Cybercrime-friendly community branded HTTP/SMTP based keylogger spotted in the wild

Cybercrime-friendly community branded HTTP/SMTP based keylogger spotted in the wild

by | Mar 19, 2013 | Industry Intel, Threat Lab

Reading Time: ~ 2 min.

By Dancho Danchev

Utilizing basic site ‘stickiness’ and visitor retention practices, over the years, cybercrime-friendly communities have been vigorously competing to attract, satisfy, and retain their visitors. From exclusive services available only to community members, to DIY cybercrime-friendly tools, the practice is still a common way for the community administrators to boost the underground reputation of their forum.

However, there are certain communities that will use the underground reputation of their forum to boost their sales, by releasing private DIY cybercrime-friendly tools, and promoting them under the umbrella of the community brand.

In this post, I’ll profile a HTTP/SMTP-based keylogger that’s been commercially available to members of a cybercrime-friendly community since 2011.

More details:

Sample screenshot of the HTTP/SMTP based keylogger in action:

Cybercrime_Community_Branded_HTTP_SMTP_Keylogger

Second screenshot of the HTTP/SMTP based keylogger in action:

Cybercrime_Community_Branded_HTTP_SMTP_Keylogger_01

Third screenshot of the HTTP/SMTP based keylogger in action:

Cybercrime_Community_Branded_HTTP_SMTP_Keylogger_02

Sample HTTP/SMTP based keylogger log reading utility:

Cybercrime_Community_Branded_HTTP_SMTP_Keylogger_03

Some of the key features of the keylogger include the ability to automatically copy clipboard content in the log file, log infected PC information, write a separate log for each and every process, support for all languages, anti debugging capabilities, encrypted log files, uploading logs over HTTP or sending them to the cybercriminal behind the campaign over SMTP. What’s also worth emphasizing on regarding this particular keylogger is that the DIY builder is coded for each and every customer individually in an attempt to prevent detection by the security community.

The price? 60 WMZ (WebMoney) or ~$70.00 US

Despite the OPSEC-aware coder behind the keylogger, its lack of efficiency-centered and sophisticated log parsing capabilities will definitely prevent it from becoming a major tool in the arsenal of the modern cybercriminal.

What would happen if Webroot SecureAnywhere somehow “misses” a keylogging variant? Find out by watching this informative video.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This