[Solved]16K Systems - Passive Keylogger

Hi All,

Comodo Firewall could not able to intercept (stop) keystroke logging done by 16k.exe

My Settings -
Comodo Fw v5.3 -
Automatically detect installers/updaters and run them outside the sandbox - Option unchecked
Automatically trust files from trusted installers - option Unchecked

  [u][b]sandbox level[/b][/u] -
                   Blocked - Fail
                   Untrusted - Fail
                   Restricted - Fail
                   Limited - Fail

Note: In all above runs, each time 16k.exe gets added to trusted files and i did make sure to remove the entry before running next time

System Config-
OS - W7 64 bit
Setup - Comodo Firewall v5.3 + Avast v5.1 + Prevx SOl

Can any one test it in W7 64 bit systems and let me know if i made sth wrong or sth from Comodo needs to be fixed.

This 16k.exe does not seems to be malicious one. It is a passive keylogger. Note from its author —

Hey Guys,

I wrote 16k in 2007. And until this post on Wilders, no one has ever heard of it. It’s a simple program. The source code is available on the website for download and has been for more than a year. It’s a proof of concept on how to write a passive keystroke logger. All of this is explained on the website. If you don’t know what a passive keystroke logger is, then read the source code.

I’m sure there are other passive keystroke loggers available (written by bad guys) that go right around AV products and intend to do harm, but 16k is not one of them.

Edit:

Here’s the source code: http://16s.us/16k/16k.cpp
Here’s who it is written by (me) : Loading...

Thanks,
Harsha.

That’s not what I’m seeing. I get “Defense+ malware heuristic analysis has detected possible malware behavior in 16k.exe”

In addition “Submit the files to COMODO for anlysis” checkbox is set. Good enough for me to stop for the moment and think if I really want to let it rip.

keystrokes logging without transmitting to the Internet is useless :slight_smile:

if comodo failed in detecting the logging operation, it will not let the application to use the internet , without the explicit permission from the user… < I think that’s good enough ;D < why ? because no harm was done 88)

Hi All,

I figured out it. We should uncheck “Automatically Scan unrecognized files in the cloud” and “Perform cloud based behavior on unrecognized files” options. Then comodo will sucesfully neutralizes them by sandboxing it.

I request mods to close this thread.

Thanks,
Harsha.

I know that its not a default setting but it is caught in paranoid mode.

Locked as requested and adapted the title.