Do You Trust Your Internet Shop..

[RDN]

Is it possible to determine whether your local Internet shop has installed "keyboard logging" software? Does anyone know what to look for?

Do you do your Internet banking at an Internet shop?

[Phil Conners]

No, I would NEVER use a public PC for anything sensitive like this. Never!

Even if the shop is honest enough there are so many virii in circulation, some of which you can get just from browsing a website. Even if they seem to have virus software installed you don't know when it was last updated and run - or indeed if it is not just another virus pretending to be anti-virus.

[caughtintheact]

No, I would NEVER use a public PC for anything sensitive like this. Never!

Absolutely correct!. Given the variety of people who use public PCs, the odds of any given PC having spyware of some kind is about 100:1, and in many kinds including keyloggers. And since you are not likely to be allowed to make changes to the PCs, just assume that every possible kind of spyware is already on every machine. You could always ask the shop if they periodically use anti-spyware, but I wouldn't trust the answer, and they have no control over the last few users.

To determine which spyware programs are on the PC you would have to install and run some anti-spyware programs...a bunch of them, since none of them catch everything....and you would not have to get the shop's permission, which I doubt they are very unlikely to give you.

So never use a public PC for anything sensitive as madsere says above. If you have an emergency, and absolutely MUST access your bank account immediately and cannot find a private computer, then as soon as possible after accessing your account on a private computer, get to a private computer and change your password, and hope and pray you are not too late.

[bartender100]

I have mentioned this before on here,one thing you can do is press ctrl/alt/l,which would open "keylogger",one of the most popular type.

Also if I have gone to personal sites I alway clear out the temp files and history,even on a public pc this is easy to do.

But all banking sites have there own tight security and are virtually never broken into in this way.

The most common way is to give your info way in an unsolicited e-mail,which all banks warn you about.

Does this make sense its very late.

[caughtintheact]

one thing you can do is press ctrl/alt/l,which would open "keylogger",one of the most popular type.

A good tip, but not good advice. If you look at PestPatrol Keylogger List

you will find 100-200 keyloggers. Some of them use configurable hotkeys, and if you find one using ctrl/alt/l, how can you be sure that there are not 5 others on the PC that use different hotkeys?

But all banking sites have there own tight security and are virtually never broken into in this way.

If there is a keylogger on the PC and you type in your user ID and [assword for a banking site do you really think that the person who installed the keylogger cannot access your banking account? Can you be sure that there is no other trojan in the PC? All the bank's security measures are useless if someone can get your security information. Bank accounts should never be accessed on a public computer. Clearing the history and temp files will only prevent the next user of the PC from seeing what you have done, unless that next person is the one who installed the keylogger, and they can have the information sent to them anytime and don't need to be anywhere the machine.

[paulfr]

I certainly agree ..... never use an Internet Cafe to do

banking communication.

But ......

If you do not have BillPay at that bank AND it cannot be

established without you knowing via a confirming email,

there is little a thief can do but see your account balance.

It is only if he can take money out that will hurt you.

This assumes all he knows is your ID and PW.

If he has your other info, like Mother's Maiden name,

pet name, Social Secuity No, etc; then he can do

all sorts of things with a phone call to the bank

But just viewing your account balance and transactions

probably won't hurt too much.

Bottom Line; get a pc or laptop and connect at home.

[Firefoxx]

A few years before, keyboard logging was not all that rampant. However, with the advent of online gaming, there are fewer and fewer shops that DON'T have keyboard logging. It's become THE major route for online gamers to get hacked.

Bottom line: be very very careful.

[Phil Conners]

Paulfr, what on earth are you on about? All online banks I know of allow you to make direct transfers out of the account as long as you know the username password.

[Digger]

Paulfr, what on earth are you on about? All online banks I know of allow you to make direct transfers out of the account as long as you know the username password.

Bangkok Bank does not let you make transfers unless you have been to your branch and registered the said account, provided copy of ID/passport etc unless its for a regular payment such as paying a supplier eg UBC, car lease, credit card bill etc but they have to be on their list of suppliers. The biggest risk from BKK Bank is that something keeps loading up their one to call card from your account.

[konangrit]

I don't know if this applies to every on-line bank account, but mine has a very simple way of stopping people accessing your account even with the Password and user name. It also has a memorable information which needs to be filled in. However it only asks for 3 random letters or numbers from it. For example if your memorable information was 4thjulyindependanceday and it asked you for 1,8,15 you would enter 4id as they are the 1st 8yh and 15th characters in your memorable information. If a keylogger recorded this it would be useless as the numbers will be different next time you log on.

I guess all banks have something similar to this, otherwise this type of fraud would be rife.

[Danbkk]

I've just had an idea that may help

1. open notepad

2. type 0123456789

3. use the mouse to cut and paste the individual numbers that make up your credit card no. / password into the required field.

I'm 99% sure that this should get round any key logging. I hope so cos I'm off to Australia tomorrow and will have to use internet cafe's while I'm out there to book accomodation etc.

