Author Topic: Zemana can capture keystrokes  (Read 23966 times)

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Zemana can capture keystrokes
« on: January 02, 2013, 01:07:13 PM »
on my system (win8x64), sandboxed "zemana keylogger test" can capture keystrokes. without sandboxing (when disable BB), CIS HIPS can stop it.

i disabled whitelist, checked again but same result.

i dont know why.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2221
  • Oxygen requires Chuck Norris to live
Re: Zemana can capture keystrokes
« Reply #1 on: January 02, 2013, 01:17:17 PM »
on my system (win8x64), sandboxed "zemana keylogger test" can capture keystrokes. without sandboxing (when disable BB), CIS HIPS can stop it.

i disabled whitelist, checked again but same result.

i dont know why.

Thats the reason why i am using defense+ as default deny. Without the sandbox.
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there has been no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen.
But there was no phone...."

Offline Mrarnold.

  • Comodo's Hero
  • *****
  • Posts: 699
  • R.I.P.Jay "padre" miner.Thank You For The Amiga.
Re: Zemana can capture keystrokes
« Reply #2 on: January 02, 2013, 01:20:31 PM »
is it ok to run both ???
Which is the best setting for the autosandbox.im using fully virtualized.
Thanks. 8)
Comodo Internet Security Premium 6.3,302093.2976.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #3 on: January 02, 2013, 03:17:12 PM »
Can you please test this with the Behavioral Blocker set to Restricted and see if keystrokes can still be logged?

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #4 on: January 02, 2013, 03:24:36 PM »
Quote
Can you please test this with the Behavioral Blocker set to Restricted and see if keystrokes can still be logged?

REstricted, untrusted...
still can capture.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #5 on: January 02, 2013, 03:56:45 PM »
REstricted, untrusted...
still can capture.
I'm not too worried, as at least the firewall will still prevent any information from being sent from the computer, as I describe in my article here.

However, I think that this is a problem which should be looked into.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #6 on: January 02, 2013, 04:10:03 PM »
Okay, I just configured CIS as described in my article and ran the keylogger test from this page. It wasn't even able to run.

I've attached a screenshot of what happens when I click Start. This is for Windows 7 x64.

[attachment deleted by admin]
« Last Edit: January 02, 2013, 04:17:42 PM by Chiron »

Offline Jaspion

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 287
    • Jaspion's Forum
Re: Zemana can capture keystrokes
« Reply #7 on: January 02, 2013, 04:15:22 PM »
I get the same results Chiron.
Jaspion Scripts for MyDefrag
The most powerful HDD defragmenter and optimizer is now even better and easier to use.
Visit our forum: http://jaspion.boards.net

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #8 on: January 02, 2013, 04:19:50 PM »
Quote
Okay, I just configured CIS as described in my article and ran the keylogger test from this page. It wasn't even able to run.

Wow, good for you, i am still bypassed
i think, There is a problem because Untrusted app can capture keystrokes.
And HIPS doesnt prevent any actions for sandboxed apps
i am not talking about configuration tweak.
« Last Edit: January 02, 2013, 04:26:39 PM by may-moons »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #9 on: January 02, 2013, 04:30:04 PM »
Wow, good for you, i am still bypassed
i think, There is a problem because Untrusted app can capture keystrokes.
And HIPS doesnt prevent any actions for sandboxed apps
i am not talking about configuration tweak.
My understanding about behavior such as this is that it's not a complete bypass as the firewall will still stop anything which an untrusted program tries to transmit. Thus, unless that firewall alert is also bypassed in some way there is not really a major problem.

By the way, can you please try configuring CIS on your computer as I suggest in my article and confirm that at least by doing that you can stop it from successfully logging your information?

Thanks.

Offline Mrarnold.

  • Comodo's Hero
  • *****
  • Posts: 699
  • R.I.P.Jay "padre" miner.Thank You For The Amiga.
Re: Zemana can capture keystrokes
« Reply #10 on: January 02, 2013, 04:42:56 PM »
Just ran the test myself and nothing happened.i pressed the start button then nothing.I ran it in a virtual browser.
Comodo Internet Security Premium 6.3,302093.2976.

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #11 on: January 02, 2013, 04:52:43 PM »
Quote
My understanding about behavior such as this is that it's not a complete bypass as the firewall will still stop anything which an untrusted program tries to transmit. Thus, unless that firewall alert is also bypassed in some way there is not really a major problem.

By the way, can you please try configuring CIS on your computer as I suggest in my article and confirm that at least by doing that you can stop it from successfully logging your information?

Thanks.

We dont know about firewall because test has only logging ability.
Anyway, i will check your article but i am talking about default configuration.
i know, CIS already catch it, if BB disabled.
« Last Edit: January 02, 2013, 05:10:21 PM by may-moons »

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2374
  • Comodo Commando
Re: Zemana can capture keystrokes
« Reply #12 on: January 02, 2013, 05:22:21 PM »
Right. Windows 7 64-Bit here. If I run this test with only BB on (HIPS are off) and set to 'untrusted' CIS fails to stop the keylogging. That was Chiron's configuration from his article apart from the 'untrusted' level as he is using 'limited'. Go figure ???

If I use BB 'untrusted' and HIPS are on the CIS pass the test like with Chiron. Hhhmmm. Confused.com here.
« Last Edit: January 02, 2013, 05:24:03 PM by Seany007 »
Proud Comodo User (CIS, CD, CID and CMS)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #13 on: January 02, 2013, 07:17:22 PM »
Right. Windows 7 64-Bit here. If I run this test with only BB on (HIPS are off) and set to 'untrusted' CIS fails to stop the keylogging. That was Chiron's configuration from his article apart from the 'untrusted' level as he is using 'limited'. Go figure ???

If I use BB 'untrusted' and HIPS are on the CIS pass the test like with Chiron. Hhhmmm. Confused.com here.
Actually, I now recommend at least 'Restricted'.

Okay, did you configure it exactly the way I recommended, including switching it to proactive configuration? That's what I did, including disabling the HIPS.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2221
  • Oxygen requires Chuck Norris to live
Re: Zemana can capture keystrokes
« Reply #14 on: January 02, 2013, 09:39:06 PM »
Last words before data leaked:

"I use the auto sandbox......
Going to play a game now...... Wasnt there a game mode button? ..... Ah there it is...."
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there has been no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen.
But there was no phone...."

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek