Keyloggers detection


Invisible

Invisible

Admin
Joined
Feb 11, 2006
Messages
9,104
Likes
605
Points
280
Invisible

Invisible

Admin
Joined Feb 11, 2006
9,104 605 280
Keyloggers are applications or devices that monitor the physical keystrokes of a computer user. They then either aggregate the information locally for later retrieval or send it off to a spyware server on the Internet. Some businesses use keyloggers, such as with the Spector Pro system, to monitor employee activity, but the vast majority are applications installed without the user's knowledge as part of a software download or system intrusion.

The true danger posed by keyloggers is their ability to bypass encryption controls and gather sensitive data directly from the user. All the encryption in the world will not secure your data if a hacker watches you type your encryption key. He can then simply use that plaintext key to decrypt all of your "protected" communications from that point forward!


Anyone to help me on how to detect these keyloggers? I wanna protect my pc buddies!
 
Steve Dii

Steve Dii

JF-Expert Member
Joined
Jun 25, 2007
Messages
6,419
Likes
81
Points
145
Steve Dii

Steve Dii

JF-Expert Member
Joined Jun 25, 2007
6,419 81 145
Invisible,
I perceive you have a founded knowledge about the net and IT matters in general, the only thing i see forward for you is to have a registered service. I know this is an expensive route, but only suggesting so as i'm inclined to assume that you have already exhausted the freeware route.

Supplementary information about keyloggers:

WHAT IS A KEYLOGGER ?

A keylogger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a predetermined remote host. It also can capture screenshots of user activity, log passwords, record online chat conversations or take different actions in order to find out what a user is doing. A keylogger poses the most dangerous threat to user privacy.

A keylogger can be also a small physical device that usually is placed between the keyboard’s plug and the computer’s keyboard port. A hardware keylogger records all keystrokes and saves them into own memory. Such a device doesn’t rely on a particular software or driver and therefore works under different environments. However, it doesn’t take screenshots and can be easily found during a thorough computer inspection.

Software keyloggers are divided into parasitical and legitimate applications. Malicious keyloggers are very similar to viruses and trojans. They are used by hackers to violate user privacy. Legitimate keyloggers, also known as computer surveillance tools, are commercial products targeted mostly to parents, employers and teachers. They allow to find out what children or employees are doing online. However, even legal programs work without the monitored user’s knowledge and consent. They can be also used by malicious persons and therefore are not classified as less harmful threats than the actual parasites.
List of Keyloggers parasites (page 1):
Total Keyloggers parasites in our DB: 540

WebPI
007 Spy Software
007 Starr
123 PС Spy
2Spy
A Keylogger
AB System Spy
ABCKeylogger
Absolute Key Logger
AceSpy
Actions Monitor
Active Key Logger
Active Monitor
ActiveVB KeyLogger
Activity Keylogger
Activity Logger
ActMon
Advanced Call recorder
Advanced Computer Monitor
Advanced Keylogger
AegisCOM
AGM65s Keylog trojan
Akosch Keylogger
Aku Key Logger
Akuku.889.A
Anserin
Apophis 2.0
Appstraka
Ardamax Keylogger
AtomicLog
Backdoor.IRC.Fusion.20
BagKeys
BEEE
Belkin PCSpy
Beyond Keylogger
BizDefender
Black Box
BlackLog
BlazingTools Perfect keylogger
Boss Everyware
Busted
Call Online Two
Canary
CapScrn
Captain Mnemo Pro
CAPTSR
Capture.dll
Catch Cheat Spy 1.4
Chota
CLogger
COM
Com Policy
Complete Keystroke Logger
Computer Snooper
Computer Spy
ComputerSpy
Conducent
Content Monitor
Covenanteyes
CQMA
CQzjz102sgb
Cummings Keylogger 2.0
Cyber Informer
Cyber Predator
Cyber Snoop
Dafunks Keylogger
DBdoor
De Llano KeyLogger
Desktop Detective
Desktop Detective 2000
Desktop Scout
Desktop Snooper
Desktop Surveillance
DGSSSoftware keylogger
DirSpy
DKS KeySpy
Donkey KeyLogger
DOS Log
Dr Modem
Dreamscape Keylogger
DSK Lite 1.0
DyFuCA.SafeSurfing
E-mail Password Logger
EarSpy
Easy Macro 2.01
EBlaster
EBlaster 5.0
Edepol
Ehks
Elfrah PCSpy
ElGolf 1.0b
Elhacker Keylogger
EliteKeylogger
EMA Info Grabber
Email PI
Enfiltrator Black Box
ESP
Espion
Evasive KeyLog
EVision Megapro


Keyloggers from 1 to 100, page 1
1 2 3 4 5 6 Next

WAYS OF INFECTION
Keyloggers differ from regular computer viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are two major ways unsolicited keystroke logging program can get into the system.

