How to detect keyloggers

BROWSE BY TAG Information Security Threats,   Malware, Viruses, Trojans and Spyware,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Threats How to get rid of malware, botnets on a hospital IT network Should a national cybersecurity strategy include offensive botnets? How can search results lead to malware? How to prevent brute force webmail attacks How to prevent mobile phone spying What are today's antivirus software trends? How to detect input validation errors and vulnerabilities Can secure USB devices prevent man-in-the middle attacks How to prevent and build protection against online identity theft Is there a spy on my mobile device? Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Having devices and/or software that captures all of your keystrokes and sends them to a malicious third party is a pretty terrifying concept. It's important to keep in mind, however, that there are different types of keyloggers available to attackers. Hardware-based keyloggers, for example, attach between the keyboard and the USB or serial port on the back of a computer. These can be easily detected by tracing the cable from your keyboard to your computer and seeing if there is anything between them.

Software keyloggers, though, can be far more difficult to detect and remove. After all, they are rarely named "evil keylogger.exe" when installed. Often malware, like keyloggers, have names that are similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious one.

I recommend becoming familiar with tools that are generally used for detecting rootkits. Many of the tricks that rootkits use to hide on computers are also used by keyloggers, and keyloggers are often incorporated into various rootkits.

Tools like IceSword, FileMon and F-Secure plc's Backlight utility are great for seeing the internal workings of a system. I would also recommend keeping your antivirus product up to date, since many of the AV vendors have signatures for common keyloggers.

To verify that the malicious code is gone, monitor the network traffic to and from your system with a tool like Wireshark to ensure that the system is not communicating with the attacker.