Can a Trojan record keystrokes through a terminal server connection?

[stevenriz]

Hi everyone, I know certain Trojans can record keystrokes if the trojan is installed on a machine properly. If a trojan is installed properly and not detected by any virus scanner or malware software, AND the user is in a remote control session using terminal server and Remote Desktop Connection, are those keystrokes also recorded? My guess is yes because a keystroke is a keystroke and it wouldn't matter what software you are running. Just curious to know for sure. thanks!!
Steve

 

[Diancecht]

I wouldn't be that sure. I guess it will depend on the installed keylogger.

I know of some keyloggers that won't work with Terminal Server sessions.

Cheers,
Dian

 

[stevenriz]

oh good to know. There reason I am asking, which I should have put in the initial post, was that our Trend Micro product caught a couple of trojans. It wasn't able to clean them but notified us that it found them and presumably disabled them. Not sure about that though. Anyway, by notifying us, we cleaned them right away. These two computers that caught them only communicate over RDC so that is why I was asking.

 

[Diancecht]

I'd consider the worst case

Cheers,
Dian

 

[stevenriz]

You're right, we should. Thanks Dian...

 

[technome]

Ran into the same concern...
Was called in on a network which was hacked, with a number of keyloggers installed. The hacker had all the system passwords, so count on the RDP passwords being compromised.

For a client I tried getting an encrypted USB key, as below, so that the RDP passwords where never typed on RDPing home computers. Alas, they did not work with Windows 2008 Terminal Server Gateway access (actually the RDP 6.1 client). Client is not concerned with keystrokes over RDP, but the passwords. With the USB keys, you program in the login passwords and program passwords on a secure machine, give them to users, and all login screens are taken care of by the encrypted USB key, pretty neat, very secure, setup is easy.

http://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_860.aspx

This USB may work on 2008 as I need, but I have yet to contact Vasco again, about this newer product.

http://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_key_1.aspx

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[electronicsfreak]

From my experience with keyloggers, and ones I have used(yes there are ones out there for good purposes, as in catching a friends daughter who ran away), they record all keystrokes entered into a keyboard no matter what program you are in. They usually work by recording keystrokes period.

For example you can type password, and you could press backspace to try and erase it from the keylogger, but would only result in passwordbackspacebackspace.

There are ones on sourceforge, an open source site if you want to see just how a keylogger works. It will give you a better understanding of how dangerous they can be when used in the wrong hands.

I would post it on here, but I do not want to violate any rules of the forum.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon