How to detect Keylogger

Printable View

October 19th, 2004, 03:31 PM
ClickHere2Surf.com

How to detect Keylogger

I've got a fake ebay message in plain text format with a link to ebay france, I did click the link because it is a valid ebay link (unless ebay.fr is a fake ebay site, I highly doubt it). Anyway I forwarded the email to ebay and they said it appeared to contain a keylogger virus.

There were no attachments at all, plus if there was outlook would have blocked it, and the email was in plain text (so no scripts, which also would have been blocked anyway).

I updated an ran PC-Cillin and Ad Aware and none found anything.

I'm worried about typing in my paypal password now to check my account, is it possible I do have a keylogger as ebay said?

Should I check paypal from my pocket pc instead?

Thanks
October 19th, 2004, 04:29 PM
imaeditedbysowulo

I don't think it's possible that you have a keylogger. Aside from looking at your running processes and not having anything suspicious, any decent spyware prog would have found a keylogger.

Maybe you got a standard form email reply from ebay?

I wouldn't worry about entering your paypal password from your PC. As long as you are entering it into the paypal site and not some knockoff wannabe impersonator's fake paypal site, you shouldn't have a problem.
October 19th, 2004, 05:19 PM
craigmodius

never, never, never, never, never...

click a link in an email. especially in one you didn't ask for, didn't expect etc.

here is a site that gives you a good reason why.

There is a flaw in the way that Internet Explorer displays URLs in the address bar.
By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current

though I think M$ has patched this recently.

and it should be noted that Firefox does not contain that vulnerability. :p :)
October 19th, 2004, 05:27 PM
ClickHere2Surf.com

As I said, it was a valid link, I was aware of that @ flaw in IE, but this was a plain text email and it was a valid link to ebay, I never do click a link in an email without checking the source code first, and since this was a plain text email there was no source code and it was a valid link.

Unless someone can tell me if an HTML email can make itself appear as plain text but I dont think this is posibble. There was no source code and the text behaved like plain text (I could put a flashing cursor in it by clicking on text, html wont allow you to do that).