How to Fool a Keylogger

[gopi_vbboy]

How to Fool a Keylogger with common sense

These days Agents spy on u everywhere, in college, at work, maybe a trojan virus on your home PC which keylogs your paswords and mails it to someone else. If u think u r being logged, try this:

Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS.

Haha, keylogger fooled....

The Data recorded by Keylogger is now not WINDOWS BUT NDOWWIS

U can use several variations of this.......the idea is do enter data but with some mouse activities or cursor activities in between......i mean not to enter the data in one go.........even now Virtual Keyboards are available......this is little time consuming but all time safe method.

 

[iMav]

I don't know why but I am just chuckling at this one.

 

[victor_rambo]

But how shall you fool HTTP packet sniffers?

 

[gopi_vbboy]

I was talking abt the general keylogger program which record the keystrokes.....always don;t try to type ur Password in one go....

 

[shaunak]

Quite a nifty trick...

 

[the.kaushik]

i am not sure but for password we can use the MS virtual kb also also now a days banks are giving virtual KB on there site like citibank

 

[ThinkFree]

I already use that method while using shared computers.

 

[gopi_vbboy]

ya right...now virtual keyboards are present......but its clever always not to go the direct way.say for gmail when u login d....we don;t have any virtual keyboard......

the things is do somethin in between entering password...this mixes the data the keylogger records

 

[NucleusKore]

Nice trick, never thought about it

And Rohan, can http packet sniffers work if you use ssl for transmission?

 

[thewisecrab]

Now why didnt I think Of that?

 

[sreenidhi88]

nice .had not thought of it before.agents can still try variants of wiodnws and still get the password.
i had seen few tutorials from irongeek months before.i am not sure if it is packet sniffing or port sniffing .tht guy used nmap and i didnt follow the rest of the tutorial.
atlast the output was

www.gmail.com/jkhfashasasjlajs"VICTIM'S USERNAME"?!@##kdhfkdhf"VICTIM'S PASSWORD"

 

[╬Switch╬]

I do that and also mix it with the username as well.

 

[krates]

Re: How to Fool a Keylogger with common sense

Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS.

if someone start using this trick he will waste so much time

 

[Cool Joe]

^^Hey, for your security, you need to sacrifice some things.

Nice trick bro. Good one.
BTW, what if all our chat messages are logged? It'll be damn stupid trying to type every chat message like that.

 

[Garbage]

Re: How to Fool a Keylogger with common sense

wasting a minute is more worth than compromising your account... isn't it ??

@ NucleusKore,

If you use SSL, packet sniffer can still capture your data. Only difference is that, your data is encrypted, and it's "more" (it's a relative term I know.. ) difficult to recover password or other things from that dump.

 

[MetalheadGautham]

I don't know why but I am just chuckling at this one.

+1

 

[R2K]

ya.. why r u taking so much pain for just typing a password..instead use
MS virtual kb....simple

 

[casanova]

That virtual keyboards are prone to back sniffing. Anybody can look above your shoulders.

 

[R2K]

^^
well.... in that case ...don't u think those back sniffers can record ur passwords even when u are typing it on a physical keyboard

 

[NucleusKore]

Re: How to Fool a Keylogger with common sense

and it's "more" (it's a relative term I know.. ) difficult to recover password or other things from that dump.

In that case I think it would be advisable to login using the increased security feature provided in yahoo mail and hotmail. Gmail anyway uses ssl. Just mentioning it for th ebenefit of our readers.