GEEK's Radar

Wednesday 23 October 2013

How to Use Keylogger?

Here is a detailed tutorial which contains every possible information that you need to know about using the keylogger to monitor the activities of a computer. I know most of you are new to the concept of keylogger program. For some of you, this might be the first time you’ve heard about the term “keylogger”. So, to give you a clear picture and make you understand better, I would like to take up this post in the form of FAQs (Frequently Asked Questions). Here we go:

NOTE: I highly recommend that you read this post completely, since every single piece of information is important.

1. What is a Keylogger?

A keylogger (also called as spy software) is a small program that monitors each and every keystroke a user types on a specific computer’s keyboard. A keylogger program can be installed in just a few seconds and once installed, you are only a step away from getting the target password and other sensitive data.

2. How Keylogger works?

Once the keylogger is installed on a PC, it starts operating in the background (stealth mode) and captures every keystroke of the target computer.

Let’s take up a small example: The user on the target computer goes to http://mail.yahoo.com and types his “username” and the “password” in the respective fields to login. The keylogger silently records these keystrokes and stores them in the logs. These logs when opened up shows the captured “username” and “password“. Along with this, you will also be shown that they were typed in the Yahoo login page. Thus, the keylogger loads upon every startup, runs in the background and captures each and every keystroke.

3. How to install the keylogger?

A keylogger can be installed just like any other program. Just follow the screen instructions and you’re done.

4. Do I need any special knowledge to install and use the keylogger?

Absolutely NOT! Anyone with a basic computer knowledge can install and use the keylogger. It requires no special skills.

5. Once I install the keylogger, can the victim come to know about its presence?

No. The victim will never come to know about the presence of the keylogger on his/her computer. This is because, once installed, the keylogger will run in total stealth mode. Unlike other programs, it will never show up in the start-menu, windows startup, program files, add/remove programs or the task manager. So, the victim can no way identify its presence on his/her PC.

6. Can I be traced back if I install the keylogger on some other computer?

No, it’s almost impossible to trace back to you for installing the keylogger on other’s PC.

7. Which keylogger is the best?

Today, there exists hundreds of keyloggers on the market and most of them are no more than a scam. So, I have personally tested some of the top keyloggers and conclude SniperSpy as the best one:

SniperSpy – Compatible with Windows XP/Vista/7/8 and Mac

8. How SniperSpy works?

I will try to explain the working of Sniperspy in simple steps:

After you purchase Sniperspy, you’ll be able to create the installation module using an easy set-up program. You need to email this module to the remote user as an attachment.
When the remote user runs the module it’ll get installed silently and monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continuously.
You can login to your Sniperspy account (you get this after purchase) to see the logs which contains the password.

9. I don’t have physical access to the target computer. Can I still use SniperSpy?

Yes you can! SniperSpy supports REMOTE INSTALLATION feature which allows you to remotely install the program on any PC even if you have no physical access to it. For remote installation, all you need to do is just place the module (refer FAQ-8) in a .zip/.rar file and send it as an attachment to the target email address (for which you need the password).

10. Can I install SniperSpy on a local computer?

If you need to install to your local (current) computer instead of your remote computer, then the process is simple. Simply navigate to the folder in which you saved your module ( Refer FAQ-8). Double-click the module filename to execute it. Nothing will appear on the screen but the software gets installed silently.

11. What if the antivirus prevent from sending it as an email attachment?

Instead of sending the keylogger as an email attachment, it is recommended that you place the file in .ZIP/.RAR format and upload it to www.fileden.com. After uploading, just send the direct download link (FileDen allows hotlinking) to the victim via email. Once he downloads the file from this link and run it, the keylogger will get installed automatically.

12. Why SniperSpy is the best?

SniperSpy supports REMOTE INSTALLATION feature. This feature is not present on most of the keylogger programs.
SniperSpy is fully compatible with Windows 2000/XP/Vista/7/8 and also Mac.
SniperSpy can bypass any Firewall.
SniperSpy is more reliable than any other keylogger program. You need not rely on your email account to receive the logs. Instead, you can just log in to your online SniperSpy account to receive the logs.
SniperSpy captures full-size screenshots of the activities on the target PC.
Records BOTH sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.
SniperSpy is more easy to install and requires no extra knowledge.
SniperSpy is recognized by BBC, CNN, CBS and other news networks. Hence, it is reputed and trustworthy.

