Keyloggers: Detectors, PC Monitors, Keylogger Software, What Is a Keylogger
What Is a Keylogger?
Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where users are unaware their actions are being tracked. Keyloggers can be used for a variety of purposes; hackers may use them to maliciously gain access to your private information, while employers might use them to monitor employee activities. Some keyloggers can also capture your screen at random intervals; these are known as screen recorders. Keylogger software typically stores your keystrokes in a small file, which is either accessed later or automatically emailed to the person monitoring your actions.
How Does a Keylogger Get on Your Computer?
A keylogger can be installed on your computer any number of ways. Anyone with access to your computer could install it; keyloggers could come as a component part of a virus or from any application installation, despite how deceptively innocent it may look. This is part of the reason why you should always be sure you’re downloading files from a trusted resource.
Remot- access software keyloggers can allow access to locally recorded data from a remote location. This communication can happen by using one of the following methods:
- Uploading the data to a website, database or FTP server.
- Periodically emailing data to a predefined email address.
- Wirelessly transmitting data through an attached hardware system.
- Software enabling remote login to your local machine.
Additional features that some software keyloggers come with can capture additional information without requiring any keyboard key presses as input. They include:
- Clipboard logging – Anything that can be copied to the clipboard is captured.
- Screen logging – Randomly timed screenshots of your computer screen are logged.
- Control text capture – The Windows API allows for programs to request the text value of some controls, meaning that your password may be captured even if behind a password mask (the asterisks you see when you type your password into a form).
- Activity tracking – Recording of which folders, programs and windows are opened and also possibly screenshots of each.
- Recording of search engine queries, instant message conversations, FTP downloads along with any other internet activities.
Hardware-based keyloggers can monitor your activities without any software being installed at all. Examples of these include:
- Keyboard hardware - These loggers take the form of a piece of hardware inserted somewhere between the computer keyboard and the computer, typically along the keyboard's cable connection. There are of course more advanced implementation methods that would prevent any device from being visible externally. This type of hardware keylogger is advantageous because it is not dependent on any software nor can it be detected by any software.
- Wireless keyboard sniffers - It is possible for the signals sent from a wireless keyboard to its receiver to be intercepted by a wireless sniffer.
- Keyboard overlays - Overlays are popular in ATM theft cases where thieves capture a user's PIN number. This device is designed to blend in with the machine so that people are unaware of its presence.
How Can I Detect and Remove a Keylogger?
There are a variety of ways to detect a keylogger, though none are a catchall, so if you have reason to suspect your computer has a keylogger, we recommend trying a variety of these tactics:
- Begin by running your antivirus, which can often detect a keylogger on your system.
- Run a program like Spybot Search and Destroy or MalwareBytes to check for certain types.
- Check your task list by pressing ctrl+alt+del in Windows. Examine the tasks running, and if you are unfamiliar with any of them, look them up on a search engine.
- Scan your hard disk for the most recent files stored. Look at the contents of any files that update often, as they might be logs.
- Use your system configuration utility to view which programs are loaded at computer start-up. You can access this list by typing “msconfig” into the run box.
Security Threat Tutorials From Veracode
Written by: Neil DuPaul