Welcome!

Linux Authors: Pat Romanski, Elizabeth White, Lori MacVittie, Esmeralda Swartz, Liz McMillan

Related Topics: Security, .NET, Linux

Security: Article

Keyloggers: The Undisputed Heavyweight Champions of the Malware World!

Keyloggers work by hooking the Windows or Apple message queue

Keylogging has taking center stage, and it now deserves our proper attention. After all, keyloggers have been identified as the #1 Global Threat to consumers, corporations and government agencies in the recent 2012 Verizon Data Breach Investigations Report. Symantec Corporation coined 2011 as “The Year of the Hack,” when they saw an 81 percent increase in cyber attacks.

Keyloggers have been credited for many of the world’s most notable breaches: RSA/EMC, Lockheed Martin, Google Epsilon, Oakridge Nuclear Weapons Lab, Citibank, World Bank and tens of millions of consumers around the world.

What makes the keylogger the preferred weapon of choice is that they have been designed to avoid detection from anti-virus and anti-malware programs and the fact that they can be embedded into any type of download (mp3, video) or attached to any type of web link. Social Networking websites, like Facebook, have become the favorite place for hackers to propagate their spyware.

Keyloggers work by hooking the Windows or Apple message queue. It is relatively easy to place a hook and inspect all the messages (such as keystroke messages) before they are sent to the application (i.e. desktop application or browser). The keyloggers then log the keystroke messages into a file. Typically, the keylogger communicates with the hacker via an IRC channel and delivers the captured keystroke file to the hacker.

Current anti-virus and anti-malware tools are based on scanning a computer for files with a particular signature. The database containing signatures of known bad files has to be continuously updated. The major caveat in this approach is the existence of the signature of a known problematic file. Spammers and criminals are currently deploying sophisticated software which dynamically changes the file signature, making anti-spam and anti-virus tools no longer effective against keyloggers. Also, there is significant time between detecting a new keylogger on the internet and the anti-keylogging signature being updated on anti-virus/spyware software. This time gap can be a month or longer.

Anti-keylogging keystroke encryption to the rescue. Keystroke encryption uses a different approach to defend against keyloggers. Rather than trying to detect keyloggers, it takes a preventive approach. It takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then encrypted and sent to desktop applications and the browser via an “Out-of-Band” channel, bypassing the Windows and Apple messaging queue. Look for keystroke encryption products with a built in self-monitoring capability, such as GuardedID. This prevents it from being bypassed by other software.

More Stories By Shelly Palmer

Shelly Palmer is the host of NBC Universal’s Live Digital with Shelly Palmer, a weekly half-hour television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.