1. A legitimate keylogger can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own keylogger. In both cases a privacy threat gets installed without the monitored user’s knowledge and consent.
2. Malicious keyloggers often are installed by other parasites like viruses, trojans, backdoors or even spyware. They get into the system without user knowledge and affect everybody who uses a compromised computer. Such keyloggers do not have any uninstall functions and can be controlled only by their authors or attackers.

Keyloggers affect mostly computers running Microsoft Windows operating system. However, some less prevalent parasites can be also found on other popular platforms.


WHAT A KEYLOGGER DOES ?
- Logs each keystroke a user types on a computer’s keyboard.
- Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
- Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information.
- Monitors online activity by recording addresses of visited web sites, taken actions, entered keywords and other similar data.
- Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space.
- Captures online chat conversations made in popular chat programs or instant messengers.
- Makes unauthorized copies of outgoing and incoming e-mail messages.
- Saves all collected information into a file on a hard disk, then silently sends this file to a configurable e-mail address, uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
- Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.


EXAMPLES OF KEYLOGGERS
There are lots of different keystroke logging applications, both commercial and parasitical. The following examples illustrate typical keylogger behavior.

Family Key Logger is a relatively simple commercial keylogger targeted to parents who need to know what kids are doing online while they are not at home and to users who want to spy on their spouses. Family Key Logger is designed to record all user keystrokes. It doesn’t have additional functionality and must be manually installed. Most legitimate keyloggers are quite similar to Family Key Logger and therefore are not extremely dangerous.

Delf is the entire family of harmful trojans with keystroke logging functions. These parasites not only record every user keystroke, but also give the remote attacker full unauthorized access to a compromised computer, download and execute arbitrary code, steal user’s vital information such as passwords, e-mail messages or bank account details. Delf threats send all gathered data to the attacker through a background Internet connection. Moreover, they can cause general system instability and even corrupt files or installed applications.

Perfect Keylogger is a complex computer surveillance tool with rich functionality. It records all user keystrokes and passwords, takes screenshots, tracks user activity in the Internet, captures chat conversations and e-mail messages. Perfect Keylogger can be remotely controlled. It can send gathered data to a configurable e-mail address or upload it on a predefined FTP server. Although it is a commercial product, it’s even more dangerous than most parasitical keyloggers.


CONSEQUENCES OF A KEYLOGGER INFECTION
Practically all keyloggers are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. During all this time a regular keylogger is able to find out everything about the user. Someone who controls a keylogger gets priceless information including the monitored user’s passwords, login names, credit card numbers, exact bank account details, contacts, interests, web browsing habits and much more. All this information can be used to steal victim's valuable personal documents, money, use his name, address and other identity data for criminal offences.


HOW TO REMOVE A KEYLOGGER?
Most keyloggers work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove keyloggers and related components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta, Spyware Doctor, Ad-Aware SE, SpyHunter, eTrust PestPatrol or Spybot - Search & Destroy are well-known for perfect keylogger detection and removal capabilities.

In some cases even an antivirus or spyware remover can fail to get rid of a particular keylogger. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.

Not all keyloggers (even if they track your personal information) are illegitimate and needed to remove immediately.

Additional resources related to Keyloggers:
I know you might have come across the same message, but i have decided to paste it here for others in need of quick info regarding keyloggers.

Will post any new information as i come across.


SteveD.
 
Invisible

Invisible

Admin
Joined
Feb 11, 2006
Messages
9,104
Likes
605
Points
280
Invisible

Invisible

Admin
Joined Feb 11, 2006
9,104 605 280
I know you might have come across the same message, but i have decided to paste it here for others in need of quick info regarding keyloggers.

SteveD.
Thanks buddy. Let me print this and read while having a cup of tea
 
Picassa243

Picassa243

Member
Joined
Oct 10, 2007
Messages
23
Likes
0
Points
0
Age
31
Picassa243

Picassa243

Member
Joined Oct 10, 2007
23 0 0
What keyloggers do you have. I can help you remove them? Personally Ad-Aware Se Professional is the best tool for their removal. Spyware Doctor is good too.
 
Steve Dii

Steve Dii

JF-Expert Member
Joined
Jun 25, 2007
Messages
6,419
Likes
81
Points
145
Steve Dii

Steve Dii

JF-Expert Member
Joined Jun 25, 2007
6,419 81 145
Have been using the free AVG, but as the rating for it is now at its highest point, i think i'm gonna get myself a paid for version...

Picassa, you mention Ad-Aware pro, but on my case I'am also using Spybot-SD on top of free AVG. whate do you think, does the combination of the two make up for the difference?
Else, have to ask, what is better; Ad-Aware Professional or AVG Professional?

Invisible, i might get a discount deal for software somewhere, will give you a shout once certain..

