Advertisement

KEYLOGGER: A THREAT TO YOUR CYBER WORLD

Posted On April 16, 2012 by Sneha Philipose filed under Miscellaneous

Keyloggers are small programs invisibly installed on a computer that record all keyboard input. Author gives brief introduction about Keyloggers.

Keylogger is a powerful tool for hackers where your personal security is on the edge. If i want to give the definition, I can say, it is a computer program or a hardware which is able to capture your keyboard-characters when you are typing your credit card information for online-shopping or you are logging into you mail server or can steal your tender price quotation for your rival company and send them in a predefined address. Sometimes you are told to use a strong password for your online accounts with the use of mixed characters like $#@, but is it make any sense if your computer has a keylogger installed? I don’t think so, here only one thing can be done, learn more information about it. As my target is to make you aware about keylogger, I am trying to make you aware of software-based keylogger which is the common practise. The hardware-based keylogger is beyond this article.

FUNCTIONALITY: A keylogger can work for different purpose, for which it was made. It can work offline or only works when you become online. It can capture all your characters when you are offline and store them in a temporary file, now when you become online it may send the temporary file or the stored characters in the predefined hacker’s address. It is also capable to send your characters on real-time. It can go for all the characters, which you type, or for specific site-oriented data. For example it sleeps when you are surfing web or downloading something and wake up when you are logging in your gmail or facebook, yahoo account. It also can go for your credit card number (which actually most of the cases happened).

MECHANISM: few years back it was a very hard work, a lot of coding to make the program like keylogger, but now the technology has upgraded. The programming languages have been powerful and provide many built-in function libraries to build this type of program. A keylogger can contain the following mechanism for fulfilling its need.

1. Startup: code which is used for starting the program when windows start after booting. For this purpose a registry editing can be done or other methods as copy the program in user’s start-up folder can also be done. Other methods like boot.ini or autoexec.bat file is used. But most reliable method and hackers usually used registry. The following registry value can be edited for this purpose.

HKEY_LOCAL_MACHINE "Software\\Microsoft\\Windows\\CurrentVersion\\run

2. Online or offline tracing: code which checks about the online or offline status. If it was made to work with online mode, then, if the computer is offline, it goes in a sleepy mode or become active.

3. Tracing window: code which is used to trace a specific site like gmail.com or facebook.com. For this purpose it may use two different methods-tracing the login page in your browser or it can use the site-specific cookie information.

4. Capture keyboard: code routine, which is used to capture your characters when you are typing in keyboard. It is the vital section where coding is done in a way that the captured information can be trust worthy. For this purpose a predefined function is used. This can be done by a C-library function.

#include<windows.h>
#include<stdio.h>

int main(void)
{
                           int a;
  while(1)
      {
             if(GetAsyncKeyState('A'))
              MessageBox(0,"A has been pressed","Keylogger",0);
        }
    
   return 0;
}

In the above the function GetAsyncKeyState () is used to trace the real-time condition of specific key, as in example it is ‘A’.

5. Storing information: the routine code, which is used to store the information in the disk for temporary purpose. This section is vital if the program has been designed to work offline and capture all information.

For this purpose basic file io operations are done.

6. Uploading in web: this routine is used to upload all information that has been captured on web or to mail in a predefined mailing address.

For this purpose socket-programming code may be used.

7. Spreading: this routine code is used to spread the program from computer to computer. It may spread over a LAN or on a WAN basis. It can copy it in the flash-drive and spread over your friend’s computer. This portion thoroughly depends on the hacker’s wish and his programming skill.

8. Hide: this sort of coding is used to make fool your antivirus or your anti-spyware. In this section program tries to make its behaviour normal to other programs like anti-virus.

PROTECTION: Nothing in the world is able to protect you!! Ha ha!!, I am joking. But it is partially true, the only thing that is able to save you—is only your awareness about threats. Though you can take following actions

1. You should use a strong password for your entire online accounts. You must use a password that use a number of uppercase letters, lowercase letters and of course numeric values for example if your password is “nopassword” then you can give it like “NoPaSsWoRd”. Here, what I have done is just maintain a sequence of cap and small characters. This password is harder to break as compare to the firs t one.
2. You must use a up-to-date password, an anti-spyware. You must install a good firewall, which makes your system more bullet-proof.
3. You must change your all online passwords frequently. For example, once in a month.
4. Visit your access related information on your service provider website. It can be quite helpful for you to figure out the threat.
5. The last but not least, your wish to defend the threat. And protect your system.

ABOUT Author:

Author is doing his MCA. He is passionate about computer security, networking and network-programming. You may be contacted at Santanukarmakar22@gmail.com

Comments

Post a comment

Name

Email address

URL

Comment

If you enter anything in this field your comment will be treated as spam