Questions about this topic? Sign up to ask in the talk tab.

Keylogger

From NetSec
Revision as of 19:07, 26 August 2012 by D1551D3N7 (Talk | contribs) (Definition with list of common features and explainations)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A keylogger is a program that records a persons keystrokes and send the logs of those keystrokes back to the the hacker by either email of FTP. Good keyloggers also detail what program the keystrokes were typed into.

Other Common Features

Note: A lot of these features are also in RATs.

Receiving Logs

The most common methods of receiving logs are email and FTP. When keyloggers send back logs it can be intercepted, using tools such as Wireshark, and the victim can take the login credentials that the hacker used for his email or FTP account.

Stealers

Stealers take logins and keys for various programs. They make the process of taking usernames and passwords a lot quicker for the hacker as they will not need to wait for the victim to login to these accounts or check logs.

Download and Execute

Most if not all keyloggers or RATs have this feature. It allows the hacker to install another keylogger/RAT on your victims PC. This means that the hacker can change to a different RAT or keylogger later or give some victims to a friend or update their keylogger software

Run at Startup

This makes the keylogger load at startup. It often gives the option to pick a name for the process. In order to disguise it the hacker names the process after other Windows processes such as "svchost.exe". Some of the most advanced keyloggers/RATs/Malware run in services as it is harder to detect.

Assembly Changer

This changes the Assembly Information on the server. If you go to the properties of any file and go to Properties>Assembly you will see information about the file. That's what the Assembly Changer changes.

Antis

These disable, or make the server undetectable to, antiviruses and sandboxes and other forms of security. It varies from program to program what way the antis work.

Fake Message

Fake message brings up a fake error message on the victims PC. It is not often used as it will be quite obvious to the victim that their PC is infected and they would remove the keylogger.