S
Star515
Guest
I have been working on a security suite for windows which intends to provide protection from three types of specific malwares:-
Keyloggers: I have already found a way to beat keyloggers from nullyfing it MAJOR effect which is getting the passwords itself. Trying to completely stop it, but so far beating them at getting the password is good enough. A question on this topic: Is there a way to created an encrypted textbox in vb.net?
Stealers: I was able to build a recovery tool for the retrieving the password list of the following apps:-
Been working on firefox, opera, ie, wlm etc. I am sure all of them are possible. For few of them I am using decrypters to fetch the password in clear text since most of them are encrypted.
Now that is a good news that after the recent updates of these softwares most of them have encrypted the passwords while storing them. But they use public encryption methods like hex2ascii, hex2byte, aes etc. So a smart stealer with decyrption modules will be able to get these passwords too.
I have been trying to way to lock the files where these softwares store their files and can be only made to access once a password is being typed. But after reading numerous article I found that there is NO WAY in vb.net to do this.
So far this is what I have been doing. My protection suite startup in windows and is minimized and runs this line of code:
Dim FileSt As FileStream = New FileStream("C:\Users\Admin\AppData\Roaming\FileZilla\sitemanager.xml", FileMode.Create, FileAccess.Write, FileShare.Write)
So my application will be using the file before any other process does. So if you goto filezilla in the above example the saved passwords cant be retrieved because the file is in use by another process(which is my application). This way even if the stealers are infected they wouldnt be able to retrieve the password. But i still have to find a better way to do this.
I dont know how to remove the file from the file stream so that is accessible again for filezilla. For example if a password is typed in the filestream is cleared.
3) RATs: Still working on them. My best guess was to create a TCP-UDP port blocking system. So I would be able to define which ports should be blocked. Another way would be to use a packet sniffer to check if any data packet contains sensitive information and if it contains check the process which sent it and kill it. I dont know if it can be done. Will keep trying to find a way.
Anyways any inputs or pointers will be highly valuable to me.
Continue reading...
- Keyloggers.
- Stealers.
- RATs.
Keyloggers: I have already found a way to beat keyloggers from nullyfing it MAJOR effect which is getting the passwords itself. Trying to completely stop it, but so far beating them at getting the password is good enough. A question on this topic: Is there a way to created an encrypted textbox in vb.net?
Stealers: I was able to build a recovery tool for the retrieving the password list of the following apps:-
- Chrome - supports till the latest update Version 28.0.1500.72 m
- FileZilla - supports till the latest update 3.7.1.
- Nimbuzz - supports till the latest version 2.5.2.
- SmartFTP - suppports till the latest version 4.1.1330.0.
- FlashFXP - supports till latest version 4.4.0
- CoreFTP - supports till latest version 4.4.0
Been working on firefox, opera, ie, wlm etc. I am sure all of them are possible. For few of them I am using decrypters to fetch the password in clear text since most of them are encrypted.
Now that is a good news that after the recent updates of these softwares most of them have encrypted the passwords while storing them. But they use public encryption methods like hex2ascii, hex2byte, aes etc. So a smart stealer with decyrption modules will be able to get these passwords too.
I have been trying to way to lock the files where these softwares store their files and can be only made to access once a password is being typed. But after reading numerous article I found that there is NO WAY in vb.net to do this.
So far this is what I have been doing. My protection suite startup in windows and is minimized and runs this line of code:
Dim FileSt As FileStream = New FileStream("C:\Users\Admin\AppData\Roaming\FileZilla\sitemanager.xml", FileMode.Create, FileAccess.Write, FileShare.Write)
So my application will be using the file before any other process does. So if you goto filezilla in the above example the saved passwords cant be retrieved because the file is in use by another process(which is my application). This way even if the stealers are infected they wouldnt be able to retrieve the password. But i still have to find a better way to do this.
I dont know how to remove the file from the file stream so that is accessible again for filezilla. For example if a password is typed in the filestream is cleared.
3) RATs: Still working on them. My best guess was to create a TCP-UDP port blocking system. So I would be able to define which ports should be blocked. Another way would be to use a packet sniffer to check if any data packet contains sensitive information and if it contains check the process which sent it and kill it. I dont know if it can be done. Will keep trying to find a way.
Anyways any inputs or pointers will be highly valuable to me.
Continue reading...