hacked_by_a_keylogger. This may not be a complete or an expert guide, but rather a beginner level guide for introduction to keyloggers based on my own experience. Sorry for poor formatting, and weird color choice, I pretty much suck at this. :(
Keyloggers
How they get installed.
Technically a keylogger is only a piece of code that logs keystrokes, they could be a part or only a feature of a Trojan horse or a malware. Now there are can be numerous ways a malware can intrude your computer and I would list the most common ways:
Technical Solutions for keylogger safety:
Some suggesstions:
Even better suggesstions:
Best Suggesstion:
Stop using internet, and switch to Postal service. :)
Happy Learning!
Keyloggers
Its a software which captures the keystrokes you type on your keyboard. They come in different flavors, with a good number of features. They can capture the sites you visited, take screenshots, and the applications you opened. They save these keystrokes in a file and may periodically send/email them to the bad guy. Although there are hardware keyloggers as well, which can be physically plugged into the computer, but those are less common since they come for a price. For this post, the keylogger refers to a software based keylogger only. So whatever details you entered as username/password or any website that you looked for will be sent to the bad guy.
(I rather prefer to use the term bad guy, instead of arguing the difference between the terms hacker and cracker)
(I rather prefer to use the term bad guy, instead of arguing the difference between the terms hacker and cracker)
Most common places where keyloggers can be found are computers with public access, especially cyber cafes and computer labs in a college. Be careful while visiting Cyber cafes and public computers, these are the most vulnerable places where a bad guy can easily install a keylogger.
The keylogger captures all the keystrokes that are being typed through the keyboard, and saves them in a file, including the details like the sites you visited, the applications you opened, even screenshots, and so on. And so after you leave the bad guy can simply read that file,
login to your account, and change the password. And its hard to find a keylogger installed, since they are good at being stealthy and almost impossible to find for a novice computer user. The bad guys in these scenarios are mostly young kids or someone who wants to exploit his new found 'keylogger' knowledge just out of curiosity. They just set up a trap and wait for any victim to fall in it. Or you might be the victim of your tech savy boyfriend who enticed you
into using his 'new' laptop for checking your account. Thats a bit of social engineering. :)
The keylogger captures all the keystrokes that are being typed through the keyboard, and saves them in a file, including the details like the sites you visited, the applications you opened, even screenshots, and so on. And so after you leave the bad guy can simply read that file,
login to your account, and change the password. And its hard to find a keylogger installed, since they are good at being stealthy and almost impossible to find for a novice computer user. The bad guys in these scenarios are mostly young kids or someone who wants to exploit his new found 'keylogger' knowledge just out of curiosity. They just set up a trap and wait for any victim to fall in it. Or you might be the victim of your tech savy boyfriend who enticed you
into using his 'new' laptop for checking your account. Thats a bit of social engineering. :)
AntiViruses dont provide 100% security from keyloggers. An antivirus works on the basis of known signatures, and so if the new keylogger signature is unknown, the antivirus wont report it. But a good updated antivirus gives you a good amount of protection against previously known and latest threats. Thats why its advisabe to keep your antiviruses updated.
How they get installed.
Technically a keylogger is only a piece of code that logs keystrokes, they could be a part or only a feature of a Trojan horse or a malware. Now there are can be numerous ways a malware can intrude your computer and I would list the most common ways:
- Someone, may install it manually on your computer or on a public computer.
- Your browser may be vulnerable to a web based attack, and by visiting a bad site, the bad site may cause your computer to download and install malware/trojan/keylogger.
- Removable media/Pen drive worms.
- Virus infected software install.
- Worms that use Network vulnerabilities to move around.
- Keylogger binded with a genuine program. (yeah, you can say a trojan horse)
There are softwares commonly known as binders, which can attach a keylogger to a genuine program. For eg. your friend could use a binder to bind the keylogger executable to a game executable, and then he would ask you to try this new 'exciting' game. When the user executes the game exe, it runs the keylogger as well, and even though you find the game exciting, it did much more harm to your computer by covertly installing a malware. - Therefore its important that you download executables from trusted sources on the internet. And you pay attention to the software that is being installed on your computer.
- Something that I may not be aware of! :/
Technical Solutions for keylogger safety:
Finding whether a keylogger is installed or not on a computer is not an easy task and quite technical. Some common hints to look for: Most of the trojans, viruses, worms and keyloggers and any other malicious software are most likely to do
one thing:
Start the malicious program, when the computer starts.
