Đang tải... (xem toàn văn)
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keyloggers can be either software or hardware.While the programs themselves are legal, with many of them being designed to allow employers to oversee the use of their computers, keyloggers are most often used for the purpose of stealing passwords and other confidential information.Keylogging can also be used to study human–computer interaction. Numerous keylogging methods exist: they range from hardware and softwarebased approaches to acoustic analysis.
DUY TAN UNIVERSITY INTERNATIONAL SCHOOL *** INDIVIDUAL PROJECT LEARNING ABOUT KEYLOGGER MENTOR: STUDENT: ID: CLASS: M.Sc Nguyen Quoc Long Le Quang Phuc 2121117761 CMU-CS 376 BIS Da Nang, 12 Feb, 2018 ELEMENT OF NETWORK KEYLOGGERS TABLE OF CONTENTS I INTRODUCTION OVERVIEW .3 HISTORY OF KEYLOGGERS .3 II TYPES OF KEYLOGGERS HARDWARE KEYLOGGERS .3 SOFTWARE KEYLOGGERS .4 III WHY KEYLOGGERS ARE A THREAT IV HOW TO DETECT AND DEFEAT KEYLOGGERS HOW KEYLOGGERS FIND THEIR WAY INTO YOUR COMPUTER? PROTECT YOURSELF FROM KEYLOGGERS DETECT AND DEFEAT KEYLOGGERS .6 V CONCLUSION 10 Page ELEMENT OF NETWORK I KEYLOGGERS INTRODUCTION OVERVIEW Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored Data can then be retrieved by the person operating the logging program A keyloggers can be either software or hardware While the programs themselves are legal, with many of them being designed to allow employers to oversee the use of their computers, keyloggers are most often used for the purpose of stealing passwords and other confidential information Keylogging can also be used to study human–computer interaction Numerous keylogging methods exist: they range from hardware and software-based approaches to acoustic analysis HISTORY OF KEYLOGGERS Keylogging predates the era of personal computers, with hardware-based keyloggers being used in typewriters as early as the 1970s Russian spies found a way to installed keystroke loggers in the US Embassy and Consulate buildings in Moscow and St Petersburg They installed the bugs in Selectric II and Selectric III electric typewriters II TYPES OF KEYLOGGERS HARDWARE KEYLOGGERS A physical key-logger that is connected to a keyboard or between a keyboard and a computer This type of key-log is rarely applied because of high cost, easy to detect Features hardware key-logger: Often camouflaged as adapters for hard to detect These devices are placed between the keyboard and the input circuit of the system For simplicity, it is similar to the MitM attack (Man in the Middle) The security software on the system (Avira, Avast, AVG ) becomes useless in this way Network monitoring software, firewalls are useless Typically these devices are only capable of logs, not the ability to send logs over the network Thus, the one who installs the other device will come to retrieve the data once Page ELEMENT OF NETWORK KEYLOGGERS SOFTWARE KEYLOGGERS Key-logger resides inside the computer as a software, this type of key-log is most popular, easy to spread, hidden deep in the computer so difficult to detect According to programmers, the only way to write a key-logger is to help them monitor their children, their loved ones, what they with their PCs and laptops, the Internet, and chat with strangers Characteristics Key-logger using software: Runs underground on the system for hard to detect Ability to send information recorded over the network (via email, FTP, google form, ) Because it is capable of sending information over the network, to avoid detection, key-loggers often set a limit, when it reaches the limit, it sends it to the installer key-logger The limits here may be: when the data has been collected > 2MB, sent daily, sent weekly or monthly, etc Software key-loggers can be detected and blocked by some security software on the system such as Avira, Avast, and AVG Or some firewall such as ZoneAlarm Network traffic monitoring software like Wireshark can detect and collect what key-loggers have sent to the key-logger installer III WHY KEYLOGGERS ARE A THREAT Unlike other types of malicious program, keyloggers present no threat to the system itself Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc Page ELEMENT OF NETWORK KEYLOGGERS Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user’s account or access the user’s online gaming account Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual’s loss of a few dollars Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys) Keyloggers, phishing and social engineering (see ‘Computers, Networks and Theft’) are currently the main methods being used in cyber fraud Users who are aware of security issues can easily protect themselves against phishing by ignoring phishing emails and by not entering any personal information on suspicious websites It is more difficult, however, for users to combat keyloggers; the only possible method is to use an appropriate security solution, as it’s usually impossible for a user to tell that a keylogger has been installed on his/ her machine IV HOW TO DETECT AND DEFEAT KEYLOGGERS HOW KEYLOGGERS FIND THEIR WAY INTO YOUR COMPUTER? Using A Public Or Borrowed Computer Well, Public or borrowed computer are the best things you can avoid Just imagine someone has put a bit of software in it that records your all keystrokes Therefore, it’s recommended that you should not log into your Facebook or any other important accounts while using the public or borrowed computer Take A Look At Your Downloads Most of the times, users downloads keylogger Hackers try different methods to embed a working