Keylogger basics

The term keystroke logger, or keylogger for short, has come to be associated primarily with its use as an unauthorized or malicious tool installed to secretly capture all of the keystrokes typed on a compromised machine. The reality is that, like many malicious hacker tools, keystroke logging has its roots as an administrative and diagnostic tool. Unfortunately, some of the most helpful tools and utilities can end up being used for evil.

A keylogger is a hardware product or software utility that records every keystroke typed on the computer. It may simply log the keystrokes and require someone to manually retrieve the data, or it could be designed to automatically send the accumulated keylogger data to an e-mail address.

Hardware keystroke loggers are usually a device of some sort that is plugged in to the computer and the keyboard. An observant or suspicious user would be able to visually inspect and find a keylogger such as this. However, some hardware based keyloggers are more stealthy and may be built into the keyboard itself to remain undetected.

A software keystroke logger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL. Simple ones are often invoked at boot via a registry entry. The more stealthy versions are invisible in the process list, can operate at the kernel level and leave invisible registry entries.

The most common method of getting infected with a keylogger is through spyware or rootkits. Malicious Web sites can use known system exploits or poor active scripting security to automatically install the keylogger utility when users visit them. When installed secretly by a spyware utility or other malware, the keylogger can be used to capture user names, passwords, account numbers, social security numbers or any other personal or sensitive information that you type into your keyboard.

For more information
  • Detecting and removing rootkits
  • Identifiying malware
  • For a variety of reasons, not the least of which is the possibility of a keylogger compromising the system, you should be wary of typing any sensitive or confidential information on any public system such as a kiosk or public library computer system. For your own personal computer, or computers in a corporate network environment, it is important to install antivirus and antispyware software and keep it updated. These security programs can detect and remove known keylogger programs. There are also specific anti-keylogger programs available, though with a simple Google search it is easy to see there are many more keyloggers out there than anti-keyloggers.

    The tips for avoiding keyloggers are pretty much the same as tips for avoiding any malware. Keep your antivirus and antispyware running and updated, and do not open files or e-mail file attachments from unknown sources. They may very well be Trojan programs that will install a hidden keylogger of some sort and lead to compromising your computer or your identity.

    About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.

    Keyloggers are one of those malicious computer infections that are an explicit danger to your security. By logging sensitive information like passwords and credit card numbers keystroke loggers are more of a threat to security than annoying adware. Contributor Tony Bradley discusses the origins of keyloggers, how they work and how to avoid them.

    This was first published in February 2006

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.