13. How safe is to use SniperSpy?

Sniperspy is completely safe to use since all the customer databases remain confidential and private. SniperSpy do not collect any information from your system other than the information required for the product’s successful operation. They will not contact you in any way unless you request assistance.

14. Is my online order Safe and Secure?

Absolutely Yes! All the e-commerce transactions for SniperSpy is handled by Plimus – they are a trusted online retailer specializing in digitally delivered products. All your information remains private and secure. The safety and protection of your personal information is 100% guaranteed. So, you can place your order for SniperSpy with no worries of scam!

SniperSpy is completely reliable, safe and the best keylogger out there. It is really worth the price that you pay for it. I promise that you cannot get a better keylogger than this. So, what are you waiting for? Go grab SniperSpy now and expose the truth!

By: Unknown On 9:20 pm

How to Identify and Avoid Phishing Scams?

Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworthy person or organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victim and hence, phishing can be very effective.

With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.

Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips toidentify various phishing techniques and stay away from it:

Identifying a Phishing Scam:

Beware of emails that demand for an urgent response from your side. Some of the examples are:
- You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your accountasap so as to avoid permanent suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed web page (similar to your bank website) and enter your login details over there.
- In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.
When you click on the links contained in a phishing email, you will most likely be taken to a spoofed web page with official logos and information that looks exactly same as that of the original web pages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there.

Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:

papyal.com

paypal.org

verify-paypal.com

xyz.com/paypal/verify-account/

Tips to Avoid Being a Victim of Phishing:

Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as passwords, account numbers or credit card details. You will see a lock icon in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.

In most cases, unlike a legitimate website, a phishing website or a spoofed web page will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the web page before entering any of your personal information.
Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.
Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:

You can directly send an email to reportphishing@antiphishing.org or spam@uce.gov reporting an attack. You can also notify the Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov.

I hope the information presented in this article will help you detect and avoid various phishing scams that are waiting to rip off innocent Internet users. If you’ve anything to say, please pass your comments.

This post was originally posted on GoHacking.com.

By: Unknown On 9:07 pm

How to Protect your Computer from Keyloggers?

Keyloggers have been a major problem today as it does not require any prior knowledge of computers to use it. So, it is often used by hackers to steal passwords, credit card numbers and other confidential data from your computer. Below are some methods through which you can protect your computer from keyloggers:

1. Use a Good Antivirus

This is the first and the basic step that you need to take in order to protect your computer from keyloggers and other online threats. Use a good antivirus such as Kaspersky, Norton or McAfee and update it regularly.

2. Use a Good Antispyware

If you are a frequent Internet user, then you could be exposed to a number of spywares on a regular basis. Since keylogger is basically a spyware, it is better to install a good antispyware program. Make sure that the antivirus and the antispyware you use do not conflict with each other.

3. Antilogger can be Handy

Antiloggers are the programs that detect the presence of keyloggers on a given computer. Over the past few years, I have tested a lot of anti-logging programs and have found Zemana Antilogger as the best one.

Normally, a keylogger can easily be detected by a good antivirus program, but hackers may use some methods such as hexing, binding or crypting to make it harder for the antivirus program to detect it. In this case, Zemana Antilogger comes handy as this program is specially designed to protect your PC against harmful keyloggers.

4. Online Scanning

When ever you receive a suspicious file, you scan it with online scanners such as Multi engine antivirus scanner which scans your file with 24 popular antivirus engines and reports it back to you if the file is recognized as a virus or spyware. This ensures that none of the malicious programs can escape from being detected as there are 24 different antivirus engines involved in the scanning process.

5. Use Sandboxie

Sandboxie is another great program to help you protect your computer against harmful keyloggers and spywares. Sandboxie runs your computer in an isolated space which prevents your program from making permanent changes to other programs in your computer.

