Had a great email thread today at work about keyloggers and the last 24hours has had a massive surge in new delivery methods. I've personally seen and captured old Gumblar infectors now delivering keyloggers for games instead of just their usual botnet drops.

The most fun delivery method we've seen is a vulnerability in QuickTime's MS DirectShow implementation (CVE-2009-1537). Bundle that with Xvid having a bug that could be used against users (http://www.xvid.org/)


Basic version, update your PDF reader, all of them I've seen have various ways of being exploited. Update xvid and update your Windows for the DirectShow bug.

Not much AV coverage for the keylogger though. :(

Update your stuff and watch out for .PDF files and .SWF files from suspect sites.

hmm interesting info.

i thought keyloggers all came from wow forums

and guitars

i thought keyloggers all came from wow forums

You'd be wrong.

Usually cross site scripting exploits inside adverts on totally legit sites.

whoa whoa whoa WHOA

stop the f***ing presses.

did obes just get trolled?

Back in the day my gunbound account got keylogged.. :< (used to play at infernolan).

Bumping this.

Avertlabs did some research on some of the new keyloggers out there and its packed with comedy gold. 2 different keyloggers seen in the wild at present have changed their return delivery method from email to SQL directly to a DB in brazil/china. Stupid malware coders left the credentials to post into the DB in the code.

http://www.avertlabs.com/research/blog/index.php/2009/06/22/more-password-theft-shenanigans/

lol

You'd be wrong.

Usually cross site scripting exploits inside adverts on totally legit sites.

Nice straight-faced, pretentious reply to a joke bro.

haha reload