About KeyloggersApril 11, 2018 | By Comodo
A keylogger is a software or hardware device designed to secretly track the keystrokes. However, a keylogger as a software is more common and is preferred to keylogging device as a hardware.
Considering the importance of information security, users should be aware that there are two forms of keyloggers – software and hardware.
keyloggers are also used to serve legitimate purposes that include parental control, company security, and more reasons to add.
Though keylogging programs are developed for legitimate intentions, they can very well be used with malicious or criminal intent. In fact, they are primarily used to steal user data.
Furthermore, many keyloggers have rootkit functionality to hide in the system and escape users’ attention.
Comodo Antivirus lab has a dedicated system to identify the keylogging functionality of malware. Some of the keyloggers are Trojan-Spy programs, Trojan-Spy that works to track users’ activities and information, save the information to the hard disk and forward to the malware author. The extracted information would be screenshots and keystrokes which are most often used in stealing banking data.
Why Keyloggers are a Threat
Keyloggers do not pose a threat to the user’s system, however, they do pose a serious threat to users and users’ data. Keyloggers work to extract passwords and login credentials and also confidential information entered through the keyboard. As a result, malware authors can get PIN codes and account numbers, passwords to online shopping sites, email addresses, email logins and passwords, etc.
When the cyber-criminals get a hold of sensitive data, they can exploit the extracted data to transfer the money from the user’s account. Keyloggers can sometimes be used for both political and industrial espionage to access proprietary commercial data and government material, thereby compromising both the commercial and state-owned company’s data.
The working strategy of any keylogger is to get into the event when the key is pressed and when the information about the keystroke is displayed on the monitor.
Following are the ways that keyloggers gain access to the user’s information:
- Video surveillance
- Substituting the keyboard driver
- Terminating DLL functions in user mode
- A hardware bug in the keyboard
- Incorporating filter driver in the keyboard stack
Keylogging can be one of two different categories:
Keylogging devices – these are small hardware devices that are possibly fixed to the user’s keyboard or secretly positioned within a computer or its cable, without their knowledge
Keylogging software – this is a software application developed by malicious programmers to track keystrokes and simultaneously log them.
How Keyloggers Spread
As most of the malware programs do, keyloggers spread in the same way. Keyloggers are spread through the following ways:
- A keylogger is installed when the victim opens a suspicious attachment from the mail
- When a file is introduced on a P2P network, from an open-access directory, a keylogger can be installed.
- A keylogger can be launched through a web page script
- A keylogger can be installed in the victim’s machine through an existing malicious program in the victim’s system.
How to Protect Yourself from Keyloggers
Most of the Information security companies have updated their security products with the latest malware definitions including the prominent keyloggers. So, be sure that your antivirus includes the latest up-to-date malware definition.
Install an antivirus product with latest up-to-date malware definition. As the main intent of keyloggers is to steal confidential banking information – following are the ways to protect the information from unknown keyloggers:
- Implement the use of one-time passwords/ two-factor authentication
- Implement a proactive protection system developed to identify keylogging software
- Prefer to use a virtual keyboard while performing a banking transaction
It is advisable to stay vigilant with a proactive internet security system. Comodo Antivirus works best with proactive protection features like a Default Deny System, Containment technology and Sandboxing battle against even the most threatening keylogging activities.