20
2.4 The “legal” Keyloggers
Recently, the co-called “surveillance” commercial tools flooded the software
market. Suddenly, there is an “urgent” need for parents, bosses and others to
know what exactly kids and workers do on their computers. This fact inspired the
creation of many different kinds of legal spying software that may include
keylogger, screen capture and other functionality. Let’s see how an antivirus
vendors reacted to such tools. I downloaded one of “legal” keyloggers available,
called “Beyond keylogger” [8], installed it and checked with some antivirus
programs. Below is the result of the scan [6]:
This is a report processed by VirusTotal on 05/23/2005 at 20:47:17 (CET) after scanning the file
"CSRSS.EXE" file.
Antivirus
Version
Update
Result
AntiVir
6.30.0.12
05.23.2005
no virus found
AVG
718
05.22.2005
no virus found
Avira
6.30.0.12
05.23.2005
no virus found
BitDefender
7.0
05.23.2005
no virus found
ClamAV
devel-20050501
05.23.2005
no virus found
DrWeb
4.32b
05.23.2005
no virus found
eTrust-Iris
7.1.194.0
05.21.2005
no virus found
eTrust-Vet
11.9.1.0
05.23.2005
no virus found
Fortinet
2.27.0.0
05.21.2005
no virus found
Ikarus
2.32
05.23.2005
no virus found
Kaspersky
4.0.2.24
05.23.2005
not-a-virus:RiskWare.Monitor.BeyondKeyLogger.156
McAfee
4497
05.23.2005
no virus found
NOD32v2
1.1105
05.22.2005
no virus found
Norman
5.70.10
05.23.2005
no virus found
Panda
8.02.00
05.23.2005
no virus found
Sybari
7.5.1314
05.23.2005
no virus found
Symantec
8.0
05.23.2005
no virus found
VBA32
3.10.3
05.23.2005
no virus found
These results clearly show that there is a problem in dealing with “legal”
keyloggers. The question now: Why the malicious virus writer will ever want to
create and debug his own keylogger (that after a short period of time will be
“banned” by antivirus programs) and not to use a legal one? Possibly, at the near
future, we will see malware that installs such a “legal” keylogger preconfigured to
send the results of spying to the “bad” person.
 |
 |
 |