Disclaimer
The information provided in this article is purely for educational purpose and for computer security awareness. The views expressed in this article are purely based on my experience and does not reflect the views of my present or past employers. The author does not promote computer hacking in any way or the misuse of this information against any individual or organization. Computer hacking and identity theft is a punishable offense. The author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by the use of information provided in this article. By reading this article you agree to those terms.
Introduction
We are living in the cyber age. Computers are being used in some of the most important places. Just as we are concerned about our physical security, we must have a basic awareness of security for our cyber presence as well. There is a saying that a similarity exists between a successful magic trick and a successful hack. After the act, everyone has one mystery question: How did you do that? This article attempts to throw light on one of the most common way of information theft - keystroke logging.
Key loggers
In its most basic definition it is something which captures the keystrokes typed on your keyboard. Typically a software keylogger saves these keystrokes in a file and may periodically send the file over the network to the owner of the program. Although there are hardware keyloggers a well, which can be physically plugged into the computer, these are less common in usage since they come for a price. In this article, the keylogger refers to a software based keylogger only.
How they work
A typical keylogger captures all the keystrokes that are being typed through the keyboard by hooking itself to the keyboard api, it saves the data in a file, including the details like the usernames and passwords you enter, credit card details, websites you visit, the applications you opened, screenshots, and so on. Depending on the features available, a keylogger can encrypt the data and upload it to an ftp site, post it to an http site or email it to the bad guy.
The bad guy can simply read that file, login to your account, and change the password or misuse bank accounts and credit cards.
The bad guy can simply read that file, login to your account, and change the password or misuse bank accounts and credit cards.
How can they infect your computer
Technically a keylogger is only a piece of code that logs keystrokes, they could be a part or only a feature of a Trojan horse or a malware. There are can be numerous ways a malware can intrude your computer and I would list the most common ways:
1. Someone, may install it manually on your computer or on a public computer.
2. Your browser may be vulnerable to a web based attack, and by visiting a malicious website, the malicious website may cause your computer to download and install malware/trojan/keylogger.
3. Removable media/usb drive worms.
4. Malicious software install through P2P networks.
5. Worms that use Network vulnerabilities to move around.
6. Keylogger binded with a genuine program.
There are softwares commonly known as binders, which can attach a keylogger to a genuine program. For eg. a bad guy could use a binder to bind the keylogger executable to a genuine executable say a 'game', and then he would ask you to try this new 'exciting' software. When the user executes the game executable, it runs the keylogger as well, and even though the game is genuine, it did much more harm to your computer by covertly installing a malware. Software cracking programs like a key generator is a good 'game' example and are frequently binded with malwares.
1. Someone, may install it manually on your computer or on a public computer.
2. Your browser may be vulnerable to a web based attack, and by visiting a malicious website, the malicious website may cause your computer to download and install malware/trojan/keylogger.
3. Removable media/usb drive worms.
4. Malicious software install through P2P networks.
5. Worms that use Network vulnerabilities to move around.
6. Keylogger binded with a genuine program.
There are softwares commonly known as binders, which can attach a keylogger to a genuine program. For eg. a bad guy could use a binder to bind the keylogger executable to a genuine executable say a 'game', and then he would ask you to try this new 'exciting' software. When the user executes the game executable, it runs the keylogger as well, and even though the game is genuine, it did much more harm to your computer by covertly installing a malware. Software cracking programs like a key generator is a good 'game' example and are frequently binded with malwares.
Security against key loggers
Its hard to manually detect a keylogger installed, since they are good at being stealthy and almost impossible to find for a novice computer user. Detecting a keylogger requires a good knowledge of how a malicious code works and is out of scope for this article. AntiViruses do not provide 100% security from keyloggers. An antivirus works on the basis of known signatures, and so if the new keylogger signature is unknown, the antivirus will not report it.
Nevertheless an updated antivirus gives you a fair amount of protection against previously known and latest threats. Thats why its advisabe to keep your antiviruses updated. In case you suspect a file to be malicious, and your antivirus fails to detect it, you can submit it to an online malware scanner like virustotal.com, which can scan it with the most popular anti virus softwares.