When ever you receive a file that looks suspicious, just run the program with Sandboxie so that, you can test it without the risk of making permanent changes to your computer.

To run a program in Sandboxie, follow the steps as mentioned below:

Open the Sandboxie tool and click on sandbox menu on the top.
Now go to Default sandbox.
Then click on run any program.
Now select the file you wish to run in sandboxie and click open.

6. Keyscrambler

Keyscrambler is one of the best program that offers protection against keyloggers. It is a small program which encrypts your keystrokes so that, even if your computer has a keylogger installed on it, only the encrypted keystrokes are captured by the keylogger and not the actual ones.

The free version of Keyscrambler currently supports Firefox, IE and a few other applications. However its premium version supports more than 160 applications.

This post was originally posted on GoHacking.com.

By: Unknown On 8:58 pm

How Domain Name System (DNS) Works?

In the world of Internet and the area of computer networks, you will often come across the term Domain Name System or Domain Name Service which is simply referred to as DNS. The working of DNS forms one of the basic concepts of computer networks whose understanding is very much essential especially if you are planning to get into the field of ethical hacking or network security.

In this post, I will try to explain how Domain Name System works in a very simple and easy to follow manner so that even the readers who do not have any prior knowledge of computer networks should be able to understand the concept.

What is a Domain Name System?

A “Domain Name System” or “Domain Name Service” is a computer network protocol whose job is to map a user friendly domain name such as “Gohacking.com” to its corresponding IP address like “173.245.61.120″.

Every computer on the Internet, be it a web server, home computer or any other network device has a unique IP address allotted to it. This IP address is used to establish connections between the server and the client in order to initiate the transfer of data. Whether you are trying to access a website or sending an email, the DNS plays a very important role here.

For example, when you type “www.google.com” on your browser’s address bar, your computer will make use of the DNS server to fetch the IP address of Google’s server that is “74.125.236.37″. After obtaining the IP address, your computer will then establish a connection with the server only after which you see the Google’s home page loading on your browser. The whole process is called DNS Resolution.

With millions of websites on the Internet, it is impossible for people to remember the IP address of every website in order to access it. Therefore, the concept of domain name was introduced so that every website can be identified by its unique name which makes it easy for people to remember. However, the IP address is still used as the base for internal communication by network devices. This is where the DNS comes in to action that works by resolving the user friendly domain name to its corresponding machine friendly IP address.

In simple words, domain names are for humans while IP addresses are for network devices. The “Domain Name System” is a protocol to establish a link between the two. Hence, it is not a surprise that you can even load a website by directly typing its IP address instead of the domain name in the browser’s address bar (give it a try)!

Types of DNS Servers and their Role:

The Domain Name System (DNS) is a distributed database that resides on multiple computers on the Internet in a hierarchical manner. They include the following types:

Root Name Servers:

The root servers represent the top level of the DNS hierarchy. These are the DNS servers that contain the complete database of domain names and their corresponding IP addresses. Currently, there are 13 root servers distributed globally which are named using the letters A,B,C and so on up to M.

Local Name Servers:

Local servers represent the most lower level DNS servers that are owned and maintained by many business organizations and Internet Service providers (ISPs). These local servers are able to resolve frequently used domain names into their corresponding IP addresses by caching the recent information. This cache is updated and refreshed on a regular basis.

How DNS Server Works?

Whenever you type a URL such as “http://www.gohacking.com” on your browser’s address bar, your computer will send a request to the local name server to resolve the domain name into its corresponding IP address. This request is often referred to as a DNS query. The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

In rare cases where none of the lower level DNS servers contain the record for a given domain name, the DNS query eventually reaches one of the root name server to obtain the response.

FAQs about Domain Name System:

Here is a list of some of the FAQs about DNS:

How does a “root name server” obtain the information about new domains?

Whenever a new domain name is created or an existing one is updated, it is the responsibility of the domain registrar to publish the details and register it with the root name server. Only after this, the information can move down the DNS hierarchy and get updated on the lower level DNS servers.

What is DNS propagation?

