Keyloggers are used for monitoring users’ behaviours, and for gathering information such as personally identifiable or otherwise private or critical information. Keyloggers are different from other types of spyware or malware such as viruses and worms. They share the system resources (e.g. CPU and memory) with legitimate programs, stay resident on the system invisibly for as long as is required, and are carefully and simply designed to do their tasks without attracting the attention of users.


Hardware Keyloggers

Hardware keyloggers are small electronic devices used for capturing the data in between a keyboard device and I/O port. They store the keystrokes in their built-in memory after being mounted in a computer system. There are a number of commercial hardware keylogger products available. Most models are plugged into the end of the keyboard cable while others are installed inside the computer case, inside the keyboard port, or directly inside the keyboard itself. This hardware does not use any computer resource. It cannot be detected by anti-viral software or scanners since it works on the hardware platform. It also does not use the computer’s hard disk to store the keystroke logs. The captured keystrokes can be stored in encrypted form in its own memory, which generally exceeds 2MB. A hardware keylogger costs about $50–150. Some keyboards are even designed with built-in hardware keylogger functionalities, and even though it has not yet been reported, it would be possible to design special keylogger hardware that is supported by Bluetooth technologies as well. Compared to software keyloggers, the major disadvantage of hardware keyloggers is that they require physical installation in the keyboard or computer case.

Software Keyloggers

Software keyloggers track systems, collect keystroke data within the target operating system, store them on disk or in remote locations, and send them to the attacker who installed the keylogger. Monitoring methods for software keyloggers are operating system specific. Windows operating systems (WOS) contain an event mechanism. When a user presses a key in the WOS, the keyboard driver of the operating system translates a keystroke into a Windows message called WM_KEYDOWN. This message is pushed into the system message queue. The WOS in turn puts this message into the message queue of the thread of the application related to the active window on the screen. The thread polling this queue sends the message to the window procedure of the active window. This kind of messaging mechanism works for other events like mouse messages. There are four main methods for developing keylogger systems:

• The Keyboard State Table method
• The Windows Keyboard Hook method
• The Kernel-Based Keyboard Filter Driver method
• Creative methods

Software keyloggers have a number of functionalities. Here is only a partial list of some of the information keyloggers sense, record, and transmit:

• Keystrokes
• Sites
• Chat
• Application / Program
• Printing Activity Recording
• System Logon/Logoff
• Clipboard Monitor
• File/folder Monitor
• Screenshots Recording
• E-mail Reporting and Alerting
• Invisible Mode
• Hot Key and Password Protection
• Find Keyword

Coming Up Soon…

A Paper on Keylogger: Malware


[1]“Keyloggers, Increasing Threat to Computer Security”, IEEE TECHNOLOGY AND SOCIETY MAGAZINE, FALL 2009


Comments are closed.

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 45958 items have been purified.