Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will a keylogger pick up auto entries from a password manager?


  • Please log in to reply
7 replies to this topic

#1 bigrobifer

bigrobifer

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 24 June 2014 - 10:41 AM

 Recently i've gotten myself into some kind of backdoor exploit problem. I use a password manager and am wondering if a keylogger can pickup the auto entries. I know almost anything is possible and no one knows everything, but am wondering what the consensus is on this. Of course the consensus is also : change all your passwords. But i can't safely do that untill I know my laptop is clear, so I am wondering about my current exposure. 



BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:33 AM

Posted 24 June 2014 - 10:50 AM

Could it, yes.  Will it, only its creator knows?  Once your machine has been compromised you can no longer trust anything about it.

 

It would depend on how the password manager enters your passwords and what the malware collects.  The malware could monitor the keyboard buffer or the contents that have been copied to be pasted.

 

I say we take off and nuke the entire site from orbit. It's the only way to be sure. - Ripley

 

I'm not a fan of cleaning.  As I stated previously once a machine has been compromised you can no longer trust anything about it.  First infection I back up data and reload. Second infection Darik's Boot and Nuke, reload, no data restore.



#3 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 24 June 2014 - 11:01 AM

I was thinking of dban, got it on a cd-r right now just in case. But i only got one more rearm for my windows installation so thats a last option. The way you answered makes sense though, monitoring the clipboard or keyboard buffer or both. I don't understand though how a system could forever be compromised once the infection has been cleaned.  



#4 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 24 June 2014 - 11:15 AM

Hey hold up. If i use a browser based manager it wouldn't go to the clikpboard but straight from the extension to the form. Is this correct?



#5 Kilroy

Kilroy

  • BC Advisor
  • 3,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:33 AM

Posted 24 June 2014 - 11:30 AM

How the information gets from the password manager to the input box will vary by software.  Storing the information in the keyboard buffer and clipboard are two possible methods.



#6 Balala

Balala

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 24 June 2014 - 08:00 PM

 Recently i've gotten myself into some kind of backdoor exploit problem. I use a password manager and am wondering if a keylogger can pickup the auto entries. I know almost anything is possible and no one knows everything, but am wondering what the consensus is on this. Of course the consensus is also : change all your passwords. But i can't safely do that untill I know my laptop is clear, so I am wondering about my current exposure. 

Nope, keylogger can only record typed keystrokes.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:33 AM

Posted 25 June 2014 - 05:24 AM

I don't understand though how a system could forever be compromised once the infection has been cleaned.


There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with backdoor Trojans, Remote Access Trojans, Botnets, IRCBots and rootkits. These types of infections are dangerous because they not only compromise system integrity, they have the ability to download even more malicious files. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

Security vendors that claim to be able to remove rootkits and backdoor Trojans cannot guarantee that all traces of the malware will be removed as they may not find all the remnants or correct all the damage. This means infections will vary and some will cause more harm to your system than others.

Many experts in the security community believe that once infected with such malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Kilroy

Kilroy

  • BC Advisor
  • 3,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:33 AM

Posted 25 June 2014 - 02:54 PM

Nope, keylogger can only record typed keystrokes. - Balala

 

Unfortunately that is not correct.  If is only correct in the very strictest sense of what a keylogger is, please read specifically the software methods.


Edited by Kilroy, 25 June 2014 - 02:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users