is a software program or hardware device that is used to monitor and log
each of the keys a user types into a computer keyboard. The user who
installed the program or hardware device can then view all keys typed in
by that user. Because these programs and hardware devices monitor the keys
typed in a user can easily find user passwords and other information a
user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure
employees use work computers for business purposes only. Unfortunately,
keyloggers can also be embedded in spyware allowing your information to be
transmitted to an unknown third party.
A keylogger is a program that runs in the background, recording all the
keystrokes. Once keystrokes are logged, they are hidden in the machine for
later retrieval, or shipped raw to the attacker. The attacker then peruses
them carefully in the hopes of either finding passwords, or possibly other
useful information that could be used to compromise the system or be used
in a social engineering attack. For example, a keylogger will reveal the
contents of all e-mail composed by the user. Keylogger is commonly
included in rootkits.
A keylogger normally consists of two files: a DLL which does all the work
and an EXE which loads the DLL and sets the hook. Therefore when you
deploy the hooker on a system, two such files must be present in the same
There are other approaches to capturing info about what you are doing.
- Some keyloggers capture screens, rather than keystrokes.
- Other keyloggers will secretly turn on video or audio recorders, and transmit
what they capture over your internet connection.
A keyloggers might be as simple as an exe and a dll that are placed on a
machine and invoked at boot via an entry in the registry. Or a keyloggers
could be which boasts these features:
- Stealth: invisible in process list
- Includes kernel keylogger driver that captures keystrokes even when user is
logged off (Windows 2000 / XP)
- ProBot program files and registry entries are hidden (Windows 2000 / XP)
- Includes Remote Deployment wizard
- Active window titles and process names logging
- Keystroke / password logging
- Regional keyboard support
- Keylogging in NT console windows
- Launched applications list
- Text snapshots of active applications.
- Visited Internet URL logger
- Capture HTTP POST data (including logins/passwords)
- File and Folder creation/removal logging
- Mouse activities
- Workstation user and timestamp recording
- Log file archiving, separate log files for each user
- Log file secure encryption
- Password authentication
- Invisible operation
- Native GUI session log presentation
- Easy log file reports with Instant Viewer 2 Web interface
- HTML and Text log file export
- Automatic E-mail log file delivery
- Easy setup & uninstall wizards
- Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP
Because a keylogger can involve dozens of files, and has as a primary goal
complete stealth from the user, removing one manually can be a terrifying
challenge to any computer user. Incorrect removal efforts can result in
damage to the operating system, instability, inability to use the mouse or
keyboard, or worse. Further, some key loggers will survive manual efforts
to remove them, re-installing themselves before the user even reboots.