Nevertheless an updated antivirus gives you a fair amount of protection against previously known and latest threats. Thats why its advisabe to keep your antiviruses updated. In case you suspect a file to be malicious, and your antivirus fails to detect it, you can submit it to an online malware scanner like virustotal.com, which can scan it with the most popular anti virus softwares.
Precautions against keylogger attacks
1. Do not login to your sensitive accounts from a shared computer which does not belong to you. (cyber cafe or in a college lab, even your best friend's computer)
2. Make sure you login from a computer, such as your personal one, or your office one, that no one else uses.
3. Keep your personal computer physically safe, so that no one installs anything without your permission.
4. You can use an on screen keyboard for entering your password, since it never uses keystrokes, but mouse clicks. This feature can be seen on most of the banking sites today, where for logging in your internet account, you are required to use an onscreen keyboard.
5. Always set up the account recovery details like Forgot Password, security questions and answers carefully, so that if ever the account gets lost, you should be able to recover it. It is the easiest and most powerful way of recovering a hacked account,
and also the most basic one that we ignore. The details should not be obvious, such that even the closest of your friends cannot guess it.
Learn and start using a linux. Chances will be very rare that you will be a victim of a keylogger attack beacuse of the following reasons:
1. The attacks are technically very easy to be performed on windows. (Windows is popular as well, and there are uncountable number of keyloggers available for windows. Also writing a keylogger for windows is not very difficult.)
2. A novice computer user is likely to use windows.
3. Since majority of the computer users worldwide use windows, the bad guys make malicious tools targetting windows to reach a greater market, Linux users are not so favorite victims.
4. Keyloggers exist for linux, but installing them is not an easy task (i.e. without root)
2. Make sure you login from a computer, such as your personal one, or your office one, that no one else uses.
3. Keep your personal computer physically safe, so that no one installs anything without your permission.
4. You can use an on screen keyboard for entering your password, since it never uses keystrokes, but mouse clicks. This feature can be seen on most of the banking sites today, where for logging in your internet account, you are required to use an onscreen keyboard.
5. Always set up the account recovery details like Forgot Password, security questions and answers carefully, so that if ever the account gets lost, you should be able to recover it. It is the easiest and most powerful way of recovering a hacked account,
and also the most basic one that we ignore. The details should not be obvious, such that even the closest of your friends cannot guess it.
Learn and start using a linux. Chances will be very rare that you will be a victim of a keylogger attack beacuse of the following reasons:
1. The attacks are technically very easy to be performed on windows. (Windows is popular as well, and there are uncountable number of keyloggers available for windows. Also writing a keylogger for windows is not very difficult.)
2. A novice computer user is likely to use windows.
3. Since majority of the computer users worldwide use windows, the bad guys make malicious tools targetting windows to reach a greater market, Linux users are not so favorite victims.
4. Keyloggers exist for linux, but installing them is not an easy task (i.e. without root)
In the End
Awareness against keyloggers is an important step in protection against malicious code and an average computer user should be aware of these threats. As we mover deeper into the cyber world the responsibility of protection our information relies solely on ourselves. Having a good updated antivirus is always a good practice. But just as having cops in the city does not ensure we cannot be robbed in a bad neighbourhood, buying an antivirus does not mean we cannot be attacked by a malicious code.
Disclaimer
The below mentioned links are meant for an analysis of keyloggers and anti keyloggers. The author is not related to these projects in anyway nor he confirms the authenticity of the claims made by the project owners. The author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by the visting or by the use of information or softwares provided in those websites.
References
For those who are interested in knowing more about different types of keyloggers, there is a website which does a comparison :
http://www.keylogger.org/
And a corresponding project which does the same for the detection of keyloggers:
http://www.anti-keylogger.org/
http://www.keylogger.org/
And a corresponding project which does the same for the detection of keyloggers:
http://www.anti-keylogger.org/
RSS Feed