DUY TAN UNIVERSITY
INTERNATIONAL SCHOOL
***

INDIVIDUAL PROJECT

LEARNING ABOUT
KEYLOGGER

MENTOR:
STUDENT:
ID:
CLASS:

M.Sc. Nguyen Quoc Long
Le Quang Phuc
2121117761
CMU-CS 376 BIS

Da Nang, 12 Feb, 2018


ELEMENT OF NETWORK

KEYLOGGERS

TABLE OF CONTENTS
I.

INTRODUCTION........................................................................3
1.

OVERVIEW.......................................................................................................................3

2.

HISTORY OF KEYLOGGERS...............................................................................................3

II.

TYPES OF KEYLOGGERS.............................................................3

1.

HARDWARE KEYLOGGERS...............................................................................................3

2.

SOFTWARE KEYLOGGERS.................................................................................................4

III. WHY KEYLOGGERS ARE A THREAT............................................4
IV.

HOW TO DETECT AND DEFEAT KEYLOGGERS.............................5

1.

HOW KEYLOGGERS FIND THEIR WAY INTO YOUR COMPUTER?......................................5

2.


PROTECT YOURSELF FROM KEYLOGGERS........................................................................6

3.

DETECT AND DEFEAT KEYLOGGERS.................................................................................6

V.

CONCLUSION..........................................................................10

Page 2


ELEMENT OF NETWORK

I.

KEYLOGGERS

INTRODUCTION
1.

OVERVIEW

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action
of recording (logging) the keys struck on a keyboard, typically covertly, so that the
person using the keyboard is unaware that their actions are being monitored. Data can
then be retrieved by the person operating the logging program. A keyloggers can be
either software or hardware.
While the programs themselves are legal, with many of them being designed to allow

employers to oversee the use of their computers, keyloggers are most often used for
the purpose of stealing passwords and other confidential information.
Keylogging can also be used to study human–computer interaction. Numerous
keylogging methods exist: they range from hardware and software-based approaches
to acoustic analysis.

2.

HISTORY OF KEYLOGGERS

Keylogging predates the era of personal computers, with hardware-based keyloggers
being used in typewriters as early as the 1970s. Russian spies found a way to installed
keystroke loggers in the US Embassy and Consulate buildings in Moscow and St
Petersburg. They installed the bugs in Selectric II and Selectric III electric typewriters.
II.

1.

TYPES OF KEYLOGGERS
HARDWARE KEYLOGGERS

A physical key-logger that is connected to a keyboard or between a keyboard and a
computer. This type of key-log is rarely applied because of high cost, easy to detect.
Features hardware key-logger:
 Often camouflaged as adapters for hard to detect.
 These devices are placed between the keyboard and the input circuit of the
system. For simplicity, it is similar to the MitM attack (Man in the Middle)
 The security software on the system (Avira, Avast, AVG ...) becomes useless in
this way.
 Network monitoring software, firewalls are useless

 Typically these devices are only capable of logs, not the ability to send logs over
the network. Thus, the one who installs the other device will come to retrieve the
data once.

Page 3


ELEMENT OF NETWORK

2.

KEYLOGGERS

SOFTWARE KEYLOGGERS

Key-logger resides inside the computer as a software, this type of key-log is most
popular, easy to spread, hidden deep in the computer so difficult to detect. According
to programmers, the only way to write a key-logger is to help them monitor their
children, their loved ones, what they do with their PCs and laptops, the Internet, and
chat with strangers.
Characteristics Key-logger using software:
 Runs underground on the system for hard to detect.
 Ability to send information recorded over the network (via email, FTP, google
form, ...)
 Because it is capable of sending information over the network, to avoid detection,
key-loggers often set a limit, when it reaches the limit, it sends it to the installer
key-logger. The limits here may be: when the data has been collected > 2MB, sent
daily, sent weekly or monthly, etc.
 Software key-loggers can be detected and blocked by some security software on
the system such as Avira, Avast, and AVG... Or some firewall such as ZoneAlarm.

 Network traffic monitoring software like Wireshark can detect and collect what
key-loggers have sent to the key-logger installer.

III. WHY KEYLOGGERS ARE A THREAT
Unlike other types of malicious program, keyloggers present no threat to the system
itself. Nevertheless, they can pose a serious threat to users, as they can be used to
intercept passwords and other confidential information entered via the keyboard. As a
result, cyber criminals can get PIN codes and account numbers for e-payment systems,
passwords to online gaming accounts, email addresses, user names, email passwords
etc.

Page 4


ELEMENT OF NETWORK

KEYLOGGERS

Once a cyber criminal has got hold of confidential user data, s/he can easily transfer
money from the user’s account or access the user’s online gaming account.
Unfortunately access to confidential data can sometimes have consequences which are
far more serious than an individual’s loss of a few dollars. Keyloggers can be used as
tools in both industrial and political espionage, accessing data which may include
proprietary commercial information and classified government material which could
compromise the security of commercial and state-owned organizations (for example,
by stealing private encryption keys).
Keyloggers, phishing and social engineering (see ‘Computers, Networks and Theft’)
are currently the main methods being used in cyber fraud. Users who are aware of
security issues can easily protect themselves against phishing by ignoring phishing
emails and by not entering any personal information on suspicious websites. It is more

difficult, however, for users to combat keyloggers; the only possible method is to use
an appropriate security solution, as it’s usually impossible for a user to tell that a
keylogger has been installed on his/ her machine.

IV. HOW TO DETECT AND DEFEAT KEYLOGGERS
1.

HOW KEYLOGGERS FIND THEIR WAY INTO YOUR COMPUTER?

