• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Messenger Keystrokes mouse logging

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
securitymeans
Just Arrived
Just Arrived


Joined: 25 Oct 2008
Posts: 0


Offline

PostPosted: Sat Oct 25, 2008 7:48 pm    Post subject: Messenger Keystrokes mouse logging Reply with quote

Hi everyone, I have a slightly unusual question here.
I have just done a reinstallation of windows and installed zonealarm latest most expensive edition with full support.
I keep getting a pop up message warning and it says

"Windows messenger is attempting to monitor user activities on this computer. If allowed it may try to track or log keystrokes (User Input), mouse movements/clicks, web sites visited, and other behaviours"

The file involved is msmgs.exe so it is windows messenger.

What i want to do is to let it do some of this logging and monitoring and recording and find out where it is keeping it on my computer then watch for any access from external networks then track where it has gone or goes to.

Is this possible?

Thanks

Tom
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Sat Oct 25, 2008 9:45 pm    Post subject: Reply with quote

MSN hooks the keystroke and mouse messages that Windows sends to other programs. Like Zonealarm warned you, this allows it to see every key you press on other programs, and every mouse movement or click.

Yahoo Messenger, at least in previous versions a few years ago, did this (don't know about current versions, I presume it's still doing the same). I haven't analyzed what MSN does with the keystroke and mouse information, but I did analyze what Yahoo Messenger did. Yahoo Messenger hooked the keystroke and mouse messages by registering a DLL called idle.dll as a message listener for all processes (injecting the DLL into other processes). It used this information to keep track of how long you go without pressing a key or moving the mouse. Presumably, this was to implement the "automatically change my status to Idle/Away if I'm inactive for X minutes" feature. In particular, Yahoo Messenger did not record the actual keys you pressed, or where you were clicking. Only how long you went without pressing a key or moving the mouse.

I cannot speak for current versions of Yahoo Messenger, or for any version of MSN.

It is indeed possible to trace what MSN is doing, through several different ways. One rather verbose possibility is to debug the program while it runs with a debugger (e.g. a Windows port of GDB, or the Visual Studio debugger, etc). Another possibility is to trace filesystem activity while the program runs, so you see which files are being written to (using something like FileMon, by SysInternals). You may also want to monitor the process's activities, using something like Process Monitor, again by SysInternals.

If you identify the DLL which is being used to monitor the keystroke and mouse messages (in case they're using a DLL in the first place, which is likely) then you could disassemble the DLL (if that is legal in your country, I am not a lawyer).

You could also try to find a Windows equivalent of strace (there seems to be a Cygwin port of the utility).
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register