Protecting yourself from keyloggers and RATS

I am writing this guide to try and keep people safe from these types of exploits, to some this might be common sense but its a common problem and so clearly to some it is not. I am going to break this down into sections.

1. What are and how do keyloggers and RATS work?
RATS (Remote Administration Tools) effectivly allow someone else control over your computer, along with keyloggers they are generally disguised within other files which are passed off to be genuine. When executed unknown to the user they plant files on the system which either then report back to a server what the user is doing or allow control, depending on the code.

2. So how can you stop them?

Common Sense
Where possible only download files from trusted sources, don't visit sites where you are not sure what they contain, never execute a file when you do not know its origin. Trust few. If you have to then execute programs you are unsure of in a virtual machine.

Anti Virus
Everyone should have it anyway but what you use is also an important factor, if you are going for paid software Kaspersky is generally regarded as the best, if you don't want to pay then Avira is one of the better free solutions.

Anti Malware
Anti virus programs do not focus on malware which keyloggers and the like come under, paid anti virus products will generally have this so if you have it included then great! If not this is your next step.. I personally use Malwarebytes' Anti-Malware and have had good results but use whatever you think is best.

Firewall
Again if you have a paid solution this probably is contained, if not I use COMODO, there are plenty out there and if you read reviews you can pick what you want. These moniter incoming and outgoing connections to your computer, therefore you can moniter and have blocked any transmissions between such programs.

Brands
Brands DO matter, one program is not the same as the other.. Norton and AVG might be popular but frankly they are shit and don't pick up some things, I will update with a list of what are generally seen as strong ones when it's not 4am.

Update, Scan and monitor reguarly
The programs are useless if you don not use them properly, keep their databases updated and scan often, most have automatic guards which will alert you to a problem when it is first bought onto your computer but doing
a complete system scan every week using both anti virus and malware is recomended.

So yeah, I think thats everything covered... If people have suggestions to add then feel free to post.. when it's not 4am I will edit this to make it better

 

Common sense but people don't seem to have that now a days.

Thanks.

 

A nice guide for the new members to understand, well done.

However, you've posted it in the wrong section. I've reported it to be moved and it should be done as soon as a Moderator see's it.

Other than that, try using another layout. Or possibly posting some pictures to make it look nicer? Different thread title/text colours also make the guide more effective.

 

Yet people who do RAT's and Keyloggers often, can easily get passed everything you posted.

Easy ways to get FUD nowadays.

 

Thanks, I will do soon

Which is why you should still open anything you are unsure about in a virtual machine?

 

FUD RAT's are called that for a reason.

Fully Undetectable.

 

my guide on how to not get hacked
Dont download anything that isnt trusted
the end

 

Considering you can open a java app, or a .jpg file and be infected.

Harder then it sounds.

 

Aldo making a restore point before downloading anything remoting suspisous or that you do not trust.

 

Only disagree with one bit, Norton 360 is actually doing very well these days, being one of the top AVs in detection and removal.

 

Honestly I'd go with blink personal security. Only av out there that actually spends time working on *.dll hijacking. If I was building a RAT, I'd definitly go with *.dll hijacking to make it's build environment sane. Kill off the AVs or at least squeeze room in there for a few extra processes.

Google eEye, it won't take you very long before you're interested in their product. It's dirt cheap, been using it for 6 years, never had a virus. They have a 1 month full evaluation trial. (After a month I'm sure you'd be willing to fork over 15$ / year)

Hey, at least they'll back up their product with a $1,000,000 guarantee your system will remain unscathed.

Edit::

keyloggers // rats are far, far, farrrrrrrrrr away from being an 'exploit'.

 

Can't open a *.jpg file and get infected... you could use a wrapper and bind the file, but it must be executed as the bound file inside, and it's completely sterile. Now if the image was a *.wmf that would be a different story, but keeping your system updated often solves that issue.

The concern would be a self extracting archive that would automatically begin installing the files once you opened it up with winrar. Anyway, there's alot of neat things you can do with images, however; running a script through one is impossible unless you decided to open all *.jpg files as executables. The dlinks that handle the imaging format wouldn't be able to handle the requests. On vista it would definitly cause problems, usually in the form of an ugly blue screen and a reboot. 7 and XP are stable enough that you'd probably get 'unsupported media' or some other crap excuse as ot why the image won't load.

One thing to watch out for is file.jpg____(many spaces)______________.exe

Where there are so many spaces between '.jpg' and '.exe' it get's shortened down to only 'file.jpg' and you'd never notice the spaces.

Regards, 1ce

 

You must understand that RATs and Keyloggers can be "attached" to virtually any program. For instance, someone can link you to something that you are looking to download, you run it and it works fine, however, you are completely unaware that you have just been infected. A simple solution to this is to scan all files BEFORE you download them. NEVER download .exe files from anyone you don't trust. I also suggest using McAfee antivirus, there is a yearly fee but it works much better then regular anti-viruses and its virus database is constantly updated.

 

You must understand I get paid real life monies to develop my own 'RATs' (here we call them rootkits) and defeat antivirus systems. *.jpg files are safe, the only thing to be concerned about is them attempting to hide the extension by adding a plethora of spaces.