DanBkk

[RDN]

I don't know if this applies to every on-line bank account, but mine has a very simple way of stopping people accessing your account even with the Password and user name. It also has a memorable information which needs to be filled in. However it only asks for 3 random letters or numbers from it. For example if your memorable information was 4thjulyindependanceday and it asked you for 1,8,15 you would enter 4id as they are the 1st 8yh and 15th characters in your memorable information. If a keylogger recorded this it would be useless as the numbers will be different next time you log on.

I guess all banks have something similar to this, otherwise this type of fraud would be rife.

My two banks in the UK have this method, but Krung Thai ask for the username and complete password on the same page - so keyloggers could see everything. But I don't know what someone could do once they were logged in. I don't think Krung Thai allows money transfers to other bank accounts or bill payments unless you set them up at the branch.

I've just had an idea that may help

1. open notepad

2. type 0123456789

3. use the mouse to cut and paste the individual numbers that make up your credit card no. / password into the required field.

I'm 99% sure that this should get round any key logging. I hope so cos I'm off to Australia tomorrow and will have to use internet cafe's while I'm out there to book accomodation etc.

DanBkk

Brilliant idea!

[bartender100]

caughtintheact

I have never had a problem,my bank asks for 3 random numbers from a set,and 3 randon characters from my password,even if a keylogger is installed it cannot repeat.

[RDN]

I have never had a problem,my bank asks for 3 random numbers from a set,and 3 randon characters from my password,even if a keylogger is installed it cannot repeat.

Is that a Thai bank? If so, which one?

[Darknight]

bank accounts using the net should only be protected by or

an encryption key.

A digipass generating a login through an encrypted algorithem.

If you have any other, get a new bank.

[Darknight]

I've just had an idea that may help

1. open notepad

2. type 0123456789

3. use the mouse to cut and paste the individual numbers that make up your credit card no. / password into the required field.

I'm 99% sure that this should get round any key logging. I hope so cos I'm off to Australia tomorrow and will have to use internet cafe's while I'm out there to book accomodation etc.

DanBkk

no use , same same problem

[francois]

hi'

Brilliant idea!

not this much ... any keylogger a bit reliable can see and clear any "logical suite of numbers" ... before or after a suite of numbers or characters that log a pass or a card number, take a look at your credit card, the numbers are in groups,

and this is easy to seperate from other dumb numbers !

sorry, but it's a simple fact.

nice effort, but a bit useless

just be very careful and do it from your home, and don't forget to check your system often.

francois

[kenk3z]

Generally the hackers are realizing the easiest way to a sure payoff is to attack the end user that is accessing their financial information - BEFORE the data stream leaves the PC and is encrypted. So, they are trying to install keyloggers and trackers on your system to grab this information and send it back to them across the Internet.

This can be done with malicious Java code, because the security in Java just isn't tight enough to prevent it. You surf to the wrong web site without adequate protection, BAM, you've got a key logger. I got one myself not long ago. It actually was able to install its own DLL file which can proceed to watch everything else on the PC (potentially).

I found it only because they got greedy and also took over my search engine settings. This caused me to go to DOS and issue the "netstat" command to see what I was connected to. Unfortunately I was maintaining a constant connection back to some unknown place - Russian?

This also was not something that was flagged by SpyBot or McAfee Anti-Virus.

So for my part it seems that there is little true safety in Internet computing unless you only visit trusted sites, and turn OFF Java/ASP, etc whenever not doing trusted business. Even then who's to say its a continued uncontaminated computer with use?

Now, some of these PC software firewall products, like Zone Alarm, do have the ability to closely regulate what data can escape the PC. You get a warning any time a process tries to access the Internet. So that's a (free) product that can help you keep control.

Those public Internet terminals should really only be used for getting the news, sports scores, and maybe E-Mail. And after the E-Mail you change the password when you can.

kenk3z

[paulfr]

Paulfr, what on earth are you on about? All online banks I know of allow you to make direct transfers out of the account as long as you know the username password.

Direct transfer to where ??

How does the bank know who you (the thief) want to

send the money to ??

If you are correct, this is new to me.

We are talking about an online transaction.

I have never heard of writing a check online.

Only making a payment to someone on your BillPay

list is possible. But more dangerous is the ability to

create a new payee (ie the thief's own account) and make

a payment to that payee.

Like I said, if you don't have BillPay established, then money

cannot leave your account.

This is my experience with USA banks.

Other countres/banks are different ??

[Danbkk]

not this much ... any keylogger a bit reliable can see and clear any "logical suite of numbers"

Not sure if you understood my post. The only suite of numbers it would see would be 0123456789, you would then cut and past individually (Using the mouse)the 12 numbers that make up your credit card eg 4563776590092342 using the 10 digits you had typed into notpad. (you would effectively be 12 separate 1 digit cut and pastes to make up a credit card number).

Off to Oz now so you'll have to argue this one out amongst yourselves.

DanBkk

[bartender100]

I think this might have been mentioned on this forum,but not sure were I got it ,but I found this spy software picking up things othwers did not.