Thanks for your input.

SteveD.
 
Picassa243

Picassa243

Member
Joined
Oct 10, 2007
Messages
23
Likes
0
Points
0
Age
31
Picassa243

Picassa243

Member
Joined Oct 10, 2007
23 0 0
Well Steve AVG is good as an anti virus and Spybot is also good. But Ad-Aware Se Professional is the best rated anti-spy. Ive been using it for 5 years ithout problems of spyware or keyloggers. :)
 
Invisible

Invisible

Admin
Joined
Feb 11, 2006
Messages
9,104
Likes
605
Points
280
Invisible

Invisible

Admin
Joined Feb 11, 2006
9,104 605 280
Well Steve AVG is good as an anti virus and Spybot is also good. But Ad-Aware Se Professional is the best rated anti-spy. Ive been using it for 5 years ithout problems of spyware or keyloggers. :)
Good guys,

So you tell me once I download Ad-Aware SE Pro I will be protected right? I'm not attacked but would like to ensure my privacy buddy.

BTW: How do they work (keyloggers) and for what purposes?

Thanks
 
Steve Dii

Steve Dii

JF-Expert Member
Joined
Jun 25, 2007
Messages
6,419
Likes
81
Points
145
Steve Dii

Steve Dii

JF-Expert Member
Joined Jun 25, 2007
6,419 81 145
Good guys,

So you tell me once I download Ad-Aware SE Pro I will be protected right? I'm not attacked but would like to ensure my privacy buddy.

BTW: How do they work (keyloggers) and for what purposes?

Thanks
Invisible, there are only two principle aims I can think of, Spying on You to know your whereabouts and Spying on you to steal.

The following description honestly as given above does suffice for me..
WHAT A KEYLOGGER DOES ?
- Logs each keystroke a user types on a computer’s keyboard.
- Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
- Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information.
- Monitors online activity by recording addresses of visited web sites, taken actions, entered keywords and other similar data.
- Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space.
- Captures online chat conversations made in popular chat programs or instant messengers.
- Makes unauthorized copies of outgoing and incoming e-mail messages.
- Saves all collected information into a file on a hard disk, then silently sends this file to a configurable e-mail address, uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
- Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.

Perfect Keylogger is a complex computer surveillance tool with rich functionality. It records all user keystrokes and passwords, takes screenshots, tracks user activity in the Internet, captures chat conversations and e-mail messages. Perfect Keylogger can be remotely controlled. It can send gathered data to a configurable e-mail address or upload it on a predefined FTP server. Although it is a commercial product, it’s even more dangerous than most parasitical keyloggers.

CONSEQUENCES OF A KEYLOGGER INFECTION
Practically all keyloggers are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. During all this time a regular keylogger is able to find out everything about the user. Someone who controls a keylogger gets priceless information including the monitored user’s passwords, login names, credit card numbers, exact bank account details, contacts, interests, web browsing habits and much more. All this information can be used to steal victim's valuable personal documents, money, use his name, address and other identity data for criminal offences.
SteveD.
 
Yona F. Maro

Yona F. Maro

R I P
Joined
Nov 2, 2006
Messages
4,235
Likes
51
Points
0
Yona F. Maro

Yona F. Maro

R I P
Joined Nov 2, 2006
4,235 51 0
Keyloggers: How they work and how to detect them

In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.
However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.

Joe Lopez’s losses were caused by a combination of overall carelessness and an ordinary keylogging program.

About Keyloggers
The term ‘keylogger’ itself is neutral, and the word describes the program’s function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes. This definition is not altogether correct, since a keylogger doesn’t have to be software – it can also be a device. Keylogging devices are much rarer than keylogging software, but it is important to keep their existence in mind when thinking about information security.

Legitimate programs may have a keylogging function which can be used to call certain program functions using “hotkeys,” or to toggle between keyboard layouts (e.g. Keyboard Ninja). There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.

Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including:

· Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content;
· Jealous spouses or partners can use a keylogger to track the actions of their better half on the Internet if they suspect them of “virtual cheating”;
· Company security: tracking the use of computers for non-work-related purposes, or the use of workstations after hours;
· Company security: using keyloggers to track the input of key words and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed;
· Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers;
· Other reasons.

However, the justifications listed above are more subjective than objective; the situations can all be resolved using other methods. Additionally, any legitimate keylogging program can still be used with malicious or criminal intent. Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.

Furthermore, many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan programs.

As such programs are extensively used by cyber criminals, detecting them is a priority for antivirus companies. Kaspersky Lab’s malware classification system has a dedicated category for malicious programs with keylogging functionality: Trojan-Spy. Trojan-Spy programs, as the name suggests, track user activity, save the information to the user’s hard disk and then forward it to the author or ‘master’ of the Trojan. The information collected includes keystrokes and screen-shots, used in the theft of banking data to support online fraud.

Why keyloggers are a threat

Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.

Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user’s account or access the user’s online gaming account. Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual’s loss of a few dollars. Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).

Keyloggers, phishing and social engineering (see 'Computers, Networks and Theft') are currently the main methods being used in cyber fraud. Users who are aware of security issues can easily protect themselves against phishing by ignoring phishing emails and by not entering any personal information on suspicious websites. It is more difficult, however, for users to combat keyloggers; the only possible method is to use an appropriate security solution, as it's usually impossible for a user to tell that a keylogger has been installed on his/ her machine.

According to Cristine Hoepers, the manager of Brazil’s Computer Emergency Response Team, which works under the aegis of the country’s Internet Steering Committee, keyloggers have pushed phishing out of first place as the most-used method in the theft of confidential information. What’s more, keyloggers are becoming more sophisticated – they track websites visited by the user and only log keystrokes entered on websites of particular interest to the cyber criminal.

In recent years, we have seen a considerable increase in the number of different kinds of malicious programs which have keylogging functionality. No Internet user is immune to cyber criminals, no matter where in the world s/he is located and no matter what organization s/he works for.

How cyber criminals use keyloggers

One of the most publicized keylogging incidents recently was the theft of over $1million from client accounts at the major Scandinavian bank Nordea. In August 2006 Nordea clients started to receive emails, allegedly from the bank, suggesting that they install an antispam product, which was supposedly attached to the message. When a user opened the file and downloaded it to his/ her computer, the machine would be infected with a well known Trojan called Haxdoor. This would be activated when the victim registered at Nordea’s online service, and the Trojan would display an error notification with a request to re-enter the registration information. The keylogger incorporated in the Trojan would record data entered by the bank’s clients, and later send this data to the cyber criminals’ server. This was how cyber criminals were able to access client accounts, and transfer money from them. According to Haxdoor's author, the Trojan has also been used in attacks against Australian banks and many others.

On January 24, 2004 the notorious Mydoom worm caused a major epidemic. MyDoom broke the record previously set by Sobig, provoking the largest epidemic in Internet history to date. The worm used social engineering methods and organized a DoS attack on www.sco.com; the site was either unreachable or unstable for several months as a consequence. The worm left a Trojan on infected computers which was subsequently used to infect the victim machines with new modifications of the worm. The fact that MyDoom had a keylogging function to harvest credit card numbers was not widely publicized in the media.

In early 2005 the London police prevented a serious attempt to steal banking data. After attacking a banking system, the cyber criminals had planned to steal $423 million from Sumitomo Mitsui’s London-based offices. The main component of the Trojan used, which was created by the 32-year-old Yeron Bolondi, was a keylogger that allowed the criminals to track all the keystrokes entered when victims used the bank’s client interface.

In May 2005 in London the Israeli police arrested a married couple who were charged with developing malicious programs that were used by some Israeli companies in industrial espionage. The scale of the espionage was shocking: the companies named by the Israeli authorities in investigative reports included cellular providers like Cellcom and Pelephone, and satellite television provider YES. According to reports, the Trojan was used to access information relating to the PR agency Rani Rahav, whose clients included Partner Communications (Israel’s second leading cellular services provider) and the HOT cable television group. The Mayer company, which imports Volvo and Honda cars to Israel, was suspected of committing industrial espionage against Champion Motors, which imports Audi and Volkswagen cars to the country. Ruth Brier-Haephrati, who sold the keylogging Trojan that her husband Michael Haephrati created, was sentenced to four years in jail, and Michael received a two-year sentence.

In February 2006, the Brazilian police arrested 55 people involved in spreading malicious programs which were used to steal user information and passwords to banking systems. The keyloggers were activated when the users visited their banks’ websites, and secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The total amount of money stolen from 200 client accounts at six of the country’s banks totaled $4.7million.

At approximately the same time, a similar criminal grouping made up of young (20 – 30 year old) Russians and Ukrainians was arrested. In late 2004, the group began sending banking clients in France and a number of other countries email messages that contained a malicious program – namely, a keylogger. Furthermore, these spy programs were placed on specially created websites; users were lured to these sites using classic social engineering methods. In the same way as in the cases described above, the program was activated when users visited their banks’ websites, and the keylogger harvested all the information entered by the user and sent it to the cyber criminals. In the course of eleven months over one million dollars was stolen.

There are many more examples of cyber criminals using keyloggers – most financial cybercrime is committed using keyloggers, since these programs are the most comprehensive and reliable tool for tracking electronic information.

Increased use of keyloggers by cyber criminals
The fact that cyber criminals choose to use keyloggers time and again is confirmed by IT security companies.

One of VeriSign's recent reports notes that in recent years, the company has seen a rapid growth in the number of malicious programs that have keylogging functionality.

Source: iDefense, a VeriSign Company
One report issued by Symantec shows that almost 50% of malicious programs detected by the company’s analysts during the past year do not pose a direct threat to computers, but instead are used by cyber criminals to harvest personal user data.

According to research conducted by John Bambenek, an analyst at the SANS Institute, approximately 10 million computers in the US alone are currently infected with a malicious program which has a keylogging function. Using these figures, together with the total number of American users of e-payment systems, possible losses are estimated to be $24.3 million.
Kaspersky Lab is constantly detecting new malicious programs which have a keylogging function. One of the first virus alerts on Viruslist.com - Information About Viruses, Hackers and Spam, Kaspersky Lab’s dedicated malware information site, was published on 15th June 2001. The warning related to TROJ_LATINUS.SVR, a Trojan with a keylogging function. Since then, there has been a steady stream of new keyloggers and new modifications. Kaspersky antivirus database currently contain records for more than 300 families of keyloggers. This number does not include keyloggers that are part of complex threats (i.e. in which the spy component provides additional functionality).

Most modern malicious programs are hybrids which implement many different technologies. Due to this, any category of malicious program may include programs with keylogger (sub)functionality. The number of spy programs detected by Kaspersky Lab each month is on the increase, and most of these programs use keylogging technology.

Keylogger construction

The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor. This can be achieved using video surveillance, a hardware bug in the keyboard, wiring or the computer itself, intercepting input/ output, substituting the keyboard driver, the filter driver in the keyboard stack, intercepting kernel functions by any means possible (substituting addresses in system tables, splicing function code, etc.), intercepting DLL functions in user mode, and, finally, requesting information from the keyboard using standard documented methods.
Experience shows that the more complex the approach, the less likely it is to be used in common Trojan programs and the more likely it is to be used in specially designed Trojan programs which are designed to steal financial data from a specific company.

Keyloggers can be divided into two categories: keylogging devices and keylogging software. Keyloggers which fall into the first category are usually small devices that can be fixed to the keyboard, or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes.

The most common methods used to construct keylogging software are as follows:

· a system hook which intercepts notification that a key has been pressed (installed using WinAPI SetWindowsHook for messages sent by the window procedure. It is most often written in C);
· a cyclical information keyboard request from the keyboard (using WinAPI Get(Async)KeyState or GetKeyboardState – most often written in Visual Basic, sometimes in Borland Delphi);
· using a filter driver (requires specialized knowledge and is written in C).
We will provide a detailed explanation of the different ways keyloggers are constructed in the second half of this article (to be published in the near future). But first, here are some statistics.

A rough breakdown of the different types of keyloggers is shown in the pie chart below:

Recently, keyloggers that disguise their files to keep them from being found manually or by an antivirus program have become more numerous. These stealth techniques are called rootkit technologies. There are two main rootkit technologies used by keyloggers:

· masking in user mode;
· masking in kernel mode.

A rough breakdown of the techniques used by keyloggers to mask their activity is shown in the pie chart below:

How keyloggers spread

Keyloggers spread in much the same way that other malicious programs spread. Excluding cases where keyloggers are purchased and installed by a jealous spouse or partner, and the use of keyloggers by security services, keyloggers are mostly spread using the following methods):

· a keylogger can be installed when a user opens a file attached to an email;
· a keylogger can be installed when a file is launched from an open-access directory on a P2P network;
· a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits a infected site;
· a keylogger can be installed by another malicious program already present on the victim machine, if the program is capable of downloading and installing other malware to the system.

How to protect yourself from keyloggers

Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date. However, since most antivirus products classify keyloggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common keyloggers.

Let’s take a closer look at the methods that can be used to protect against unknown keyloggers or a keylogger designed to target a specific system.
Since the chief purpose of keyloggers is to get confidential data (bank card numbers, passwords, etc.), the most logical ways to protect against unknown keyloggers are as follows:

1. using one-time passwords or two-step authentication,
2. using a system with proactive protection designed to detect keylogging software,
3. using a virtual keyboard.

Using a one-time password can help minimize losses if the password you enter is intercepted, as the password generated can be used one time only, and the period of time during which the password can be used is limited. Even if a one-time password is intercepted, a cyber criminal will not be able to use it in order to obtain access to confidential information.

In order to get one-time passwords, you can use a special device such as:
1. a USB key (such as Aladdin eToken NG OTP):

2. a ‘calculator’ (such as RSA SecurID 900 Signing Token):

In order to generate one-time passwords, you can also use mobile phone text messaging systems that are registered with the banking system and receive a PIN-code as a reply. The PIN is then used together with the personal code for authentication.

