I had trouble deciding where to put this, so I put it here for now. My question is about what steps can be taken to even give ourselves a slight bit of protection when using the key sniffers.
I'd assume step one would be to simply rename and relocate the sniffer to somewhere more interesting.
C:\Progra~1\McAfee\vscan.exe
C:\Progra~1\Norton\nshield.exe
Perhaps.
I'd also assume adding in some 'junk' code wouldn't hurt, simply to to distort function size and memory footprint (large allocated arrays and what not).
What else should/can be done to slip the code farther to the background?
Another tought I had is more defensive in nature: Is there
A) A predefined 'rat' package that we know of, one that simply passes information back to SOE that could be used for banning purposes
or
B) A packet we haven't figured out, or functions watching for packets we haven't figured out.
The reason I ask is that I figure if they are going to watch for processes or memory sniffers or whatever, they have to transmit that at some point right? How would they do that? Would we know about it if it happens? Would we be able to prove they are sniffing memory looking for us perhaps? Can we decompile and check for THEM checking memory? How can we look for their counter measures, if there are any?
Right now I'm too paranoid to use a keysniffer. Is this silly of me?