MALWARE-OTHER --
MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp
This event is generated when activity relating to a spyware application is detected. Impact: Unknown. Possible information disclosure, violation of privacy, possible violation of policy. Details: Spyware is malicious software running on a host that may intercept or take information from the host system without a users consent or knowledge. Spyware is also capable of using a hosts Internet connection without the knowledge or consent of the user, in order to deliver that information to an unauthorized third party. This software not only uses available bandwidth on a network connection but also consumes system resources to the point of making the host unusable in some cases. Spyware can be classified into multiple categories depending on the behavior of the software. In particular this event indicates that the software detected is a key logger. Key logger programs record the keys pressed on the keyboard by a user. This information could contain usernames and passwords for the user of the host. These programs are often included in rootkits or Trojan Horse programs. Ease of Attack: Simple. This is spyware activity.
No information provided
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