Whenever a new domain name is registered or an existing one is updated, the information about the domain must get updated on all the major DNS servers so that the domain can be reached from all parts of the globe. This is called DNS propagation and the whole process can take anywhere from 24 to 72 hours to get completed.

How often the DNS servers are updated to refresh the cache?

There is no specific rule that defines the rate at which DNS servers should be updated. It usually depends on the organization such as the ISP that maintains the server. Most DNS servers are updated on an hourly basis while some may update their databases on a daily basis.

I hope you have now understood the working of DNS in a very convincing manner. Pass your comments and share your opinion.

This post is originally posted on GoHacking.com.

By: Unknown On 4:03 pm

How to Track and Locate Lost Android Device?

Your Android gadgets are the most important things in your life. It contains all your important contacts and information. If you lose your equipment, you will be losing all those sweet memories with the photos and video. But there is some good news to android phone/tablet users, you can now easily find or at least know where your missing phone is with or without using android application.

Let’s first look at the way of finding your lost phone which doesn’t contain any app installed on it.

Use the IMEI Number

Every android phone carries a unique IMEI number (International Mobile Equipment Identity Number). It will be printed at the back of your device. If you are unable to find the number, you have to launch your phone app and dial the number *#06#. This will give you the IMEI number of your phone. Store this number in a safe place so that it helps you in locating your phone when it is lost.

When you file a complaint, this number has to be added in the report. Your service provider uses this number to track your phone and tell you where it is. No matter if the person using the phone is using a different SIM card or has switched off the phone. Once the device is traced, you can request your service provider to block it from using.

This is one of the easy ways of locating your lost Android phone or tablet.

Plan B

Another way of tracking your lost Android gadget in no time is through Plan B app. This app does not require you to install any recovery software previously but still helps in finding your lost phone. All you need to do is log on to your Google play account. Lookout mobile security offers free software called Plan B. Download the software from play store to your phone. This will be possible only if your phone is within the Internet coverage area. Wait for some time and then send the keyword “locate” without the quotes through SMS to your phone. And a map showing where your equipment is will be sent to your Gmail account. This app is very much useful in situations where you don’t have IMEI number.

If you have installed and configured any of these below android software previously, there is good chance of finding it.

You can log on to Google Play store > My Android Apps, on your computer and check if you have installed any of the following apps previously.

Lookout Security and Antivirus

Lookout is the best android app for security and antivirus. So far, it has received millions of downloads. Just recall if you have installed this on your phone.

If you have activated the option “Missing Device” in this app, it is easy to find your device. If you have also enabled “Signal Flare” option, you can trace the last known location of your android device. This is helpful in case your phone battery is dead or tablet is switched off.

Now sign in Lookout to locate your device. The map shows the location of your phone. If you are at a short distance from the tablet, you can choose Scream option to make a loud noise to find it.

Android Device Manager

Google has recently released a new locator feature for Android gadgets called Android Device manager, which helps its users locate their lost or stolen phones and tablets. It functions in the same way as Lookout and Samsung’s “Find My Mobile”. Here’s how to use Android Device Manager.

Go to the Google Settings app, then select Android device manager. By default the locator feature is activated but to activate remove data wipe, select the box next to “Allow remote factory reset”, then select “activate”.

To use this feature, open the site https://www.google.com/android/devicemanager and sign in to your Google account. You may be prompted for permission to allow Android Device Manager to use location data. Select the Accept tab to continue.

Now you will be provided with a map that shows the location of your device along with other details such as the name of the place, when it was last used and more. The location data doesn’t help you if your phone is misplaced somewhere in your home. Instead of making a call to your phone using other’s phone, you can call your phone directly from Android Device Manager. This will make your device to ring with high volume for 5 minutes, even if it’s in silent or vibrate mode.

One feature that is missing in Android Device Manager is remote locking, which can be useful in preventing a stranger from accessing your data, while you’re tracking its location.

Apart from these, there are other apps such as Android Lost, Where do My Droid and GadgetTrak that help you in finding your lost Android phone/Tablet.

This post was originally posted on GoHacking.com.

By: Unknown On 3:48 pm