Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.
A keylogger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by the user. Keylogger is commonly included in rootkits.
A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.
There are other approaches to capturing info about what you are doing.
- Some keyloggers capture screens, rather than keystrokes.
- Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.
A keyloggers might be as simple as an exe and a dll that are placed on a machine and invoked at boot via an entry in the registry. Or a keyloggers could be which boasts these features:
- Stealth: invisible in process list
- Includes kernel keylogger driver that captures keystrokes even when user is logged off (Windows 2000 / XP / 7)
- ProBot program files and registry entries are hidden (Windows 2000 / XP / 7)
- Includes Remote Deployment wizard
- Active window titles and process names logging
- Keystroke / password logging
- Regional keyboard support
- Keylogging in NT console windows
- Launched applications list
- Text snapshots of active applications.
- Visited Internet URL logger
- Capture HTTP POST data (including logins/passwords)
- File and Folder creation/removal logging
- Mouse activities
- Workstation user and timestamp recording
- Log file archiving, separate log files for each user
- Log file secure encryption
- Password authentication
- Invisible operation
- Native GUI session log presentation
- Easy log file reports with Instant Viewer 2 Web interface
- HTML and Text log file export
- Automatic E-mail log file delivery
- Easy setup & uninstall wizards
- Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP/7/8
Because a keylogger can involve dozens of files, and has as a primary goal complete stealth from the user, removing one manually can be a terrifying challenge to any computer user. Incorrect removal efforts can result in damage to the operating system, instability, inability to use the mouse or keyboard, or worse. Further, some key loggers will survive manual efforts to remove them, re-installing themselves before the user even reboots.