Using A Public Or Borrowed Computer.
Well, Public or borrowed computer are the best things you can avoid. Just imagine
someone has put a bit of software in it that records your all keystrokes. Therefore, it’s
recommended that you should not log into your Facebook or any other important
accounts while using the public or borrowed computer.
Take A Look At Your Downloads
Most of the times, users downloads keylogger. Hackers try different methods to
embed a working keylogger in software file. Therefore, you should avoid clicking the
dodgy link, sketchy email attachment and more. Even hackers can push keylogger by
running ad infected online ads. Therefore, make sure what you click and download.
Someone installed keylogger while you weren’t looking
This is the most common problem for everyone. Even your relatives or friends can be
a hacker. Therefore, you must lock your computer before leaving it. Even your spouse
or your parents or your housemate or your boss can plant a keylogger in your
computer while you weren’t looking.
Check for Keylogging devices

Page 5


ELEMENT OF NETWORK


KEYLOGGERS

Well, there are some keylogging devices available which go between your keyboard
and your computer’s USB port. These type of devices are used in cases of corporate
espionage because it’s way easier to pull his off with office computers. So, if you
doubt that your information is being shared check for an added hardware.

2.

PROTECT YOURSELF FROM KEYLOGGERS

Most antivirus companies have already added known keyloggers to their databases,
making protecting against keyloggers no different from protecting against other types
of malicious program: install an antivirus product and keep its database up to date.
However, since most antivirus products classify keyloggers as potentially malicious,
or potentially undesirable programs, users should ensure that their antivirus product
will, with default settings, detect this type of malware. If not, then the product should
be configured accordingly, to ensure protection against most common keyloggers.
Let’s take a closer look at the methods that can be used to protect against unknown
keyloggers or a keylogger designed to target a specific system.
Since the chief purpose of keyloggers is to get confidential data (bank card numbers,
passwords, etc.), the most logical ways to protect against unknown keyloggers are as
follows:
 Using one-time passwords or two-step authentication,
 Using a system with proactive protection designed to detect keylogging
software,
 Using a virtual keyboard.
Using a one-time password can help minimize losses if the password you enter is
intercepted, as the password generated can be used one time only, and the period of

time during which the password can be used is limited. Even if a one-time password is
intercepted, a cyber criminal will not be able to use it in order to obtain access to
confidential information.

3. DETECT AND DEFEAT KEYLOGGERS
Go Through Running Processes
Even if the software program runs in the background, there must be
a process running on the Windows system. You can open task
manager and take a look at what processes are running.

Page 6


ELEMENT OF NETWORK

KEYLOGGERS

If you are a tech-savvy person, it should be easy for you to notice
any suspicious processes on the list. However, for everyone else, the
chances are slim that you’ll find it. The reason is that keylogger
developers won’t name the program process as “keylogger.” That
wouldn’t just be obvious, but also pretty dumb, in my opinion. They
will generally name it something to appear legit like “system_doc” or
“win-process.”
Monitor Network Connections Using Firewall
As the keylogger records keystrokes, it collects them and sends logs
to a remote location. This implies that an internet connection is used
to transmit this file.
You can use applications like Windows Firewall Control to look up
programs using a network connection. They can also be used to set

rules to disallow unknown or unauthorized programs to connect to

Page 7


ELEMENT OF NETWORK

KEYLOGGERS

the internet.

By doing this, you may be able to stop any keylogger from
transmitting data to a hacker. However, this method doesn’t
guarantee that you have blocked the correct process. Also, if there
are multiple ways of file transmission using different processes, you
are out of luck.
Use Keylogger Detector
As we all know most anti-keylogger software are designed to
scramble keyboard keystrokes. However, they are not designed to
detect and remove them from your system. Therefore, you need the
help of some Anti-Rootkit to remove keylogger or any other rootkit
malware. There are many Anti-Rootkit tools available on the
internet. However, these three are the best amongst all:
Malwarebytes Anti-Rootkit Beta: Malwarebytes Anti-Rootkit

Page 8


ELEMENT OF NETWORK


KEYLOGGERS

BETA is cutting edge technology for detecting and removing the
nastiest malicious rootkits. Trust me, it has the potential to detect
some stubborn keyloggers.

Norton Power Eraser: Norton Power Eraser simply eliminates
deeply embedded and difficult-to-detect crimeware that traditional
virus scanning doesn’t always detect. It uses some advanced
scanning technology to eliminate threats that traditional virus
scanning doesn’t always detect.

Page 9


ELEMENT OF NETWORK

KEYLOGGERS

Kaspersky Security Scan: Kaspersky scans PCs for viruses & other
malware. It uses advanced scanning technologies which are
developed by Kaspersky Lab’s world-leading security experts. It
never fails to detect Keyloggers and RANSOMWARE.

V.

CONCLUSION

 A keylogger is a type of surveillance software or Hardware


Page
10


ELEMENT OF NETWORK

KEYLOGGERS

Devices that has the capability to record every keystroke.
 A keylogger recorder can record instant messages, e-mail, and
any information you type at any time using your keyboard.
 The log file created by the keylogger can then be sent to a
specified receiver.
 There are two types of keyloggers namely Hardware Keyloggers
& Software Keyloggers.
 There have Several Measures can be taken to protect against
keyloggers.

Page
11


ELEMENT OF NETWORK

KEYLOGGERS

REFERENCE
[1]. Keystroke logging:
/>[2]. What is keylogging? Definition, history, and how to detect: Word
of the week:

/>[3]. How does a keylogger work?
/>[4]. Detecting and Removing Keylogger: How To Detect Keylogger &
Remove It From PC 2018:
/>[5]. Keyloggers: How they work and how to detect them:
/>[6]. How to Detect Keyloggers?
/>[7]. How to detect if a Keylogger is installed?
/>[8]. Keyloggers’s Presentation:
/>[9]. Creating a simple Keylogger with C#:
/>
Page
12