Last updated 1 month 1 week ago by isp-admin

Keylogger


What is a Keylogger?

Simply put, a keylogger is a piece of software that records a user's keystrokes. It runs under the surface and can easily escape the user's attention. Malevolent keyloggers can catch passwords and other critical information as the user types. The collected data can then be forwarded to the keylogger's author, who may use the information to his own purposes. A common example of keylogger activity is the hijacking of World of Warcraft game accounts. An unwary player will enter the game universe to find that his virtual character has had its property stolen by a thief who obtained an account password via a keylogger.

Keyloggers are capable of sending user keystrokes and actual screenshots of user activity back to their creators 1.

Note that not all keyloggers are strictly malicious by design. There are some contexts in which a keylogger's use is acceptable, such as by employers to watch what their workers are doing on company computers 2.

How to Avoid Getting Keyloggers

  • Be extremely wary of emailed attachments 3.
  • Avoid any untrusted websites. It is possible for a website to exhibit keylogging behavior even if a user does not consciously download any files 4. Since it is impossible to always know which sites might harbor browser-based keyloggers, it is a good idea to consistently block Javascript from running (see Blocking Javascript in Firefox with Noscript). Remember, however, that even blocking Javascript does not totally guarantee immunity to keyloggers or other malware.
  • Maintain a competent firewall and antivirus. Make sure that the antivirus program gets regular updates so that it can know about as many extant keyloggers as possible. Also make sure that the antivirus program is configured to stop any threat it detects, including those it may consider only "potentially" harmful 5.

Keylogger Symptoms

Unfortunately, the standard keylogger runs "quietly", not causing symptoms that users are likely to notice. http://securelist.com/en/analysis?pubid=204791931. Worse still, many keyloggers deliberately place themselves inside legitimate programs (these kinds of keyloggers could be referred to as Trojan Horses) 6.

Obviously, any suspicious, inexplicable activity in confidential accounts (such as mysterious money transfers) may indicate an active keylogger.

What to do under Keylogger Attack

  • If a keylogger's presence is suspected, it may be helpful to use a "virtual keyboard" 7. A virtual keyboard is a program that allows keyboard emulation by having the user click on images of keys rather than pressing the keyboard. In Windows 7, a virtual keyboard can be found by searching for "onscreen keyboard" from the Start menu. Note that virtual keyboards themselves may be monitored by spyware.
  • Update and run antivirus software. Ideally, the antivirus will locate any keyloggers and remove them. However, antivirus updates may not detail all existing keyloggers, so it is possible for some keyloggers to survive. All in all, a user who is not computer-savvy should seek aid from an experienced user in the event of keylogger infection.

Useful Tools