Sign in / up

back to article Researcher pops locks on keylogger, finds admin's email inbox

Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government. Mendrez's reverse engineering effort found credentials buried within the Hawkeye keylogger that lead through …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    compatibility with all versions of Windows.

    No comment.

    4 6 Reply
    1. The Man Who Fell To Earth Silver badge
      Reply Icon
      Boffin

      Re: compatibility with all versions of Windows.

      The real question is how many VA products detect it? I don't have a lot of sympathy for systems of any OS that don't have a good AV product installed.

      0 2 Reply
      1. joed
        Reply Icon

        Re: compatibility with all versions of Windows.

        every AV product introduces it's own attack surface. Not sure what's worse.

        2 0 Reply
      2. JeffyPoooh
        Reply Icon
        Pint

        Re: compatibility with all versions of Windows.

        TMWFTE "...a good AV product installed."

        No such thing.

        At best they're clownware. At worst they're Symantec.

        1 1 Reply
        1. Mpeler
          Reply Icon
          Paris Hilton

          Re: compatibility with all versions of Windows.

          No, at worst they’re McAfee. At least (with some effort) you can

          uninstall it :)

          Paris, because she's also a technical talent...

          1 0 Reply
  2. Allan George Dyer
    Paris Hilton

    Located or Accessed?

    The first line claims the researcher, "has gained access to the inbox", but later it says that the credentials found, "lead through redirection to the author's inbox", so that is just discovering the destination address. It might only be a throwaway account.

    Is there a story here at all?

    7 0 Reply
    1. 2460 Something
      Reply Icon

      Re: Located or Accessed?

      My thoughts as well. So he has the gmail email address which for all intents and purposes could be the final repository. Or... is this just another compromised account en route to else-where? If he couldn't log into it he doesn't know if it is actually just a next step.

      2 0 Reply
      1. Valerion
        Reply Icon

        Re: Located or Accessed?

        Perhaps the address was a giveaway?

        hawkeye_finaldestination@gmail.com or something would be sufficient to suggest it's the final step. If it was johnsmith9999@gmail.com then perhaps not!

        0 0 Reply
      2. Hans 1
        Reply Icon
        Holmes

        Re: Located or Accessed?

        >Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger

        Is this NOT clear ? The other accounts were just forwarders to his account! Now, this might not have been his "private" account linked to his facebook et al, bust still, with logs, they will, hopefully, find the tor exit which he last used ... then, they will ask NSA for all details about the guy ... there, caught ... might have already happened, hence the revelation.

        0 0 Reply
        1. Allan George Dyer
          Reply Icon
          Paris Hilton

          Re: Located or Accessed?

          Sure, that's clear, but the later detail suggests otherwise. There doesn't seem to be a functional reason to have the final destination address and password in the keylogger, so did he get access to the inbox at all? Did he work out the destination address and ask law enforcement/google to get access? If it leads to the criminal being caught and prosecuted, that's good, but the article is deficient.

          2 0 Reply
        2. Cynic_999
          Reply Icon

          Re: Located or Accessed?

          "

          ...find the tor exit which he last used ... then, they will ask NSA for all details about the guy ... there, caught ...

          "

          Um ... I hate to upset your belief in the omnipotence of the NSA, but there is as yet no way to trace an individual user's connection through the Tor network just by knowing the exit node.

          2 0 Reply
    2. Aodhhan
      Reply Icon

      Re: Located or Accessed?

      You're better off going to the source or searching for information on the subject whenever Darren Pauli writes an article. His apparent need to write cute metaphors which often don't work, poor grammar, inability to put together a sentence correctly so a reader can identify the subject, verb and object... are just a few examples of his writing weaknesses.

      Adding to this is how he doesn't seem to correctly grasp the technical aspects of the subject. This leaves readers having to go back over what is written more than once in order to make sense out of things.

      2 0 Reply
  3. Fan of Mr. Obvious

    Researcher turns criminal

    "Naturally, I checked out these email inboxes."

    Hmmmm. Judge, jury, and executioner rolled up in one CyberSlueth. I was not aware that Trustwave having government contracts put them above the law.

    0 0 Reply
    1. Mpeler
      Reply Icon
      Big Brother

      Re: Researcher turns criminal

      Heyyy, it works for Hillary...

      2 3 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like