[Windows]Keylogger & How to protect yourself

[Windows]Keylogger & How to protect yourself

What is a keylooger?
Keylogger is not necessarily a malicious piece of software, on the contrary, it is being used in many positive ways, such as monitoring your kid's activity, or companies monitoring their machines. But in this article we will be discussing of keyloggers that are being used in harmful ways.

Keylogger, short term for Keystroke Logger, is a software which records your keystrokes and saves them to a specific file on your system. Originally, it would only record what you type and put it in one file. Afterwards, that file would be delivered to the creator of that keylogger. If we must, this is the type of keylogger we want to encounter.

Why?

At this moment, I'm talking about the most basic keylogger with no extra features. This type of keylogger would create a random file on your system, most likely in %APPDATA%, and write all of your inputs, including the name of the windows you wrote. It would be shown in task manager, under 'Processes' tab, and you could get rid of it by simply going to the place of its location, terminating the process and deleting the file. Anyone could download a software that could generate such keylogger and start spreading. Anyone with small brains and any type of antivirus could protect himself against it tho.

However, we will be talking about a bit more advanced type of keylogger which additionally gets encrypted and hidden from security applications on your machine. Could you imagine someone creating a software that silently installs into your machine and gathers all of your information? Pretty sick, huh?! This is very possible, and we experience it on a daily basis.

Advanced Keyloggers offer a wide range of harmful features:

• Startup ( Start the application with windows )
  
• Inject/Melt ( Inject/Melt into specific process and makes it invisible )
  
• Logs to mail/FTP ( Sends logs to attackers E-mail address or via FTP to his web server )
  
• Log eraser ( Clear the logs upon sending them, no trace left )
  
• Full monitoring ability ( Record your mouse clicks, microphone, webcam. Occasionally takes the screenshots and sends them to the attacker. )
  

Sounds pretty wicked, right? You should especially remember the first two features who actually create the keylogger untouchable by the average user.


How do I get infected by a keylogger?

There are several ways to get infected such as Drive-by download, autoexecution via USB ( Applies to Windows XP ), but we will be focusing on the most common which is manually executing the malicious software itself.

Any program can be bound with another one. We are all aware that pirated files and files from untrusted sources can be suspicious. Just imagine someone using a software which allows them to bind their malicious software to any other software. This is pretty scary, isn't it? A tool like this is already inbuilt into the Windows system and allows you to bind one application to another.

What does this mean?

For example, I have a software called CaptainBosnia.exe and a malicious software called keylogger.exe. I start the binder, choose both files and bind the keylogger.exe to CaptainBosnia.exe. This way CaptainBosnia.exe becomes malicious. It will still run the original software, but in the background the keylogger.exe will be installed as well. You wouldn't even notice it getting installed, you would be a victim within few seconds!

How can I protect myself from keylogger?

In this thread, I won't be going into the details of how can you prevent getting infected even if the keylogger is encrypted and hidden from anti-malware software. I will give you a basic software that will prevent your attacker to get the keystroke logs from your machine.

Hide what you type

Key Scrambler is a software that 'scrambles' everything you write and that way protects you from keyloggers, which are in most cases used to gather passwords and sensitive information such as Credit Card information. Basically, everything you write will be twisted and won't pretend as it actually is.

For example, if you write SEO it will twist it and make it appear as Ax29!. There is no rule, it randomly generates the letters and protects you from illegal information gathering.

CONCLUSION

Keylogger is a software used by both, companies and private users, to monitor their workers or children's activity. Easily modified for malicious attacks and hidden from antivirus software. Mostly hidden in 'legal' software you would download, but silently executed and installed to your machine. Used to get sensitive information, capture your webcam, microphone and browser activity. File download is not necessary, can be self-executed via exploits without your knowledge. It comes in various variants and it can be easily hidden from Task Manager, Startup Manager and explorer. No free software can protect you, easily bypasses paid software as well. Be careful what you download and where you do it! Do not download those applications who claim easy money, simple hacks and one click hack tools. It is surely a malware.


If anyone thinks that his machine is being compromised and that he is exposed to third party applications that may be used to gain sensitive information and harm you, please do not hesitate to contact me.