time to answer anything here.

@ gopy_vbboy

buddy you said browser plug-ins slows down the browser, so let me make it clear i mentioned about the software called Key scrambler that is not integrating itself with the browser but it is just installed like any other application and is encrypting your keystrokes at the kernel level and transmits it to the drivers so that the keyloggers cannot capture anything there. and i just gave a choice of brower plug-in in case you dont want to install the software and the plug-in that i mentioned here is the link, so laugh out loud and very sorry to tell all our ways fail to combat keylogger  except using these keystroke encryption application.

Or there could be another solution for all the above problems is, using a good Security Suite and i always recommend Kaspersky, i never trust Symantec Norton or McAffee as I myself have created viruses (testing only) and was successful in disabling the above two latter mentioned so called Security Suites

Any one having any updated info plz do let me know so that i keep myself busy with the further more research

have fun guysssssss


----------



## hariharakumar (Oct 20, 2008)

what if the key logger captures screenshots


----------



## dheeraj_kumar (Oct 20, 2008)

@pagalnokia

All your points are valid. The problem with keyloggers is that they are available everywhere. Free source, plus books on how to make them,  and so on. I'm interested in low level system security too, and presently coding rootkits.


----------



## gopi_vbboy (Oct 21, 2008)

@pagalnokia

u r correct but think dude...such complex loggers usually are not injeccted/spread to evry pc..........everyone don;t have sensitive information online.......hacker target specific targets.......im not talking of complex loggers...i was talking abt a simple common sense technique for a newbie to fool any logger....also with many antispyware softs we are not fools to allow such logger to run n background......only social engineering can spread such logger to any noob hold sensitive info...


----------



## shady_inc (Oct 26, 2008)

Those who think using the On Screen Keyboard in XP / Vista can fool a keylogger, be aware that the on screen keyboard still has to send signals to the physical keyboard to print the character which some keyloggers can pick up.


----------



## dheeraj_kumar (Oct 26, 2008)

^^ No, but somewhat correct. OSK sends keypresses directly to the application on focus. So, if the keylogger hooks SendInput() function in user32.dll, even OSK keyboards are unsafe. And its not at all difficult to do it, so OSK is quite a failure.


----------



## wishmaster.dj (Oct 29, 2008)

FYI kaspersky internet security 2009  has a virtual keyboard option.


----------



## utsav (Oct 30, 2008)

wishmaster.dj said:


> FYI kaspersky internet security 2009  has a virtual keyboard option.



thanks 4 this info .i never noticed it


----------



## Rollercoaster (Oct 30, 2008)

nice tip. now i always use it when working on a system that is not my own..


----------



## gopi_vbboy (Oct 30, 2008)

^^ welcome


----------



## go4saket (Nov 1, 2008)

Even virtual keyboards are recorded by keyloggers. We should have some kind of encryption stuff as present in BestCrypt. This encrypts the password you type to load its container and thus the keylogger gets all wrong stuff. If something like that can be available for normal typing, it can be great...


----------



## toofan (Nov 2, 2008)

Even a half step towards safety is sometimes a great help?


----------



## gopi_vbboy (Nov 2, 2008)

Encryption is also still insecure..Intelligent hackers can reverse anything which has a traditional logic....I Think Biometrics will enhance the security in future......


----------



## toofan (Nov 3, 2008)

Biometrics can be fooled too. 
*My imagination:* Hackers can took a image of your identity verification and then it would be much easy to paste/show that image to the program  and execute it.

If its possible then how and if not then how?


----------



## NucleusKore (Nov 3, 2008)

pagalnokia said:


> why struggle so much dude, use the software called Key scrambler and this is also available as a plugin to Firefox



Thanks, didn't know



toofan.is.back said:


> Biometrics can be fooled too.
> *My imagination:* Hackers can took a image of your identity verification and then it would be much easy to paste/show that image to the program  and execute it.
> 
> If its possible then how and if not then how?



Not an iris or retinal scan. Have those been broken? Unless you're talking of Demolition Man 

Update:

*img87.imageshack.us/img87/6799/keyad9.png

An is not required I guess


----------



## mmharshaa (Nov 3, 2008)

Visit the following about keylogger...

*www.lfymag.com/admin/issuepdf/Keylogger.pdf



and this one too....

*www.safsec.com/2008/09/how-to-fool-a-keylogger/


----------

