Tutorial On How To Prevent Password Stealers

[jamesrocky]

Tutorial On How To Prevent Password Stealers.

Note: I am not the original author.Just thought of sharing it here:D The original author is w4r3zh4ck @ wbb and all credit goes to him


Today the most common thing for a hacker is to steal your passwords on various applications such as FireFox, MSN, XFire etc. Antiviruses doesn't work always, as hackers crypt their stealers with undetectable crypters and antiviruses don't detect them. So instead antivirus we are going to use firewall!

How password stealers work ?

They bind stealers into keygens or applications and once the application is executed, the stealer is also executed in hidden mode. Then the stealer finds it's target like the folder where all firefox passwords are stored, then decrypts the passwords and sends them to the attacker's FTP.

Example of a log by password stealer.

What we need

As i said above we need a good firewall. One of the best firewall is Comodo. By the way you can use Windows Firewall with Advanced Security by Microsoft, but this only works in Windows Vista or Windows 7.

Configuration

1. Comodo Internet Security
Download the latest Comodo from the above link and install it. Don't uncheck the firewall option !!

http://www.filehippo.com/download_comodo/

After you install it, reboot your PC. Now set the Firewall Security Level to Custom Policy Mode (as shown in the image).

After you've done that, you must create application rules in order to access the internet. To do that, open up Comodo and go to: Firewall -> Define a New Trusted Application. Now make rules for your applications that need internet access.

2. Windows Firewall with Advanced Security
This only works in Windows Vista and Windows 7 !!!
Now go to start and type: wf.msc
After opening it, you must block all outbound connection. To do that open up Windows Firewall with Advanced Security and click properties.

Now make sure that the 3 sections outbound connection is set to Blocked.

After that you need to create application rules in order to access internet. To do that, go to Outbound Rules and make new rule as shown on the image.

 

[Royal King]

Nice, thanks. good tutorial )

 

[Chri5]

does this actually 100% work?

 

[c0rrupt]

If you are using Firefox do the following:

Tools
Options
Security
Use a master password


Just by doing this i have ran a password stealer on my pc and it was not able to find any of my passwords.

 

[SJshah]

@c0rrupt, most newer stealers would be able to bypass a 'master password' very easily.

I never store my passwords in any browsers, ever. its not safe at all.

just have a look:
C:\Users\[USER]\AppData\Roaming\Mozilla\Firefox\Profiles\[PROFILE]\

 

[litewarez]

Great tutorial and i advice all members to do this or atleast another firefall because this type of password capturing is increasing dramatically!

time to nip it in the butt lol

 

[Profit]

If you are using Firefox do the following:

Tools
Options
Security
Use a master password


Just by doing this i have ran a password stealer on my pc and it was not able to find any of my passwords.

Correct.

 

[The Dude]

I use Keyscrambler appz to prevent pass stealers.

 

[Ivan]

does this actually 100% work?

Not realy... most advanced password stealers inject themselves into default browser or MSN process.

I use Keyscrambler appz to prevent pass stealers.

Keysclambers protects you from keyloggers, but not password stealers - they read passwords from memory/program files so they doesn't care if you patch kernel to obfuscate keys you press - application gets unobfuscated data anyway

 

[Profit]

Yeah Keyscrambler isn't stopping anything, try it on yourself - I have before. :P

 

[Daniel]

thanks for sharing, might be useful...

 

[peterjam]

The safer way (but not safest) is use the virtual keyboard.

 

[Ivan]

The safer way (but not safest) is use the virtual keyboard.

virtual keyboard works for keyloggers, not password stealers. refer to my previous post in this thread.

 

[demon_fox]

nice tutorial
might try this to see if it works

 

[Europe]

Good tutorial, but in my opinion Zone Alarm is better then Comodo Firewall. And yes, the master password has no defense against an real attack.

 

[moh_8581]

thanks that's very helpful

 

[DeLeTeD]

any other methods that people know?

like some said the master password won't help. Maybe additional security/addon for firefox?

 

[SJshah]

^ a master password wont do shit.

using a firewall with a custom policy mode is the best way - it allows you to check all outgoing information before it leaves your pc.


also, you should open all keygens/untrusted exe's in a VM..

 

[z3r04cc355]

Good tutorial, but in my opinion Zone Alarm is better then Comodo Firewall. And yes, the master password has no defense against an real attack.

Not at all. ZoneAlarm is application level firewall whereas COMODO is packet level firewall. U can monitor every packet that is going to and from your PC, where as in ZoneAlarm, this doesn't happen.
Packet level firewall is always better than application level firewall.

Also, COMODO is somewhat difficult to use and configure for newbies. Thats y most ppl fine zonealarm good, but its not like that.

Also, the only way 2 prevent from stealers/keyloggers/rats is use open source softwares. There r many many good open source softwares available, which r seriously better than closed source/paid softwares.
Or else, get ur downloads frm trusted sources.
VMWare is also der to help out.

OR BUY THEM :D


Get ur untrusted/suspicious copy of software. Run it under VMWare and start sniffer, COMODO shud b installed too :P
My VMWare has COMODO + BitDefender IS 2010 + Wireshark/any sniffer.


Also, if u hv some knowledge of debugging, then debug that EXE using ollydbg or any other good debugger. If the attacker has used FTP/SMTP to get logs, then u can steal his logs by getting his login info, LOLzzz.
I dunno how to get PHP info Anybody knows?

 

[OxanaViney]

nice tut.
I try it .