1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Revealerkeylog Activity

HTTP Revealerkeylog Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Spyware.RevealerKeylog communicating and requesting information from its controlling server.

Additional Information

When the program is executed, it creates the following files:
%UserProfile%\Desktop\Revealer Keylogger Free.lnk
%SystemDrive%\Documents and Settings\All Users\Application Data\rkfree\data\Administrator\13122007.rvl
%SystemDrive%\Documents and Settings\All Users\Application Data\rkfree\maps\6153
%ProgramFiles%\RKFree\rkfree.exe


The program records keystrokes from the computer and sends the gathered information to a remote email address.

It can be configured to run in stealth mode so that it may hide its activities on the computer.

Affected

  • Windows 2000
  • Windows 95
  • Windows 98
  • Windows Me
  • Windows NT
  • Windows Server 2003
  • Windows Vista
  • Windows XP

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube