A keylogger is a program that runs in your computer’s
background secretly recording all your keystrokes. Once
your keystrokes are logged, they are hidden away for later
retrieval by the attacker. The attacker then carefully
reviews the information in hopes of finding passwords or
other information that would prove useful to them. For
example, a keylogger can easily obtain confidential emails
and reveal them to any interested outside party willing to
pay for the information.
Keyloggers can be either software or hardware based.
Software-based keyloggers are easy to distribute and
infect, but at the same time are more easily detectable.
Hardware-based keyloggers are more complex and harder to
detect. For all that you know, your keyboard could have a
keylogger chip attached and anything being typed is
recorded into a flash memory sitting inside your keyboard.
Keyloggers have become one of the most powerful
applications used for gathering information in a world
where encrypted traffic is becoming more and more common.
As keyloggers become more advanced, the ability to detect
them becomes more difficult. They can violate a user’s
privacy for months, or even years, without being noticed.
During that time frame, a keylogger can collect a lot of
information about the user it is monitoring. A keylogger
can potential obtain not only passwords and log-in names,
but credit card numbers, bank account details, contacts,
interests, web browsing habits, and much more. All this
collected information can be used to steal user’s personal
documents, money, or even their identity.
A keylogger might be as simple as an .exe and a .dll that
is placed in a computer and activated upon boot up via an
entry in the registry. Or, the more sophisticated
keyloggers, such as the Perfect Keylogger or ProBot
Activity Monitor have developed a full line of nasty
abilities including:
· Undetectable in the process list and invisible in
operation
· A kernel keylogger driver that captures keystrokes even
when the user is logged off
· A remote deployment wizard
· The ability to create text snapshots of active
applications
· The ability to capture http post data (including log-
ins/passwords)
· The ability to timestamp record workstation usage
· HTML and text log file export
· Automatic e-mail log file delivery
All keyloggers are not used for illegal purposes. A
variety of other uses have surfaced. Keyloggers have been
used to monitor web sites visited as a means of parental
control over children. They have been actively used to
prevent child pornography and avoid children coming in
contact with dangerous elements on the web. Additionally,
in December, 2001, a federal court ruled that the FBI did
not need a special wiretap order to place a keystroke
logging device on a suspect’s computer. The judge allowed
the FBI to keep details of its key logging device secret
(citing national security concerns). The defendant in the
case, Nicodemo Scarfo Jr., indicted for gambling and loan-
sharking, used encryption to protect a file on his
computer. The FBI used the keystroke logging device to
capture Scarfo’s password and gain access to the needed file.