Key loggers Details (lesson:7)

Keyloggers definitionKeylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into acomputer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user.Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and otherinformation a user may not wish others to know about.Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for businesspurposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmittedto an unknown third party.About keyloggersA keylogger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they arehidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in thehopes of either finding passwords, or possibly other useful information that could be used to compromise the system orbe used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by theuser. Keylogger is commonly included in rootkits.A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets thehook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.There are other approaches to capturing info about what you are doing.Somekeyloggerscapture screens, rather than keystrokes.Otherkeyloggerswill secretly turn on video or audio recorders, and transmit what they capture over your internetconnection.A keyloggers might be as simple as an exe and a dll that are placed on a machine and invoked at boot via an entry in theregistry. Or a keyloggers could be which boasts these features:Stealth: invisible in process listIncludes kernel keylogger driver that captures keystrokes even when user is logged off (Windows 2000 / XP)ProBot program files and registry entries are hidden (Windows 2000 / XP)Includes Remote Deployment wizardActive window titles and process names loggingKeystroke / password loggingRegional keyboard supportKeylogging in NT console windowsLaunched applications listText snapshots of active applications.Visited Internet URL loggerCapture HTTP POST data (including logins/passwords)File and Folder creation/removal loggingMouse activitiesWorkstation user and timestamp recordingLog file archiving, separate log files for each userLog file secure encryptionPassword authenticationInvisible operationNative GUI session log presentationEasy log file reports with Instant Viewer 2 Web interfaceHTML and Text log file exportAutomatic E-mail log file deliveryEasy setup & uninstall wizardsSupport for Windows ® 95/98/ME and Windows ® NT/2000/XP
Because a keylogger can involve dozens of files, and has as a primary goal complete stealth from the user, removing onemanually can be a terrifying challenge to any computer user. Incorrect removal efforts can result in damage to theoperating system, instability, inability to use the mouse or keyboard, or worse. Further, some key loggers will survivemanual efforts to remove them, re-installing themselves before the user even reboots.