Useful tips
Computers

Keylogger: what is it, the purpose of the application, how to protect it from it. Keyboard spy

Keylogger - what is it? What is the danger from them? Is it possible to take advantage of the keylogger? What does this entail?

general information

keylogger what is it

In the modern information world is very acutethere is a security issue. Among all the variety of malware, there is a separate keylogger program. What is it? What are the dangers? How to deal with them? Those who know English well, probably translated the name of the program and realized that the conversation will be about the keyboard recorder. That's exactly how their name is translated - keylogger. But on the expanses of the former USSR their official name is keyloggers. What is their peculiarity?

When the program hits the computer, itbegins to perform its tasks in the form of spy functions without the knowledge, participation and consent of a person. It is worth asking the question "Keylogger - what is this?", As it turns out that many do not even realize what a similar program is. And from this follows the sad fact that many users are simply underestimating their threat. But in vain. After all, the main purpose of these programs is to steal and transfer to your creator logins and passwords of user accounts, purses, banking applications.

How do they work?

remote keylogger

Let's look at a small example. Let's say a person has an account in a bank with a hundred thousand rubles on hand - the amount is quite good. He periodically logs into his user's electronic cabinet, using the password and login. And to enter them, you have to use the keyboard. Keylogger also records what and where was introduced. Therefore, an attacker, knowing the password and login, can use the funds, if there are no additional security boundaries like confirmation by phone. Keylogger performs the function of a repeater, which at a certain moment merges all the collected information. Some of these programs even know how to recognize the input language and with which element of the browser the person interacts. And this is complemented by all the ability to create screenshots.

History of development

free keylogger

It is worth mentioning that the keylogger for Windows -the phenomenon is not new. The first such programs were the same age as MS-DOS. Then these were the usual interrupt handlers for the keyboard, the size of which fluctuated around the 1 KB mark. And since then their main function has not changed. They still primarily carry out a secret registration of the keyboard input, record the collected information and transmit it to their creator. The question may arise: "If they are so primitive, then why do not multiple antivirus applications capture keyloggers?". After all, this is a simple program. Nevertheless, specialized applications are difficult to manage. The fact is that the keylogger is not a virus or a trojan. And to find it, you need to install special extensions and modules. In addition, there are so many malicious programs that the signature search, which is considered one of the most advanced security solutions, is powerless against them.

Spread

How do they get to the users' computers? There are many ways to spread. There is also a keylogger with mailing to everyone who is in the address book, they can be distributed under the guise of other programs or while going as an addition to them. Suppose a person downloads an unlicensed version of an application from a completely different site. He sets himself the main application, and with it - and the keylogger. Or can strange emails with attached files come to my email? It is possible that this acted keylogger with sending to the post office. Opening a message does not carry a threat on most services, because it's just a typing. But the annexes to it can be dangerous. When you identify this situation, it's best to get rid of potentially dangerous files. After all, a remote keylogger is not dangerous and can not do anything harm.

Distribution through mail

keylogger for android

Particular attention should be paid to thispaths of transition between computers. Sometimes messages come that seem to have valuable information in themselves or something like that. In general, the calculation is made that a curious person will open a letter, download a file where there is "information" about "enterprise accounting", "account numbers, passwords and access logins" or simply "someone's nude pictures." Or if the mailing is carried out according to the data of some company, the person's name and surname may even appear. It should be remembered that you should always be cautious about any files!

Creation and use

After acquaintance with the previous informationsomeone might think: but I would have had my own free keylogger. And even go to them to search and download. Initially, it should be mentioned that this case is punishable from the position of the Criminal Code. In addition, we should not forget the old saying that free cheese is only in a mousetrap. And in the case of following this path, it should not be surprising if the "free keylogger" will only serve its owner or even become a virus / trojan. The only more or less correct way to get such a program is to write it yourself. But again this is punishable by crime. Therefore, it is worthwhile to weigh all the pros and cons before proceeding. But what should we strive for then? What can be the end result?

Standard Keyboard Trap

keylogger with sending to mail

This is the simplest type, based on onegeneral principle of operation. The essence of the program is that this application is introduced into the process of signal transmission from the moment the key was pressed to the display of the symbol on the screen. For this, hooks are widely used. In operating systems, the so-called mechanism is the task whose task is to intercept system messages, during which a special function is used that is part of Win32API. As a rule, WH_Keyboard is used most often from the presented toolkit, WH_JOURNALRECORD is a little more rare. The peculiarity of the latter is that it does not require a separate dynamic library, so that the malicious program spreads more quickly over the network. Hooks read all the information that is transmitted from the input hardware. This approach is quite effective, but has a number of shortcomings. So, you need to create a separate dynamic library. And it will be displayed in the address space of the processes, so that it will be easier to identify the key logger. What defenders are using.

Other methods

program keylogger

Initially, it is necessary to mention thisprimitive to ridiculous method, as a periodic survey of the state of the keyboard. In this case, a process is started which times 10-20 for a second checks whether certain keys have been pressed / released. All changes are fixed. It is also popular to create a keylogger based on a driver. This is a fairly effective method, which has two implementations: the development of its own filter or its specialized software for the input device. Rootkits are also popular. They are implemented in such a way as to intercept the data during the exchange between the keyboard and the control process. But the most reliable are the hardware for reading information. If only because it is extremely difficult to detect them with software, it is literally impossible.

How about mobile platforms?

keylogger for windows

We have already considered the concept of "keylogger"what it is, how they are created. But when reviewing information, the sight was on personal computers. But even more than PCs, there are many different mobile platforms. And what about the case with them? Consider how the keylogger works for Android. In general, the principle of functioning is similar to that described in the article. But there is no usual keyboard. Therefore, they aim at a virtual one, which is displayed when the user plans to enter something. And then you have to enter the information - how it will be immediately transferred to the creator of the program. As the security system on mobile platforms is lame, the keylogger for android can successfully and for a long time work and spread. Therefore, whenever you download an application, you must consider the rights that are granted to them. So, if the program for reading books requires access to the Internet, the keyboard, various administrative services of the mobile device, this is the reason to think about whether it is a malicious subject. This also applies fully to those applications that are in official stores - they are not manually checked, but automated, which is not perfect.

Read more: