Hi quest ,  welcome  |  sign in  |  registered now  |  need help ?

Thursday, September 15, 2011

Keyloggers: What they Are and How to Defend Yourself

A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, “key logger.” The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.

Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission.

Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you’ve been told to type your password into Notepad, then copy & paste it to a web form, that’s bad advice.

Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use “hooks” into the operating system’s keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.

A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.

A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard’s connection to the computer, or replacing the keyboard will solve the problem.

Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user’s need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers.

Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.

An antikeylogger program attempts to detect and disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers. Antikeyloggers are more effective against keyloggers than general antivirus programs because the latter often don’t identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above. But antikeyloggers block all keyloggers they find. KL-Detector is an example of this breed.

KeyScrambler is an anti-keylogger that workds a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes.

Some antispyware programs detect keyloggers by signature or by behavior; for example, programs which hook into keyboard APIs may be flagged as potential keyloggers. Ad-Aware, Malwarebytes Antimalware, SUPERAntiSpyware, Spybot-Search & Destroy and Windows Defender are examples of general purpose anti-malware apps that also have keylogger detection ability.

A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to “phone home” with its log file.

Other articles you might like;

View the original article here

No comments:

Post a Comment