Keylogger, The Data Theft Crimes
Keylogger is a term attributed to software or hardware used to record keystrokes.
Like
2 blade is actually the kind of positive impact on employee
productivity monitoring, law enforcement and search for evidence of
crime, but, people are more inclined to use this device for crimes such
as hijacking a credit card, theft of critical company data, and so on.
Keylogger can be Hardware can also be the software.
As
the hardware keylogger shaped size AA size batteries to be placed in
the end of the keyboard, so that all data transmitted from the keyboard
to the CPU can read.
Keylogger software is usually in the form of deliberately installed in a PC system with a status usually hidden.
As a Software Keylogger categorized into 5 are:
1. Based
hypervisor, this keylogger can theoretically be in a malware hypervisor
running underneath the operating system, which remains untouched. Keylogger this effectively becomes a virtual machine. Blue Pill is an example.
2. Kernel-based, method is difficult both to write and to be resisted.
Keylogger like this is in the kernel level and thus difficult to detect, especially for user-mode applications.
Keylogger
is frequently implemented as rootkits that subvert the operating system
kernel and gain unauthorized access to the hardware, making it very
strong.
Keylogger
using this method can act as a keyboard device driver, for example, and
thus gain access to any information typed on the keyboard while in the
operating system.
3. Based
API, Keyloggers this "hook" API keyboard; then notify the operating
system keylogger each time a key is pressed and the keylogger will
record it automatically.
API
on Windows, such as GetAsyncKeyState (), GetForegroundWindow (), and
others are used to investigate the state of the keyboard or to monitor
activities of the keyboard.
This
type of keylogger is the easiest to write, but in this investigation
keylogger constant on each key is required, it can cause increased CPU
usage is quite visible, and also can miss some keys.
Examples keylogger can currently investigating the BIOS for pre-boot authentication PINs that have not been cleared from memory.
4. Based capture forms, keylogger that captures our web form submission record by recording the web browsing function shipping.
This entry form before the data over the Internet and through HTTPS encryption.
5. Packet
analyzers, keylogger involves the capture of network traffic associated
with HTTP POST events to retrieve unencrypted passwords.
Keylogger software with remote access
This is a local keylogger software with additional features that allow access to local data recorded from other locations.
Long distance communication can be achieved by using one of these methods:
Data is uploaded to the database, web or FTP server.
The data periodically be emailed to the email address specified.
Data is transmitted wirelessly via a hardware system Talah installed.
This
software enables remote login to the local machine from the Internet or
a local network, to access the data records stored on the target
machine.
Related Features
Keylogger
software allows to add the features that capture user information
without relying on keyboard key presses as the sole input.
Some of these features include:
Clipboard logging.
Whatever has been copied to the clipboard can be captured by the program.
Screen logging.
Screenshot taken to capture graphical information.
Applications
with screen logging abilities may take screenshots of the entire
screen, only one application or even just around the mouse cursor.
These
devices can take screenshots at regular intervals or in response to
user behavior (for example, when the user has clicked the mouse).
A
practical application used by some keyloggers with screen logging
ability to take small screenshots around where the mouse has just
clicked; devices can defeat web-based keyboards (for example, a
web-based on-screen keyboard that is often used by banks) and any
web-based on-screen keyboard unprotected screenshot.
Programmatically capture the text in the control. Microsoft Windows API allows programs to request the 'value' text in some control.
This means that some passwords can be arrested, even if they are hidden behind password masks (usually asterisks).
Recording of any windows / programs / folders are open, including a screenshot of each and every website visited.
Recording
search engine queries, instant messenger conversations, FTP downloads
and other Internet-based activities (including the bandwidth used).
Reference source: wikipedia