What's a Key logger

1
What's a Key logger?

• From www.Wikipedia.org
• A key logger is a diagnostic used in software
  development that captures the user's keystrokes.
  It can be useful to determine sources of error in
  computer systems.

2
Topics

• What they can do
• What they are used for
• Different types
• How the work
• Hardware
• Software
• The Windows Hook

• Examples
• How it can happen to you
• Detection
• Temporary Prevention
• Removal

3
What can they do?

• Capture keystrokes
• Take screenshots
• Send e-mails with logged information
• Steal sensitive personal information
• General spying

4
Uses of a Key Logger

• Legal uses
• Watch activity on a business network
• Parental controls for children to find what their
  kids are surfing
• Troubleshooting a system
• Illegal uses
• Steal peoples usernames and passwords
• Steal credit card information
• General spying to gain privileged knowledge

5
Types of Key Loggers

• Hardware Key loggers
• A physical device that is set up on a machine to
  capture key strokes
• Software Key loggers
• Software installed by an administrator that runs
  in the background
• http//www.widestep.com/key-logger-elite-purch
  ase

6
How a Hardware Key Logger Works

• Captures all I/O from the keyboard to the machine
  recording all information into a log. This log is
  saved and can be accessed later.
• Example
• http//www.keyghost.com/demo10.htm

7
How a Software Key Logger Works

• Sometimes created as a Visual Basic executable
• Sometimes created as an I/O driver with a hidden
  key logger code.
• Usually written in C/C using Windows Hooks

8
The Windows Hook

• A Windows Hook is a point in the system-messaging
  mechanism where an application can install a
  procedure to intercept message traffic before it
  reaches the target Windows procedure.
• There is a hook chain which is a pointers to
  different hook procedures.
• From http//www.denison.edu/mathsci/mcurcsm2003/pa
  pers/keyloggers.pdf

9
Key loggers using Windows hook

• A key logger can create a procedure within the
  hook chain to have all data that is sent through
  the chain recorded and logged.
• Once someone understands the Windows Hook, key
  loggers are not hard to create.
• A key logger can also be hidden from the process
  list and task bars very easily

10
Software Key Logger Example
11
Hiding a Key Logger
12
Ways of Getting Key Logged

• Network administrator using a key logger to
  monitor the network traffic
• Someone putting a physical device on your machine
• Accepting files you think are safe but actually
  contain malicious hidden code
• Someone gaining administrative access to your
  computer

13
Key logger Detection

• In comparison to other spyware, a key logger is
  one of the hardest to detect.
• Some symptoms
• May cause some slow down in response time
• Notice charges on financial statements that were
  not made by you
• Notice outgoing e-mails from your computer.
• Wire hanging out the back of your machine you
  didnt put there

14
Temporary Prevention

• If you think your infected
• Raise your security settings on anti-virus
  software or firewalls.
• Make sure settings will give you alerts to
  manually control internet traffic
• Unplug your internet or disable your network
  device
• If you can obtain their e-mail address fight back
  by signing them up for spam ?

15
Removal

• Trusted software removal
• Adaware
• www.lavasoft.com
• Norton Antivirus
• www.symantecstore.com
• McAfee antivirus
• www.McAfee.com
• Manual removal and registry altering (not
  recommended)
• Format your hard drive and re-install your
  operating system

16

• Questions?