Does your anti-virus detect old keyloggers?
I was playing around with the Tiny keylogger 2.0 last night, this is a keylogger written by Tony Segreto. Compare to other hostile malwares that come thru ISC, the intention and purpose of this keylogger is very clear and it didn't seem to trigger download of other malware. The special thing about this keylogger? It can be downloaded from download.com.
As I was playing, I noticed this keylogger didn't trigger any sort of AV alerts, not exactly what I would expect from a known keylogger. I would personally like my AV to tell me about the existence of a keylogger file on my computer even though this keylogger might not have the most advanced features to semi-automatically getting itself installed on my box.
While it is fair that AV companies need time to come up with signature and defenses for the latest malware coming up the horizon, this keylogger has been sitting on download.com for years (file date shows Aug 2005), maybe the AV engine somehow forgotten about it? What really worries me is when I do a search on download.com for "keylogger", there're 248 hits, makes me wonder how many of those keyloggers are caught by different anti-virus and anti-apyware engines.
The overall coverage by AV vendors on this specific keylogger is very low. Here is the output of Virustotal.
| File tkey.exe received on 02.06.2008 15:44:10 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.2.6.10 | 2008.02.05 | - |
| AntiVir | 7.6.0.62 | 2008.02.06 | - |
| Authentium | 4.93.8 | 2008.02.05 | - |
| Avast | 4.7.1098.0 | 2008.02.05 | - |
| AVG | 7.5.0.516 | 2008.02.06 | - |
| BitDefender | 7.2 | 2008.02.06 | - |
| CAT-QuickHeal | 9.00 | 2008.02.04 | - |
| ClamAV | 0.92 | 2008.02.06 | - |
| DrWeb | 4.44.0.09170 | 2008.02.06 | - |
| eSafe | 7.0.15.0 | 2008.01.28 | Spyware.Gen |
| eTrust-Vet | 31.3.5512 | 2008.02.05 | - |
| Ewido | 4.0 | 2008.02.06 | - |
| FileAdvisor | 1 | 2008.02.06 | - |
| Fortinet | 3.14.0.0 | 2008.02.06 | - |
| F-Prot | 4.4.2.54 | 2008.02.05 | - |
| F-Secure | 6.70.13260.0 | 2008.02.06 | - |
| Ikarus | T3.1.1.20 | 2008.02.06 | - |
| Kaspersky | 7.0.0.125 | 2008.02.06 | - |
| McAfee | 5223 | 2008.02.05 | - |
| Microsoft | 1.3204 | 2008.02.05 | - |
| NOD32v2 | 2853 | 2008.02.06 | - |
| Norman | 5.80.02 | 2008.02.06 | - |
| Panda | 9.0.0.4 | 2008.02.05 | - |
| Prevx1 | V2 | 2008.02.06 | - |
| Rising | 20.29.22.00 | 2008.01.30 | - |
| Sophos | 4.26.0 | 2008.02.06 | - |
| Sunbelt | 2.2.907.0 | 2008.02.05 | Tiny KeyLogger (Segreto) |
| Symantec | 10 | 2008.02.06 | Spyware.TinyKeylogger |
| TheHacker | 6.2.9.210 | 2008.02.06 | - |
| VBA32 | 3.12.6.0 | 2008.02.05 | - |
| VirusBuster | 4.3.26:9 | 2008.02.05 | - |
| Webwasher-Gateway | 6.6.2 | 2008.02.06 | Riskware.KeyLogger.AS |
------------------------------
Jason Lam
| Application Security: Securing Web Apps, APIs, and Microservices | San Francisco | Nov 18th - Nov 23rd 2024 |
Comments
dlynch
Feb 6th 2008
1 decade ago