What is a Keylogger?

Anyone using a decent anti-virus program and has contracted a virus may have seen a keyloger. But what are they and how can they affect your daily life?

The origins of keylogger applications where within a business environment to monitor staff, the method of keylogging was also used by law enforcement to monitor criminals activities.
There are a large number of keyloggers online that can be used in this way to alow for business to monitor their employees (Invasion of privacy or not some companies will monitor their staff and it very likely that it will have been written into their contracts.)

But as with many elements within the digital domain, it wasnt long after the conception of these application a criminal entities saw the use and benefits of keyloggers. I mean what could be better than being able to monitor a targets keystorkes from an external location.
Think about the amount of personal information you type into your system everyday, passwords, user names and credit card numbers. By combining all of these bits of data there are numarous amount of crime that can be committed.

The methods for attack can range from a simple hardware based keylogger that can be incredibly difficult to find and detect unless you know what you are doing. The image below show 2 of the hardware based keyloggers than can be used to monitor your keystrokes. These little devices get connected between the keyboard and the compter. In some instances these devices can detect the keystrokes even before the operating system.
Some of these devices require the attacker to go and physically collect the device in order to retrieve the data.
Some of the more sophisticated device of this nature alow for remote connection, meaning that the attacker can collect and almost unlimited amount of data.

hardware-keylogger
2 hardware based keyloggers (On the right is a PS2 connection & On the left a USB connection)

Software based keyloggers are a much more favored method of attack as it requires no physical access to the target system and can be deployed across and almost unlimited number of devices at no cost to the attacker.
They can be deployed via any number of methods to deploy malware. From downloading a malicious file and it being executed from there.
Much in the same way a hardware keylogger sends the recorded keystorkes to an external server, software based keyloggers can also be used to send data to a remote location.

While it might seem like a complex and daunting task to develop and build an application of this nature it is actually much easier that one would initially think. After a simple google you can find 100’s of tutorials and examples of code online.

Meaning that anyone from a casual script kiddie to a experienced programmer can develop a keylogger. Granted the methods used to develop the applcation would vary on the skill set of the attacker, the end result would ultimitly be the same.

Current Research Focus

For anyone who’s taken the time to view the about us section of Michael Talks Tech, they will see that I am currently in my final year of university. As a result Michael Talks Tech has had to take a step back due to the amount of work I am dealing with at the moment.

My current research focus is within the domain of malware, I felt this was the best move for me due to my background and general interests.

Narrowing down the broad spectrum that is malware to a specific focus has led me down the path of Keyloggers. I found this domain intriguing as it allowed for my research to cover Cyber Security and loosely link into a small amount of Social Engineering.

As part of my research I have also been developing methods to scan and search for keyloggers on a system, this has led me down the path of MD5 signatures. Although I am aware that the method of detecting malware using MD5 signatures is a slightly outdated method (In comparison to self learning detection methods)

This further led me down the path of machine learning to detect for malware using both MD5 signatures as well as the sandboxing method. Sandboxing is an interesting method deploy as it requires the program to run the application in a ‘Sandbox’ environment and from their it will check the suspected applications interactions with the operating system.

There is currently a prototype application in development aimed at detecting and removing malware applications. And as a result of all this I have been having to put Michael Talks Tech on the back burner as it was becoming almost a fulltime job in regard to a number of the post that I have done and the research required for them.

Hopefully in the new year I will be able to start posting regularly again, as it is something that I find both interesting and also fun to do. Stay posted for much more to come!