What actually is the Keylogger?*
A keylogger is a program that runs in the background, recording all the keystrokes. e.g., passwords, composed emails, chat conversations, instant messages, etc.) and saves them for later view.
Once keystrokes are recorded , they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by the user. Keylogger is commonly included in rootkits.
A keylogger normally consists of two files:
DLL which does all the work
EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory
Types of Keyloggers:
Keyloggers can be one of three types:
1.Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time -- however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
2. Software using a hooking mechanism Keyloggers. This type of keylogger is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes.. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords.
3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information
Keylogger Features
The following features of the "Perfect Keylogger" are of use to anyone trying to spy on an unsuspecting user:
1.Stealth Mode. In this mode no icon is present in the taskbar and the keylogger is virtually hidden.
2. Remote Installation. The keylogger has a feature whereby it can attach to other programs and can be sent by e-mail to install on the remote PC in stealth mode. It will then send keystrokes, screenshots and websites visited to the attacker by e-mail or via FTP.
3. Smart Rename. This feature allows a user to rename all keylogger's executable files and registry entries.
Keylogger Abilites
keyloggers have following capabilities.
- To automatically activate itself when Windows starts
- To Record visited sites, including URL, site name and page title.
- To Record which programs ran on the computer.
- To capture snapshots - just like a surveillance camera.
- To be invisible and to allow the access to the Logs, their settings and its removal only by using a user chosen password.
- To have the ability to send the logs by email to a selected account.
- To have the ability to show you the logs in a clear, comfortable and intuitive way.
who uses the keyloggers?
There are 3 main groups that use Keyloggers:
Employers
In the survey that took place in Britain in the year 2006, 87% of the employees participating in the survey said that they surf on the internet during their work at least once a week.
- 73% of them said that they surf at least once a day.
- 23% of them said that they dedicate more time to surfing on the internet than to their work!
In the additional survey that took place in the same year answered
- 36% of the employers, participants of the survey mentioned that they are afraid that secrets of the company will be sent to their competitors from the company computers by their employees.
- 4% announced that they fell victim to the theft of company secrets by their workers from the company computers.
Parents
Today, almost every child has access to internet.
This comes thanks to the advance in technology, but has also risks involved.
Did you know that:
- The average age when the children encounter pornography in the internet is 11.
- The age of the largest pornography consumer group in the internet is between
12 to 17.
- 85% of children between the ages 6-16 encountered pornographic content
intentionally or unintentionally (most of them while preparing their homework).
- 25% of children between ages 9-17 will freely disclose their home address in the internet.
- 60% of children who committed suicide, declared their intentions online directly or indirectly.
- One in five children who use the computer chat rooms has been approached over the internet by pedophiles.
- Only 25% of youth who received sexual solicitation told a parent
The children today are very sophisticated and most of us parents don't have the knowledge to know what they are doing behind their closed doors in front of the computer.
Are they browsing to inappropriate websites, are they downloading illegal content using P2P programs that will in the future result in lawsuits of thousands of dollars?
What personal information they disclose about themselves, are they talking to adults, or maybe they meet them?
Spouses
In the survey that took place in United States in the year of 2005 which includes married couples only, 56% of the participants of the survey said that during their marriage they had at least one sexual encounter with a person that is not their spouse.
|