If either of the above devices is used to generate passwords, the procedure is as described below:
1. the user connects to the Internet and opens a dialogue box where personal data should be entered;
2. the user then presses a button on the device to generate a one-time password, and a password will appear on the device’s LCD display for 15 seconds;
3. the user enters his user name, personal PIN code and the generated one-time password in the dialogue box (usually the PIN code and the key are entered one after the other in a single pass code field);
4. the codes that are entered are verified by the server, and a decision is made whether or not the user may access confidential data.
When using a calculator device to generate a password, the user will enter his PIN code on the device 'keyboard' and press the ">" button.

One-time password generators are widely used by banking systems in Europe, Asia, the US and Australia. For example, Lloyds TSB, a leading bank, decided to use password generators back in November 2005.

In this case, however, the company has to spend a considerable amount of money as it had to acquire and distribute password generators to its clients, and develop/ purchase the accompanying software.
A more cost efficient solution is proactive protection on the client side, which can warn a user if an attempt is made to install or activate keylogging software.

Proactive protection against keyloggers in Kaspersky Internet Security
The main drawback of this method is that the user is actively involved and has to decide what action should be taken. If a user is not very technically experienced, s/he might make the wrong decision, resulting in a keylogger being allowed to bypass the antivirus solution. However, if developers minimize user involvement, then keyloggers will be able to evade detection due to an insufficiently rigorous security policy. However, if settings are too stringent, then other, useful programs which contain legitimate keylogging functions might also be blocked.

The final method which can be used to protect against both keylogging software and hardware is using a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be 'pressed' by using a mouse.

The idea of an on-screen keyboard is nothing new - the Windows operating system has a built-in on-screen keyboard that can be launched as follows: Start > Programs > Accessories > Accessibility > On-Screen Keyboard.

An example of the Windows on-screen keyboard

However, on-screen keyboards aren’t a very popular method of outsmarting keyloggers. They were not designed to protect against cyber threats, but as an accessibility tool for disabled users. Information entered using an on-screen keyboard can easily be intercepted by a malicious program. In order to be used to protect against keyloggers, on-screen keyboards have to be specially designed in order to ensure that information entered or transmitted via the on-screen keyboard cannot be intercepted.

Conclusions

This article has provided an overview of how keyloggers – both keylogging software and hardware - function and are used.
· Even though keylogger developers market their products as legitimate software, most keyloggers can be used to steal personal user data and in political and industrial espionage.
· At present, keyloggers – together with phishing and social engineering methods – are one of the most commonly used methods of cyber fraud.
· IT security companies have recorded a steady increase in the number of malicious programs that have keylogging functionality.
· Reports show that there is an increased tendency to use rootkit technologies in keylogging software, to help the keylogger evade manual detection and detection by antivirus solutions.
· Only dedicated protection can detect that a keylogger is being used for spy purposes.
· The following measures can be taken to protect against keyloggers:
· use a standard antivirus that can be adjusted to detect potentially malicious software (default settings for many products);
· proactive protection will protect the system against new ,modifications of existing keyloggers;
· use a virtual keyboard or a system to generate one-time passwords to protect against keylogging software and hardware.

Source: Kaspersky Lab
 
Invisible

Invisible

Admin
Joined
Feb 11, 2006
Messages
9,104
Likes
605
Points
280
Invisible

Invisible

Admin
Joined Feb 11, 2006
9,104 605 280
Thanks Shy,

I went thru this previously but the technology is changing daily... Any updates over this article?
 
MziziMkavu

MziziMkavu

JF-Expert Member
Joined
Feb 3, 2009
Messages
39,977
Likes
5,351
Points
280
MziziMkavu

MziziMkavu

JF-Expert Member
Joined Feb 3, 2009
39,977 5,351 280
Ukitaka na kujilinda na keyloggers Tumia Tools 2 Super Ant-Spyware na Malwarebyetes' Download and Scan By Using SuperAntiSpyware, a next generation product, with its Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware and remove over 1,000,000 pests such as Vundo, ZLob, SmitFraud, WinFixer, VirusRay, and VirusHeat. Repair broken Internet connections, desktops, registry editing, and task manager. The program provides complete and custom scanning of hard drives, removable drives, memory, registry, individual folders include trusting items and excluding folders for complete customization of scanning. Detect and remove spyware, adware, malware, Trojans, dialers, worms, keyloggers, and hijackers. Prevent potentially harmful software from installing or re-installing. First Chance Prevention examines over 50 critical points of your system each time your system starts up and shuts down to eliminate threats before they have a chance to infect and infiltrate your system. Our Direct Disk Access (DDA) technology sees rootkits others miss.

Version 4.25.1012 may include unspecified updates, enhancements, or bug fixes To Download Super-Anti-Spyware Press here SuperAntiSpyware Free Edition - Free software downloads and reviews - CNET Download.com

Download and Scan By Using Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.

