Mike:

More to make the post complete with all available attack vectors that could be deployed to install a keylogger on Linux (MAC and Windows):

On Thu, Jun 30, 2011 at 2:09 PM, mike enriquez <mylinux@cox.net> wrote:
On 06/30/2011 06:55 AM, Lisa Kachold wrote:
Hi Mike!

On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez <mylinux@cox.net> wrote:
Does anyone on the List know if Key Loggers are a problem in Linux?
I don't know a thing about them.  My windows computers get the things all the time.
Do I need to worry about them in Linux.
Thanks for any comments.
 
Unlike Windows, where the attack vector is mainly virus from file transfers, in Linux (and Mac) the attack vector is going to be browser based.

So if you don't limit javascript trust, you can fall victim to any manner of installations, ssh, or infestations from browser based attacks like BEef.  This tool will provide a triangulated Host --> Website --> YourBrowser attack similar to XSS scripting browser attacks, that opens your entire linux (or Mac) system to full control via the Browser (Opera/FireFox/etc).  A keylogger like the one referenced by Sam would trivially be installed without your immediate knowledge. 

Of course if you do not properly firewall your home network, have a "cable modem" that is subject to hacked firmware, or take your laptop to public venues without a proper analysis of open ports or iptables, you can always pick up a "hitcher", who could install a key logger or other hack.

Various hardware hacks also exist, similar to tiny USB devices that can be setup on your keyboard or monitor between connections, which are commonly used by IT managers in NOCs and Operations Centers (where oblivious Operations and Systems staff continue to surf Facebook rather than actually work).

Regularly reading the logs, setting up reporting devices that inform of new files or packages and of course watching packet traffic by port on a regular basis will assist you to identify keyloggers, as well as BEef and XSS browser hacks, since you will clearly see a great deal of nepharious traffic.

Of course if you allow 3rd Party Cookies and don't control Javascript, you are just laying on a large number of "adware" and other installations that create traffic.  Be sure you use NoScript or another Javascript trust control plugin at the browser level.

It is recommended that ANY systems user always have a fairly realistic understanding of network trust, packet ports and "regular traffic".  

Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE YOU GOOGLE, every place you visit can trivially be cross referenced from other sites for which you authenticate to provide AT A GLANCE NSA and DHS data that will provide a complete profile.  This includes CHAT LOGS, Warez sites, TORRENT, and porn sites.
The false sense of security that you can use a Anonymizer or browser Proxy site, while it will allow you get to FaceBook from work, will not protect you from large scale data taps at the level of Akamai Caching and Cable/Telecom providers which can be configured to hit any number of parameters for which the feds are interested.
 
Also, if you download FULL email messages, including PDF attachments, (which you open without updating your Adobe Browser Plugin or other applications for all known exploits) and JPEGs (executable files which I can trivially [bind to an .exe file for Win7 powershell fun] or include Unicode UTF or BOM characters that can and will setup cron jobs (to open a reverse ssh session to my hacked server at a certain time of night for instance) or wget a keylogger [since this is the subject we are discussing here in this PLUG post] when "opened") you are opening new attack vectors for Linux (or even specifically addressed to you by an associate)  [an excellent reason to obfuscate your "real identity" at 2600 Club meetings....].

References:

http://xahlee.org/comp/unicode_BOM_byte_orde_mark.html
http://www.hackingethics.com/blog/2008/07/22/how-to-convert-exe-files-to-jpg/
http://justhackitnow.blogspot.com/2011/02/hide-multiple-files-into-single-jpg.html
http://www.dirtyservices.com/2010/how-to-create-adobe-acrobat-pdf-exploit-trojan/

Mike Enriquez
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice


HomeSmartInternational.com


Thank you Lisa,
I love this group.
Every time I ask a question I get an education.
Take Care.
Mike














--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice


HomeSmartInternational.com