So you can go ahead searching for places like start folders, Windows Registry (run) and so on. I think you can google about this for improving your windows knowledge. Even a worst case would be when the malicious program isnt exacly a program but a library like a dll, and instead of starting the malicious program at computer start, it will insert itself in an already existing genuine program like Explorer.exe which loads at startup.
I remember a case when I was hunting for a malicious dll on my personal computer. It was running, but I could not find it in the process list. Ultimately I used a tool called ProcessExplorer
(http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
which can search for loaded dlls and windows handles in executables. And I found the malicious dll loaded inside Explorer.exe! In such a case, the dll wont be listed in the Run key of windows registry, but as an library argument to a genuine executable like explorer.exe.
Care must be taken while editing your windows registry and while looking for suspicious files. Any mess could result in your windows getting crashed. The best way is to google the file/key name and find out the details. Look out for tricks like SVCHOST.EXE and SVCH0ST.EXE, the first one is a genuine windows process and acts as a host file to various services, whereas the latter one has a zero instead of 'O' and is certainly trying to disguise itself.
But as I said, in worst cases, there is no guarenteed way of finding it and requires an expert eye.
one thing:
Start the malicious program, when the computer starts.
So you can go ahead searching for places like start folders, Windows Registry (run) and so on. I think you can google about this for improving your windows knowledge. Even a worst case would be when the malicious program isnt exacly a program but a library like a dll, and instead of starting the malicious program at computer start, it will insert itself in an already existing genuine program like Explorer.exe which loads at startup.
I remember a case when I was hunting for a malicious dll on my personal computer. It was running, but I could not find it in the process list. Ultimately I used a tool called ProcessExplorer
(http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
which can search for loaded dlls and windows handles in executables. And I found the malicious dll loaded inside Explorer.exe! In such a case, the dll wont be listed in the Run key of windows registry, but as an library argument to a genuine executable like explorer.exe.
Care must be taken while editing your windows registry and while looking for suspicious files. Any mess could result in your windows getting crashed. The best way is to google the file/key name and find out the details. Look out for tricks like SVCHOST.EXE and SVCH0ST.EXE, the first one is a genuine windows process and acts as a host file to various services, whereas the latter one has a zero instead of 'O' and is certainly trying to disguise itself.
But as I said, in worst cases, there is no guarenteed way of finding it and requires an expert eye.
Some suggesstions:
- Do not login to your accounts from a shared computer and that does not belong to you. (Even your best friend's computer)
- Make sure you login from a computer, such as your personal one, or your office one, that no one else uses.
- Do not login to your accounts using a public computer like in a cyber cafe or in a college lab.
- Keep your personal computer physically safe, so that no one installs anything without your permission.
- You can use an on screen keyboard for entering your password, since it never uses keystrokes, but mouse clicks. This feature can be seen onmost of the banking sites today, where for logging in your internet account, you are required to use an onscreen keyboard. Sometimes optionally and sometimes its mandatory.
- I found an interesting reference on the wiki page for keyloggers, that you may like to read. (How To Login From an Internet Cafe Without Worrying About Keyloggers) http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf
- There are some more useful links on the wiki page as well. http://en.wikipedia.org/wiki/Keystroke_logging
Even better suggesstions:
Learn and start using a linux. If you are a beginner, I would suggest an Ubuntu. (Not that I have tried other flavors, but because I find Ubuntu to be quite friendly, and its excellent support forum has solutions for most of the problems. Most likely you will not be the first one to have that problem. :)) Its easy to use and install and hardly within a month you will find yourself in a comfortable position. Linux is no more an OS used only by tech Gurus. :). Dont worry if you think you suck at Linux, we all do suck at something. Every expert was once a beginner.
Chances will be very rare that you will be a victim of a keylogger attack.
Chances will be very rare that you will be a victim of a keylogger attack.
- The attacks are very easy to be performed on windows. (Windows is popular as well, and there are thousands of keyloggers available for windows. Also writing a basic keylogger isnt a very hard stuff.)
- A novice computer user is likely to use windows.
- Since majority of the users worldwide use windows, the bad guys make bad tools targetting windows, so Linux users are not so favorite victims.
- Keyloggers exist for linux, but in most cases installing them isnt an easy task (i.e. without root)
- Given the above points, in my opinion, a Linux user is very less likely to get hacked through a keylogger.
Best Suggesstion:
Stop using internet, and switch to Postal service. :)
Happy Learning!
0 comments:
Post a Comment