A brief description
A keylogger, also known as keystroke logger or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. Using a key logger is one of the easiest ways to hack an (email/bank/social network) account if you have access to victim’s computer.
Keyloggers can be divided into two categories, keylogging devices and keylogging software. Keyloggers which fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes. This software can be installed easily if you have physical access to the computer. If you don’t, you need to rely on more “difficult” methods of deploying it.
The logger may simply log the keystrokes and require someone to manually retrieve the data, or it could be designed to automatically send the accumulated keylogger data to an e-mail address or a shared web hosting space.
DISCLAIMER: The information is for educational use only. I do not condone in any way, shape or form the use of any of these tools/information for illegal purposes! Use any of these files at your own risk! In short, if you try any of this, it’s on you!
OK, so what now?
Most websites will point towards anti-spyware and anti-virus software for the solution. This is a very bad solution.
Anti-virus/spyware software generally work on identifying “signatures” and “virus signatures“. These can easily be changed by using a Crypter such as RDG Tejon. Each time you crypt the file, you can add extra STUB data, which changes the signature. In general, “custom made” key loggers are the exact same code previously used and sold, but with a new signature. More can be found on this forum (requires registration).
Most keyloggers available on the market already have their signatures added to antivirus software, so can easily be detected.
In a 2010 study it clearly shows that antivirus/antispyware sofware is not fit for the job. Ignoring the fact that a Ukranian website voted for Ukrainian software, the concept and methods of testing is legitimate and rather sound. In short, get software specifically designed to find what you’re looking for. If you’re searching for a key logger, get a keylog finder!
What if I have a legitimate use for one?
Use your favourite search engine and download a few to test with or try this useful list as a starting point.
I would recommend running these tests on a computer you don’t care about, or inside of a Virtual Machine. Oracle’s VirtualBox is very easy to use and this limits the potential exposure to having your work/home PC compromised with malicious code. And trust me, there is a lot of malicious code out there – be careful when playing with borderline software!
How can I secure myself even more?
Any remote key logger will need to send information back to the attacker. This is relatively easy to stop. Install a firewall that blocks unknown outbound connections. Most likely, the key logger will try to connect outbound on ports 80 (website), 21 (File transfer) and 25/110 (mail). In Windows firewall, you can disable all programs that connect to port 80 aside from Internet Explorer/Chrome/FireFox which means that the key logger will still record, but never send the data back to the attacker. Here is a brilliantly detailed article on how to configure your firewall under Windows. If you’re using Linux, well, you know how to do this already. If you don’t, remove Linux and install Windows!!
The next thing you can do, is never install software you didn’t get from a trusted source. More often that not, keyloggers/trojans/virus software is installed when it’s attached to something else, like a movie player or a “useful tool” you can download for free.
Separate your work from your play. This simply means that if you have the luxury of multiple PCs, use one for work/personal banking etc. and the other for everything else. Keep one secure! If you’re not so fortunate, use a Virtual Desktop such as Oracle’s VirtualBox.
Know your computer! It’s silly to say and maybe think about it, but how often do you clean your PC? I clean my PC at least once every week (ok, so I’m nuts!), but when I do, I check for any extra cables or gadgets or even thicker cabling! The reason for this is quite simple: it gives you opportunity to double-check that everything is the way it should be, on a physical level. Check your keyboard, check the pads underneath your keyboard, check the connectors, check the cables, check the monitor connections.
Install Antivirus software. Configure it. Install Anti-spyware software. Configure it. Install Anti-Trojan software. Configure it. Install Anti-Keylogging software. Configure it. Install a Firewall. Configure it. Yes, it’s a pain – but so is losing the balance in your piggy bank or important information/documentation!
As a natural matter of security, avoid installing anything on your work/home PC that does not come from a very reputable source. Even then, it’s touch-and-go. A quick look at Sony, Apple and Google show that companies treat users as commodities and not as clients that should be cherished.
Always test new software in a virtual environment. I cannot stress this enough. Downloading that quick tool you need to convert a PDF might just have a virus or a trojan embedded.
Be vigilant. Keep backups. Know your PC and it’s surroundings.