A keylogger is a
program that runs in your computer’s background secretly recording all your
keystrokes. Once your keystrokes are logged, they are hidden away for later
retrieval by the attacker. The attacker then carefully reviews the information
in hopes of finding passwords or other information that would prove useful to
them. For example, a keylogger can
easily obtain confidential emails and reveal them to any interested outside
party willing to pay for the information.
Keyloggers can be
either software or hardware based. Software-based
keyloggers are easy to distribute and infect, but at the same time are more
easily detectable. Hardware-based
keyloggers are more complex and harder to detect. For all that you know, your keyboard could have
a keylogger chip attached and anything being typed is recorded into a flash
memory sitting inside your keyboard. Keyloggers have become one of the most
powerful applications used for gathering information in a world where encrypted
traffic is becoming more and more common.
As keyloggers
become more advanced, the ability to detect them becomes more difficult. They
can violate a user’s privacy for months, or even years, without being
noticed. During that time frame, a
keylogger can collect a lot of information about the user it is
monitoring. A keylogger can potential obtain
not only passwords and log-in names, but credit card numbers, bank account
details, contacts, interests, web browsing habits, and much more. All this collected information can be used to
steal user’s personal documents, money, or even their identity.
A keylogger might
be as simple as an .exe and a .dll that is placed in a computer and activated
upon boot up via an entry in the registry. Or, the more sophisticated
keyloggers, such as the Perfect Keylogger or ProBot Activity Monitor have
developed a full line of nasty abilities including:
·
Undetectable
in the process list and invisible in operation
·
A
kernel keylogger driver that captures keystrokes even when the user is logged
off
·
A
remote deployment wizard
·
The
ability to create text snapshots of active applications
·
The
ability to capture http post data (including log-ins/passwords)
·
The
ability to timestamp record workstation usage
·
HTML
and text log file export
·
Automatic
e-mail log file delivery
All keyloggers are
not used for illegal purposes. A variety
of other uses have surfaced. Keyloggers
have been used to monitor web sites visited as a means of parental control
over children. They have been actively used to prevent child pornography and
avoid children coming in contact with dangerous elements on the web. Additionally, in December, 2001, a federal
court ruled that the FBI did not need a special wiretap order to place a
keystroke logging device on a suspect’s computer. The judge allowed the FBI to
keep details of its key logging device secret (citing national security
concerns). The defendant in the case, Nicodemo Scarfo Jr., indicted for
gambling and loan-sharking, used encryption to protect a file on his computer.
The FBI used the keystroke logging device to capture Scarfo’s password and gain
access to the needed file.
No comments:
Post a Comment