I have read about the F-Secure Virus Information Pages : PFV-Exploit
Its were you put spyware in picture formatted things.


I was wondering, does anyone know how to put a keylogger in a picture file?

Also I was wondering, if I put a keylogger on computer A that is connceted to the internet.
Do you know if all of the files(pictures) that the keylogger on computer A has taken, be sent to COmputer B?

Thanks Please reply and help me.:)

The exploit you mentioned was for a vulnerability in the handling of WMF image files. By using this exploit, crackers could execute any code after a user opens a wmf image file. *But*, this exploit was discovered back in December 05 - it has been fixed now, and will not affect the majority of windows computers; only unpatched machines. So, this exploit is effectively useless, and there has been NO other vulnerabilities found in the handling of common image formats since then.

So to sum up what I said, you can only run code from inside an image file through the exploiting of windows' image handling software - and there are no 'active' vulnerabilities at the moment, thus there is no way to run code from images. This will all change when the next exploit is developed, whenever that may be.

And your second question doesn't make sense.



Do you know if all of the files(pictures) that the keylogger on computer A has taken, be sent to COmputer B?



A keylogger logs keys, not images. But what you said still doesn't mean anything.

O ok.

Well like i saw on the web, some keyloggers not only remember each key the person types, but some times takes screen shots.
So i was wondering if you could put a keylogger(that takes ss) on a computer and acsess the images from a different computer.

O ok.

Well like i saw on the web, some keyloggers not only remember each key the person types, but some times takes screen shots.
So i was wondering if you could put a keylogger(that takes ss) on a computer and acsess the images from a different computer.

Keyloggers send logs to email accounts. A keylogger that sends directly to another computer would be useless when email is an adequate way to receive the logs. If you want to access someone's computer remotely, try googling for these terms; 'remote administration tools', and possibly 'reverse connect trojan' and 'port forwarding'.

Thanks for the info

So does anyone know of any other way to send a keylogger to a remote computer?
From that older response I got the impression right now combining a keylogger with an image file is out.
Thanks!

So does anyone know of any other way to send a keylogger to a remote computer?


How would you send any file to someone?

You could send it via file transfer in an IM program, you could attach it to an email, you could host it on a website and give them the link, you could host it on a FTP server, you could send it via IRC DCC transfer; the list could go on forever.

If you were expecting there to be a way to just 'drop' it on their computer without their authorization; well, you expect too much.


From that older response I got the impression right now combining a keylogger with an image file is out.
Thanks!

Image files contain data to be read by an image viewing program. At no stage in this process is data executed. The only way to execute code (or entire programs) from within an image file is through the use of exploits - and no exploits exist at the moment for the masses to use in this way.

Of course you can hide programs or text files in image files (using steganography), but again all it is is data and it is never executed. You have to extract them with the use of the tool you hid it with.

Basiclly you have to rely on the user to execute it themselves, and try to disguise it as a pic.

like renaming an embedded object in wordpad, or what have you.
then again, that opens a whole other issue, specificlly
'how to disable content advisory warnings'

welcome to the game. keep googling, stay creative.