Bazooka spyware

[RDN]

I've just had an idea that may help

1. open notepad

2. type 0123456789

3. use the mouse to cut and paste the individual numbers that make up your credit card no. / password into the required field.

I'm 99% sure that this should get round any key logging. I hope so cos I'm off to Australia tomorrow and will have to use internet cafe's while I'm out there to book accomodation etc.

DanBkk

no use , same same problem

Well, I've just tried logging in using Danbbk's trick and "Keyboard Logger Pro" does not log characters that are cut and paste using the mouse - it just logs key strokes.

Maybe other loggers are more clever .

So if you have to do private stuff in an internet shop, this trick may help. But change your password ASAP on your own PC.

Anyway, I just changed all my passwords, just in case....

Just thought of something - is there a website you can go to that will diagnose (by inspecting the PC you are using) whether or not key logging software is installed?

Edited July 6, 2004 by RDN

[Danbkk]

Glad to hear it works OK. Just had another idea for credit card numbers or numeric passwords - Open calculator and use the mouse to click the numbers in then cut and paste. RDN maybe you could test this with keylogger

Cheers

Danbkk

[RDN]

Glad to hear it works OK. Just had another idea for credit card numbers or numeric passwords - Open calculator and use the mouse to click the numbers in then cut and paste. RDN maybe you could test this with keylogger

Cheers

Danbkk

I did two tests: first, I entered all but the last two digits of a password into "Calculator" and copied the number into my Krung Thai bank password box. Then I typed - using the keyboard- the last two digits. I got logged in OK. I checked the Keyboard logger log file and only the last two digits were logged.

The second test was to type a number into "Calculator" using the mouse and using the keyboard. Only the digits enterd using the keyboard were logged.

So, again, provided the logging software only logs key strokes, it will not see your password. Nice one, Dan.

Anyone know of logging software that can detect what your mouse is doing?

[stumonster]

Anyone know of logging software that can detect what your mouse is doing?

I may be being a bit extreme but software that provides remote desktops can allow your desktop to be monitored from another machine which will let someone to see whatever you are doing .

eg. most microsoft machines have netmeeting installed and if it was set to run at startup and configured correctly somone could look at what you are doing.

[RDN]

Anyone know of logging software that can detect what your mouse is doing?

I may be being a bit extreme but software that provides remote desktops can allow your desktop to be monitored from another machine which will let someone to see whatever you are doing .

eg. most microsoft machines have netmeeting installed and if it was set to run at startup and configured correctly somone could look at what you are doing.

I guess a computer is a computer - it can do anything you can program it to do. One bank account I have in England requires me to enter my account number and specific letters from my password and specific digits from my pin number. The other account requires the complete account number, complete password and specific numbers from my pin. The latter bank actually says to use the mouse to select the digits from a drop down menu.

But good old Krung Thai wants the username and complete password on the same page, so is perfect for keyloggers. However, once into the account, there is not much you can do except look how much money I have. There is no facility that I have arranged to allow payments or transfers to other people.

But I would like to know if there is a web site where you can get your PC (that is, the one you are using at an internet shop) checked for looging/monitoring software, before you start using it.

[cobra]

Good advice,

I never use a public PC for anything commercial, even data miners that are launched from the registry can harvest addresses while accessing junk email accounts, (Hotmail, Yahoo,), which just adds to the spam load ... Cafes are good for reading headlines from your favorite newspaper(s) and checking the weather, that's about it,

[sun_sailor]

I returned to an internet cafe 10 min after I left,

to look for lost sunglasses, and I saw a Thai guy looking through

my mail....seems he just looked at the "history" and there was

my yahoo mail, I told him to stop , and at first he just ignored me...

, then reluctantly closed it...

[Thaiquila]

On the idea of copying and pasting from Wordpad, does anyone know if there is any keylogger that records information in the copy-paste buffer; in other words not typed in?

If this kind of keylogger does not exist, why not? Is there any technical reason that it could not be developed?

Also, it is my understanding there are indeed viruses that install programs that record the screenshots of everthing that happens during a computing session, and then send to a remote site. Does anyone know how common this is?

Clearly, even if keyloggers don't track info in the copy-paste buffer, if a screen shot program was installed, using the copy paste from a Wordpad file would be useless because there would be a screenshot record of all actions onscreen.

It seems to me there are lots of people who are in a position where they do need to do secure transactions from internet cafes. This is obviously not desirable, but it is a reality.

[traveller_p]

konangrit

this is good but some banks still do not have this believe it or not, namley halifax

danbkk

something i would do to get around local keylogging but there is also soemthing called arp sniffing , this sniffs username and passwords on web site forms even via ssl connections relatively easily on a hubbed network, admittedly on a switched network its harder but can still be done (if you ever log on somewhere in an internet cafe or not your private pc via SSL and a certificate pops up READ IT CAREFULY)

some one could easily be in the back on the network with this setup...who knows

but it also wouldnt surprise me if they have clipboard loggers to :-/