The Keylogger – What It Is And How It Works

A keylogger is a program that runs as a backgound process on your computer. It will secretly record all your keystrokes and save them somewhere secret. These secretly saved keystrokes are then later retrieved by the attacker. The attacker will carefully review the information in hopes of finding usernames, passwords, credit card numbers or other personal information that would prove useful to them or could be sold. For example, a keylogger can easily save and then provide to the attacker, confidential emails. The emails could then be provided to any interested outside party willing to pay for the them.

There are different types of keyloggers. They can be software or hardware based. Software-based keyloggers are easy to distribute place on other computers, thus infecting them. However, they are much more easily detected by Virus protection programs. Hardware-based keyloggers are usually more complex and much harder to detect. It’s possible that right now, your keyboard could be have a keylogger chip inserted and anything you type is then saved into flash memory also placed inside your keyboard. For most of us, hardware keyloggers are not something we need to worry about on our personal computers. Keyloggers have become one of the most powerful applications used for gathering information in a world where encrypted traffic is becoming more and more common.

Over time, keyloggers have become more advanced and the ability to detect them becomes more difficult also. They can exist on a computer for months or years, without being detected. During the time it is monitoring, a keylogger can collect a lot of information. Potentially, a keylogger can obtain not only passwords and user names, contacts, bank account details, web browsing habits, interests, and much much more. All the information that is collected can be used to steal a user’s money, personal documents, and even their identity.

A software-based keylogger could be as simple as an .exe and a .dll that is placed in a computer. They are then activated when the computer boots using an entry in the Windows registry. Usually they are placed through a download procedure that the user does not know has happened. Often it piggybacks on something else the user downloads so it won’t appear as a separate download activity. The more sophisticated keyloggers, have perform quite a list of nasty activities and engage in operations to hide themselves. Some of these things include:

1. They make themselves undetectable in the process list and invisible in operation

2. It can be a kernel keylogger that captures keystrokes even when the user is logged off

3. The keylogger can have a remote deployment wizard enabling it deploy at later times or when instructed to by the attacker.

4. The ability to create text snapshots of active applications (screen shots showing usernames, account numbers, etc.)

5. The ability to capture http post data, in other words internet activities (including log-ins/passwords)

6. HTML and text log file export, to periodically send the information to the attacker7. Automatic e-mail log file delivery, to send your logfiles to the attacker

There are many kinds and variations of these types of keyloggers. A couple are named the Perfect Keylogger and the ProBot Activity Monitor

Not all keyloggers are used for illegal or spying purposes. A wide variety of uses have surfaced that are not necessarily illegal. Keyloggers can be used to monitor web sites visited and this information can be used in parental control applications. They have been widely used to prevent child pornography and to protect children from coming in contact with dangerous elements on the web. Law enforcement also may use keyloggers. A federal court has ruled, the FBI was not required to get a special wiretap order to legally place a keystroke logging device on a suspect’s computer. In addition, the judge ruled that the details gathered by the keylogging device were allowed to be kept secret by the FBI (citing national security concerns). The defendant, indicted for gambling and loan-sharking, used encryption to attempt to hide and protect information and files on his computer. The FBI used the information gathered by the keylogging device to get the defendant’s password and which allowed them to open the needed files.

Related Articles