Version 1.33 adds safeguard option to prevent users from losing scan results. To Download Malwarebytes' Anti-Malware press here Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com To Download Super-Anti-Virus Press Here http://www.download.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
 
Last edited:
MziziMkavu

MziziMkavu

JF-Expert Member
Joined
Feb 3, 2009
Messages
39,977
Likes
5,351
Points
280
MziziMkavu

MziziMkavu

JF-Expert Member
Joined Feb 3, 2009
39,977 5,351 280
How to detect these Keyloggers and Remove Super AntiSpyware, a next generation product, with its Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware and remove over 1,000,000 pests such as Vundo, ZLob, SmitFraud, WinFixer, VirusRay, and VirusHeat. Repair broken Internet connections, desktops, registry editing, and task manager. The program provides complete and custom scanning of hard drives, removable drives, memory, registry, individual folders include trusting items and excluding folders for complete customization of scanning. Detect and remove spyware, adware, malware, Trojans, dialers, worms, keyloggers, and hijackers. Prevent potentially harmful software from installing or re-installing. First Chance Prevention examines over 50 critical points of your system each time your system starts up and shuts down to eliminate threats before they have a chance to infect and infiltrate your system. Our Direct Disk Access (DDA) technology sees rootkits others miss.

Version 4.25.1012 may include unspecified updates, enhancements, or bug fixes. To Download Super Anti-Spyware http://www.download.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
 
Kweli

Kweli

JF-Expert Member
Joined
Jul 14, 2007
Messages
1,126
Likes
23
Points
135
Kweli

Kweli

JF-Expert Member
Joined Jul 14, 2007
1,126 23 135
Whenever I logged to online banking or sensitive online membership websites, I don't usually strike any keys to enter the log-in informations instead I always open a notepad and write my u'name and p/word then copied and paste to my log-in boxes, this is a good precautions in fending any malicious keyloggers.
 
M

Manitoba

JF-Expert Member
Joined
Jul 8, 2008
Messages
240
Likes
3
Points
0
M

Manitoba

JF-Expert Member
Joined Jul 8, 2008
240 3 0
Whenever I logged to online banking or sensitive online membership websites, I don't usually strike any keys to enter the log-in informations instead I always open a notepad and write my u'name and p/word then copied and paste to my log-in boxes, this is a good precautions in fending any malicious keyloggers.
Would probably help on key logger that associate the key types and the context on which the keys are type.

But if the key logger just collects keys typed, that wont work because they keys would still be collected when you are typing on notepad.
 
M

Manitoba

JF-Expert Member
Joined
Jul 8, 2008
Messages
240
Likes
3
Points
0
M

Manitoba

JF-Expert Member
Joined Jul 8, 2008
240 3 0
Prevention is better than cure.

If you are that worried about your privacy, then making sure no malicious code gets into your PC is the basic first step.

I for one don't normally use anti viruses, spy ware scanners, etc, but I rarely have problems with viruses. Antiviruses and other tools only work most of the times. And in some rare cases, they can be useless. And have seen ppl with 2 anti viruses installed and still have excruciating problems with malware.

You should not allow these things to get into your PC in the first place. The following help to achieve this:

1. Make sure you computer is fully patched all the time.
2. Do not double click on hard drives and flash drives; Right click on them and then click Open or Explore. If you see a bolded "Auto" on the menu (or some chinese stuff), the drive might be infected, use it with all the caution.
3. Do not open anything that you did not create. Some malware disguise themselves to look as folder. Before you double click on a folder that you don't know how it was created, check if it is a folder by checking its properties (right click->properties).
4. Do not download attachment if you did not expects such from the sender. If possible, ask them if they sent such attachment.
5. Learn to use System Restore, it can help you in case you suspect you have just infected your self (most modern malware disable this, but might work for some).
6. Know you computer well, know what is installed. Remove any software you do not use, or software you don't know how it got there.

For those in the technical know, once you know or suspect you are infected, SysIntenals tools might be really helpful especially when anti-viruses do not work in your case:
Windows Sysinternals: Documentation, downloads and additional resources
 
M

Manitoba

JF-Expert Member
Joined
Jul 8, 2008
Messages
240
Likes
3
Points
0
M

Manitoba

JF-Expert Member
Joined Jul 8, 2008
240 3 0
MziziMkavu

MziziMkavu

JF-Expert Member
Joined
Feb 3, 2009
Messages
39,977
Likes
5,351
Points
280
MziziMkavu

MziziMkavu

JF-Expert Member
Joined Feb 3, 2009
39,977 5,351 280
To detect keyloggers Download By Using ThreatFire Free Edition is an application designed to protect your computer against malware such as trojans, spyware, rootkits, keyloggers, and buffer overflows by intelligently detecting and blocking behavior consistent with that of malware.

