We’ve heard how hackers will try to bust through the front door by brute forcing a password prompt, but as we covered in that article; hacking is rarely a directed attack. Through spam emails and ads containing Trojan viruses to social engineering using deceptive cold calls, hackers cast their net and deal with whatever gets caught. It’s easier to get through the front door if you can get your foot in there first.
Trojan viruses come in all shapes and sizes, but the intent is always the same: create a back door into a secure system. Once installed, their actions can range anywhere from simply sending telemetric data to zombifying your system. Perhaps the most insidious form that a Trojan can take is the dreaded keylogger.
TAKING YOUR KEYSTROKES
The principle behind the keylogger is simple; every key you press is logged and sent back to whoever deployed it. Everything. From emails to documents, banking information to passwords, it all get compiled and sent to whatever malicious entity is controlling it. This opens up a world of possibilities. A patient hacker can wait for the user to enter their credit card number, or if they want direct access to a system, they have the option to wait until a user inputs their password. A wealth of data flows from the keyboard to the computer, and a keylogger picks it all up.
The trick is therefore just in installing the keylogger and remaining undetected on the system, which is easier said than done. As previously mentioned, a keylogger is most frequently installed on a system via a Trojan virus, but actually obtaining the logged keystrokes can be difficult, as it can open the hacker up to being traced, and their location and identity discovered. Hackers with direct access to a system have more options, as they can install the keylogger directly to the system BIOS (the hardware component in charge of maintaining and executing system configuration before Windows can take over). They can even use a physical keylogger device installed between the keyboard and computer, but those tend to be a lot less common.
HOME ROW DEFENSE
Keyloggers use a variety of methods to get at your information, so it can be difficult to actually discover one that has been installed. The best way to defend yourself is to never pick up a keylogger at all, but even the safest surfing can be compromised. Moving the cursor each time and typing passwords out of order ensures that whatever the hacker receives is completely jumbled, but unless you’re a spy trying to safely transmit classified information, that’s a lot of work for something that may not be on your system at all.
Since keyloggers have been around since the electric typewriter days, most anti-virus and anti-spyware programs have had a lot of time to build a defense and are extremely effective protection. This makes it relatively simple to detect and remove most common keylogger infections by simply running a system scan occasionally. There are even specialized scanners for detecting keyloggers that you can utilize for that extra level of protection.
However, as with almost every type of infection, nothing is 100% effective. Log in to the wrong public computer and every account you use on that system could be compromised. Even ATM’s are occasionally victims of keyloggers, allowing particularly resourceful hackers to collect PINs at the source. Vigilance is therefore the only effective protection. Watch your accounts for strange behavior, then you can react quickly by scanning your system (first) and changing your passwords.