WAYS OF INFECTION
Keyloggers differ from regular computer viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are two major ways unsolicited keystroke logging program can get into the system.
1. A legitimate keylogger can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own keylogger. In both cases a privacy threat gets installed without the monitored user’s knowledge and consent.
2. Malicious keyloggers often are installed by other parasites like viruses, trojans, backdoors or even spyware. They get into the system without user knowledge and affect everybody who uses a compromised computer. Such keyloggers do not have any uninstall functions and can be controlled only by their authors or attackers.
Keyloggers affect mostly computers running Microsoft Windows operating system. However, some less prevalent parasites can be also found on other popular platforms.
WHAT A KEYLOGGER DOES?
- Logs each keystroke a user types on a computer’s keyboard.
- Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
- Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information.
- Monitors online activity by recording addresses of visited web sites, taken actions, entered keywords and other similar data.
- Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space.
- Captures online chat conversations made in popular chat programs or instant messengers.
- Makes unauthorized copies of outgoing and incoming e-mail messages.
- Saves all collected information into a file on a hard disk, then silently sends this file to a configurable e-mail address, uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
- Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.
EXAMPLES OF KEYLOGGERS
There are lots of different keystroke logging applications, both commercial and parasitical. The following examples illustrate typical keylogger behavior. Family Key Logger
is a relatively simple commercial keylogger targeted to parents who need to know what kids are doing online while they are not at home and to users who want to spy on their spouses. Family Key Logger is designed to record all user keystrokes. It doesn’t have additional functionality and must be manually installed. Most legitimate keyloggers are quite similar to Family Key Logger and therefore are not extremely dangerous.
Delf is the entire family of harmful trojans with keystroke logging functions. These parasites not only record every user keystroke, but also give the remote attacker full unauthorized access to a compromised computer, download and execute arbitrary code, steal user’s vital information such as passwords, e-mail messages or bank account details. Delf threats send all gathered data to the attacker through a background Internet connection. Moreover, they can cause general system instability and even corrupt files or installed applications. Perfect Keylogger
is a complex computer surveillance tool with rich functionality. It records all user keystrokes and passwords, takes screenshots, tracks user activity in the Internet, captures chat conversations and e-mail messages. Perfect Keylogger can be remotely controlled. It can send gathered data to a configurable e-mail address or upload it on a predefined FTP server. Although it is a commercial product, it’s even more dangerous than most parasitical keyloggers.
CONSEQUENCES OF A KEYLOGGER INFECTION
Practically all keyloggers are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. During all this time a regular keylogger is able to find out everything about the user. Someone who controls a keylogger gets priceless information including the monitored user’s passwords, login names, credit card numbers, exact bank account details, contacts, interests, web browsing habits and much more. All this information can be used to steal victim's valuable personal documents, money, use his name, address and other identity data for criminal offences.
HOW TO REMOVE A KEYLOGGER?
Most keyloggers work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove keyloggers and related components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta
, Spyware Doctor
, Ad-Aware SE
, eTrust PestPatrol
or Spybot - Search & Destroy
are well-known for perfect keylogger detection and removal capabilities.
In some cases even an antivirus or spyware remover can fail to get rid of a particular keylogger. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.
Not all keyloggers (even if they track your personal information) are illegitimate and needed to remove immediately.