They are the spy softwares which are used to record the keystrokes made on victims system. These Keyloggers are tools that enable attacker to keep a record of the victims activities.

Common type of Attacks

Once the keylogger is installed on victims computer it can be used for following malicious activities:

Working

Keyloggers originally began as a tool for playing pranks on unsuspecting individuals but they soon began to use for a number of malicious purposes. The working is as follows:

1. The keylogger is installed on target victim through deceit or disguise. Some of the popular methods of doing this are as follows:

i.E-mail: Sending Keylogger file as an attachment to email addressed to victim. The problem with this method is that most often, the victim may not open the infected attachment.

ii.Auto run CD-ROMs: Burn the Keylogger onto a CDROM and then use the auto run facility of the CD to automatically execute /install the Keylogger, the moment the CD is inserted into the tray.

iii.Instant Messenger: It is also possible to send the Keylogger disguised it looks like a normal, legitimate file.

iv.Physical Access: Physical access to victim system gives an opportunity to attacker to install sever part of Keylogger manually.

v.EXE Binders: These binders are devices that allow user to bind two .exe Files together into one file, in such a way that there is no effect in working of either two files .So, the attacker binds or conceals the Keylogger inside a legitimate .EXE file. The container .EXE file is usually chosen to be irresistible to the victim, such as pornography videos or greeting cards .The Keylogger gets hidden inside these tempting file and when the victim opens the combined file, while the pornography or greeting card is being shown on screen, the Keylogger is being installed in the

2. The key logger once installed works in the background of the victims system and records all keystrokes or screenshots in log file .The recorded information is then automatically mailed to a predefined email address fed in by attacker on regular intervals.

3. It is also possible to configure an auto destruct features into a Keylogger which will automatically get destroyed at a predefined data and time, leaving a little evidence behind.

Detection

The following are some of the most common technique of detecting the presence of a keylogger on victim’s computer:

Countermeasures

After a Keylogger has been detected, the system administrator needs to remove it from system. They can be done in following manner:

1. There are many keylogger/spyware removal tools that can be downloaded and used to remove most common Keylogger. One should not only remove the Keylogger but also reference to Keylogger from the start-up files.
2. Never accept or execute any files sent over mail, chat etc.
3. Because .EXE allows attacker to join two .EXE files; the harmful Keylogger files may be embedded inside a normal harmless .Exe file. This Keylogger cannot be detected and only increase the file size by a certain bytes. Therefore is careful and only downloads software from Internet from original developer’s website.
4. A more effective countermeasure against Keylogger activity is installing a firewall on your computer to monitor and log all port traffic. Especially SMTP port no.25 which is mail server port which is used to send log files via mail to attacker. This enables you to detect and trace Keylogger _exploiting attempts.