Keylogger

The Advancement of the Keylogger spyware

Perhaps you have already heard of keylogger's bad reputation? Well, it's true. The keylogger is perhaps one of the most dangerous spyware programs that can do a lot of damage to you as a person via your personal information, as well as your computer. It can be both software and hardware based. We examine both keylogger versions here.

Keylogger records your keystrokes

A keylogger is a program that runs in your computer’s background secretly recording all your keystrokes. Once your keystrokes are logged, they are hidden away for later retrieval by the attacker. The attacker then carefully reviews the information in hopes of finding passwords or other information that would prove useful to them. For example, a keylogger can easily obtain confidential emails and reveal them to any interested outside party willing to pay for the information.

Keyloggers can be either software or hardware based. Software-based keyloggers are easy to distribute and infect, but at the same time are more easily detectable. Hardware-based keyloggers are more complex and harder to detect. Unless you acquired your computer from a reputable source, for all that you know, your keyboard could have a keylogger chip attached and anything being typed is recorded into a flash memory sitting inside your keyboard. Keyloggers have become one of the most powerful applications used for gathering information in a world where encrypted traffic is becoming more and more common.

Keylogger is difficult to detect

As keyloggers become more advanced, the ability to detect them becomes more difficult. They can violate a user’s privacy for months, or even years, without being noticed. During that time frame, a keylogger can collect a lot of information about the user it is monitoring. A keylogger can potential obtain not only passwords and log-in names, but credit card numbers, bank account details, contacts, interests, web browsing habits, and much more. All this collected information can be used to steal user’s personal documents, money, or even their identity.

A keylogger might be as simple as an .exe and a .dll that is placed in a computer and activated upon boot up via an entry in the registry. Or, the more sophisticated keyloggers, such as the Perfect Keylogger or ProBot Activity Monitor have developed a full line of nasty abilities including:

• Undetectable in the process list and invisible in operation
• A kernel keylogger driver that captures keystrokes even when the user is logged off
• A remote deployment wizard
• The ability to create text snapshots of active applications
• The ability to capture http post data (including log-ins/passwords)
• The ability to timestamp record workstation usage
• HTML and text log file export
• Automatic e-mail log file delivery

Authorities' use of keylogger

All keyloggers are not used for illegal purposes. A variety of other uses have surfaced. Keyloggers have been used to monitor web sites visited as a means of parental control over children. They have been actively used to prevent child pornography and avoid children coming in contact with dangerous elements on the web. Additionally, in December, 2001, a federal court ruled that the FBI did not need a special wiretap order to place a keystroke logging device on a suspect’s computer. The judge allowed the FBI to keep details of its key logging device secret (citing national security concerns). The defendant in the case, Nicodemo Scarfo Jr., indicted for gambling and loan-sharking, used encryption to protect a file on his computer. The FBI used the keystroke logging device to capture Scarfo’s password and gain access to the needed file.

But even more dangerous for your computer system can be botnets - read about them in the next article.

_________________________________________________________________

Related Articles:

• Identity Protection - Identity theft is one of the fastest growing crimes in the U.S. and around the world. Identity thieves employ a variety of methods to get access to your personal info. There are some basic steps to protect your computer and yourself against identity theft. 
• Fighting Spam - Email spam unfortunately is one of the worst "side effects" of having an email address today. Apart from potentially cluttering your inbox, many unsolicited email messages are potential conduits for viruses. 
• Encryption - One of the best ways to protect your computer, your data and information is by using encryption. As the subject of encryption is often little understood, we provide you with more details on what encryption is and how to use it to protect your email. 
• Phishing - Yet another way of stealing your personal information and destroying your privacy. Phishing attacks are usually done via emails, tricking you into click on a seemingly genuine link that takes you to a copycat site, designed to extract your banking or other information leading to your money.