ThreatFire uses advanced patent-pending technology to detect signs of malicious behavior commonly used by malware threats. ThreatFire is unlike traditional antivirus products that rely on old fashioned "signature" technology and require updating every time a new threat occurs.

By constantly monitoring the activity on your PC ThreatFire's ActiveDefense technology is able to hunt down and paralyze threats that are too new or too clever to be recognized by traditional security software.

ThreatFire employs an intelligent behavioral engine to only alert you on truly malicious behavior, because sometimes even legitimate software may look malicious. This means you are only alerted when you really need to be. To Download ThreatFire Free Edition press here MajorGeeks.Com - Contacting Download Site Itumie hiyo ThreatFire Free Edition itakusaidia kwa kukulindia Computer yako kwa trojans, spyware, rootkits, keyloggers. Na kabla hujaiweka hiyo ThreatFire Free Edition kwenye computer yako kwnza ondosha Trojans, spyware, rootkits, keylogger katika Computer ayko kwa Ku Download na kutumia> SUPERAntiSpyware 4.25.1014 Final Advanced Detection and Removal
Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.
Light on System Resources and won't slow down your computer like many other anti-spyware products. Won't conflict with your existing anti-spyware or anti-virus solution!
Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!

Real-Time Protection
Real-Time Blocking of threats! Prevent potentially harmful software from installing or re-installing!
First Chance Prevention examines over 50 critical points of your system each time your system starts up and shuts down to eliminate threats before they have a chance to infect and infiltrate your system.
Schedule either Quick, Complete or Custom Scans Daily or Weekly to ensure your computer is free from harmful software. To Download SUPERAntiSpyware 4.25.1014 Final press here MajorGeeks.Com - Contacting Download Site ninafikiri matatizo yako yatakwisha Asante.
 
AljuniorTz

AljuniorTz

JF-Expert Member
Joined
Jan 6, 2009
Messages
544
Likes
3
Points
35
AljuniorTz

AljuniorTz

JF-Expert Member
Joined Jan 6, 2009
544 3 35
Nimefuatilia mjadala huu, karibu wachangiaji wote wamezungumzia wanajua athari za kuwepo kwa keyloggers ktk computer.

Nakubaliana nanyi kwamba ni lazima kujikinga dhidi ya madhara ya keyloogers; ila sikubaliani nanyi njia mnayoitumia kujikinga nazo.

Karibu wachangiaji wote wamezungumzia downloaded software (spyware doctors, Ad Aware, Spy Hunter n.k). Kwa mtazamo wangu na uzoefu wangu ktk IT Field, watumiaji wanatahadharishwa sn na downloaded software, hasa spyware removers,malware removers, adware, registry scanners, hata free antivirus programs n.k. kwa sababu zinamadhara nyuma yake. Hii ina maana kuwa utalishusha file unalotaka vzr tu but hilo file ndani yake lina zenye madhara ukishali-run.
Vile vile tuwe makini sn hizi torrent, nyingi zake na virus,spyware wa hatari, worms n.k.

NOTE: Watz tunapenda sn vitu vya bure sina hakika ni kwa sababu ya ukata au umaskini tulionao au ni vipi, lakini ktk pitapita zng nimepita ofisi nyingi sn za heshima na fedha wanayo utakuta wame-download free antivirus n.k computer amenunua zaidi ya milioni moja lakini antivirus ya laki moja anakuwa ni mzito sn, inabidi uchekee pembeni kwa jinsi watu walivyolala. Unajitahidi kumuelimisha lakini wapi.

Nawashauri tutafute Professional Anti Keyloggers, km alivyosema mchangiaji mmoja Professional Antivirus nyingi zinaweza kuzuwia keyloggers; km zone alarm suite, smart security, kaspersky, trend micro internet security, bit defender n.k

Jengine ambalo pia nimeligindua linadharaulika ni Windows updates, hii ni muhimu sn ku-set kulee ktk windows security automatic updates. Unaweza kufanya hivyo kwa kufungua ukurasa huo hapo chini.

Thnx
 

Attachments:

LazyDog

LazyDog

JF-Expert Member
Joined
Apr 10, 2008
Messages
2,478
Likes
17
Points
135
LazyDog

LazyDog

JF-Expert Member
Joined Apr 10, 2008
2,478 17 135
Whenever I logged to online banking or sensitive online membership websites, I don't usually strike any keys to enter the log-in informations instead I always open a notepad and write my u'name and p/word then copied and paste to my log-in boxes, this is a good precautions in fending any malicious keyloggers.
Badala ya kuandika, bora ukakopi character moja-moja toka sehemu, mfano an article. On-Screen Keyboard inaweza kuwa njia bora zaidi. Or together with a method I just describled.
 

Forum statistics

Threads 1,238,869
Members 476,196
Posts 29,334,852