Black Box

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Summary:

 Computer monitoring software that logs keystrokes typed. Allows for various statistical reporting on the users activity, making this a program more geared towards corporate customers.

Alias:

 [default], Java.ByteVerify.exploit [Computer Associates], Java/ByteVerify.exploit.Trojan [Computer Associates], Java/ByteVerify.Trojan [Computer Associates], Java/ClassLoader.B trojan [Eset], Java/Exploit.Bytverify trojan [Eset], Trojan.Java.ClassLoader.b [Kaspersky], Trojan.Java.ClassLoader.Dummy.c [Kaspersky]

Category:

Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).

Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 Key Logger · Exploit · Trojan

Origins

Date of Origin:

 July, 2003

Distribution

Prevalence:
  • Black Box: 0.0%
    • More Info

    Clot Factor:
  • Black Box: 2

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Growth:
  • Black Box: Insufficient data to report growth
    		•

    Operation

    Storage Required:
  • Black Box: at least 1449 KB
    		•

    Risks

    Detection Issues:

    		 Difficult to detect by design. May hide from process list. May install with variable names in variable locations.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Black Box from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 15, 2005