Key LoggerBibek Sharma

National College Of Engineering

Introduction Why? Types Detection and Preventaion How Keylogger protect Itself from user?

Today We’ll discuss

Tools used for monitoring and Capturing key

stroke pressed on Key board. person using the keyboard is unaware that

their actions are being monitored. One of the Type Of Spyware .

Key Logger ( Introduction)

To monitor the User’s Activity. To monitor child Activity in the absence of their

parents. To see the Employee’s performance in Corporation To Backup data from accidental Loss. To steal the sensitive information

Like username, Password, credit card no. , pin code ……

Why?

Software Based Key Logger Hardware Based Key Logger

Types

Hypervisor-based: As virtual Machine

e.g. Blue Pills Kernel-based:difficult to write and

detecte.g. Device Driver

API-based: Easy to write and easy to kill

e.g. Getasynckeystate() function

Form grabbing based :log  web form submissions by recording the web browsing onsubmit event functions before encryption.

Software Based Key Logger

Data is uploaded to a website, database or

an FTP server. Data is periodically emailed to a pre-defined email

address. Data is wirelessly transmitted by means of an

attached hardware system. The software enables a remote login to the local

machine from the Internet or the local network, for data logs stored on the target machine to be accessed.

Clipboard logging Screen Logging

Some Extra features

Keyboard hardware Wireless keyboard sniffers: Keyboard overlays (Double Layered ) Acoustic keyloggers(Mobile Kepad Tone ) Optical surveillance(CC Camera,Spy camera)

Hardware Based Keylogger

This method is very popular stealing ATM

machine PIN.

Keyboard OverLay

Optical surveillance (Spy Camera)

It is Like a pendrive which is invisible on

computer. Press hot key to make it visible. There are large no of report Files,just open and

see the Reports.

Hardware Keylogger Report reading Process

Hiding process on Task Manager. Giving False Name like

rundll32.exe,svchost.exe,winlogin.exe,IEEXPLORER.exe

Running Mutual Monitoring Process side by side. Writing Driver which prevent it from killing. Calling dll file using rundll32.exe Keylogger uses Hot Key and password to protect

their Data. e.g.HotKey :- Shift+Alt+S

How Keyloggers protect Itself from user?

Use Anti-Spyware,Anti-Keylogger .e.g:- Spybot Enable “Image Path Name” of Task Manager On

windows 7. Check startup application , msconfig.exe Clear Browser’s cookies after using public

Computer. Use Live CD while using other’s Computer. Use On-screen Keyboard while entering password. Use different Keyboard Layout. Use Smart Card .

Detection And Prevention

Use Speech to Text Services. Use Hand writing recognition Tools. Type Password randomly

if Your password is a1b2c3d4then first type 1234 & then click at first position enter asimilar click on other proper position and enter correspondingletter ,then Key logger logs seems to be 1234[click]a[click]b[click]c[click]d

Detection And Prevention

Screen Shot of Enabling Image Path Name

Be SafeBe Happy

Thank You