Tuesday 3 January 2012

Keyloggers - Basics

What is Key-logger ?

Keylogger as clear form the name , is something that records the keystrokes. In simple words, it records evrything you type and keeps saving the data recorded it in a text file. A keylogger is meant to be used for positive purposes like spying on your own computer or on your childern's computer.  But these are mostly used for malicious purposes by attackers to steal sensitive data of victims. This sensitive data might be anything that victim types like his email ID,password,banking details etc.

A keylogger can be a hardware or a software.

Hardware Keylogger -  A hardware keylogger is something like normal USB drive that is plugged between keyboard plug and USB socket. It has an inbuilt memory that records all the keystrokes. The obvious limitation of hardware keyloggers is that there physical presence can be easily detected.

Software Keylogger - A software keylogger can be of futher two types.

Local Keylogger- A local keylogger is a software that is installed on a computer,records the keystrokes typed and save them into a text file on local machine. An attacker needs to have a physical access to victim's computer to steal data through local keyloggers.

Remote Keylogger- A remote keylogger is exactly same as local keylogger. But one addtional thing,it does that is it keep sending the textfiles in which data has been recorded to a remote location as specified the user. The remote location can be your email ID,ftp account etc.So Attacker doesn't need to have physical access on victim's computer.

Methodology of attacker in using remote keylogger:

1. Attacker creates a malacious executable file of size in kbs.

2. Attacker might hide this exe file behind any genuine file like a song or image.. Attacker gives this file to victim and victim is supposed to double click on it.

3. As the victim clicks it, the keylogger gets installed in victim's PC without his knowledge. It secretly keeps saving the text typed or keystrokes hit by the victim (and may be a lots of other information of victim activities). As the victim connects to internet, those files are sent to remote location as configured by attacker.

Content From: LH


Post a Comment