Keylogger basics

The term keystroke logger, or keylogger for short, has come to be associated primarily with its use as an unauthorized or malicious tool installed to secretly capture all of the keystrokes typed on a compromised machine. The reality is that, like many malicious hacker tools, keystroke logging has its roots as an administrative and diagnostic tool. Unfortunately, some of the most helpful tools and utilities can end up being used for evil.

A keylogger is a hardware product or software utility that records every keystroke typed on the computer. It may simply log the keystrokes and require someone to manually retrieve the data, or it could be designed to automatically send the accumulated keylogger data to an e-mail address.

Hardware keystroke loggers are usually a device of some sort that is plugged in to the computer and the keyboard. An observant or suspicious user would be able to visually inspect and find a keylogger such as this. However, some hardware based keyloggers are more stealthy and may be built into the keyboard itself to remain undetected.

A software keystroke logger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL. Simple ones are often invoked at boot via a registry entry. The more stealthy versions are invisible in the process list, can operate at the kernel level and leave invisible registry entries.

More Information Learn how to detect and prevent keyloggers in this tip. Visit our resource center and learn hacking tools and techniques.

The most common method of getting infected with a keylogger is through spyware or rootkits. Malicious Web sites can use known system exploits or poor active scripting security to automatically install the keylogger utility when users visit them. When installed secretly by a spyware utility or other malware, the keylogger can be used to capture user names, passwords, account numbers, social security numbers or any other personal or sensitive information that you type into your keyboard.

For a variety of reasons, not the least of which is the possibility of a keylogger compromising the system, you should be wary of typing any sensitive or confidential information on any public system such as a kiosk or public library computer system. For your own personal computer, or computers in a corporate network environment, it is important to install antivirus and antispyware software and keep it updated. These security programs can detect and remove known keylogger programs. There are also specific anti-keylogger programs available, though with a simple Google search it is easy to see there are many more keyloggers out there than anti-keyloggers.

The tips for avoiding keyloggers are pretty much the same as tips for avoiding any malware. Keep your antivirus and antispyware running and updated, and do not open files or e-mail file attachments from unknown sources. They may very well be Trojan programs that will install a hidden keylogger of some sort and lead to compromising your computer or your identity.

About the Author:
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the author of About.com Guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications.

This tip originally appeared on SearchWindowsSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Malware, Viruses, Trojans and Spyware,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Software security threats and employee awareness training Newest malware threats How to defend against rogue DHCP server malware When BIOS updates become malware attacks Mac OS memory flaws pose challenges for enterprise endpoint protection Malware, Viruses, Trojans and Spyware Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Zeus Trojan evades antivirus software, Trusteer says Machiavelli Mac OS X rootkit unveiled at Black Hat RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.