keylogger in software file Therefore, you should avoid clicking the dodgy link, sketchy email attachment and more Even hackers can push keylogger by running ad infected online ads Therefore, make sure what you click and download Someone installed keylogger while you weren’t looking This is the most common problem for everyone Even your relatives or friends can be a hacker Therefore, you must lock your computer before leaving it Even your spouse or your parents or your housemate or your boss can plant a keylogger in your computer while you weren’t looking Check for Keylogging devices Page ELEMENT OF NETWORK KEYLOGGERS Well, there are some keylogging devices available which go between your keyboard and your computer’s USB port These type of devices are used in cases of corporate espionage because it’s way easier to pull his off with office computers So, if you doubt that your information is being shared check for an added hardware PROTECT YOURSELF FROM KEYLOGGERS Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date However, since most antivirus products classify keyloggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware If not, then the product should be configured accordingly, to ensure protection against most common keyloggers Let’s take a closer look at the methods that can be used to protect against unknown keyloggers or a keylogger designed to target a specific system Since the chief purpose of keyloggers is to get confidential data (bank card numbers, passwords, etc.), the most logical ways to protect against unknown keyloggers are as follows: Using one-time passwords or two-step authentication, Using a system with proactive protection designed to detect keylogging software, Using a virtual keyboard Using a one-time password can help minimize losses if the password you enter is intercepted, as the password generated can be used one time only, and the period of time during which the password can be used is limited Even if a one-time password is intercepted, a cyber criminal will not be able to use it in order to obtain access to confidential information DETECT AND DEFEAT KEYLOGGERS Go Through Running Processes Even if the software program runs in the background, there must be a process running on the Windows system You can open task manager and take a look at what processes are running Page ELEMENT OF NETWORK KEYLOGGERS If you are a tech-savvy person, it should be easy for you to notice any suspicious processes on the list However, for everyone else, the chances are slim that you’ll find it The reason is that keylogger developers won’t name the program process as “keylogger.” That wouldn’t just be obvious, but also pretty dumb, in my opinion They will generally name it something to appear legit like “system_doc” or “win-process.” Monitor Network Connections Using Firewall As the keylogger records keystrokes, it collects them and sends logs to a remote location This implies that an internet connection is used to transmit this file You can use applications like Windows Firewall Control to look up programs using a network connection They can also be used to set rules to disallow unknown or unauthorized programs to connect to Page ELEMENT OF NETWORK KEYLOGGERS the internet By doing this, you may be able to stop any keylogger from transmitting data to a hacker However, this method doesn’t guarantee that you have blocked the correct process Also, if there are multiple ways of file transmission using different processes, you are out of luck Use Keylogger Detector As we all know most anti-keylogger software are designed to scramble keyboard keystrokes However, they are not designed to detect and remove them from your system Therefore, you need the help of some Anti-Rootkit to remove keylogger or any other rootkit malware There are many Anti-Rootkit tools available on the internet However, these three are the best amongst all: Malwarebytes Anti-Rootkit Beta: Malwarebytes Anti-Rootkit Page ELEMENT OF NETWORK KEYLOGGERS BETA is cutting edge technology for detecting and removing the nastiest malicious rootkits Trust me, it has the potential to detect some stubborn keyloggers Norton Power Eraser: Norton Power Eraser simply eliminates deeply embedded and difficult-to-detect crimeware that traditional virus scanning doesn’t always detect It uses some advanced scanning technology to eliminate threats that traditional virus scanning doesn’t always detect Page ELEMENT OF NETWORK KEYLOGGERS Kaspersky Security Scan: Kaspersky scans PCs for viruses & other malware It uses advanced scanning technologies which are developed by Kaspersky Lab’s world-leading security experts It never fails to detect Keyloggers and RANSOMWARE V CONCLUSION A keylogger is a type of surveillance software or Hardware Page 10 ELEMENT OF NETWORK KEYLOGGERS Devices that has the capability to record every keystroke A keylogger recorder can record instant messages, e-mail, and any information you type at any time using your keyboard The log file created by the keylogger can then be sent to a specified receiver There are two types of keyloggers namely Hardware Keyloggers & Software Keyloggers There have Several Measures can be taken to protect against keyloggers Page 11 ELEMENT OF NETWORK KEYLOGGERS REFERENCE [1] Keystroke logging: https://en.wikipedia.org/wiki/Keystroke_logging [2] What is keylogging? Definition, history, and how to detect: Word of the week: https://community.spiceworks.com/topic/2003395-what-iskeylogging-definition-history-and-how-to-detect-word-of-the-week [3] How does a keylogger work? https://www.quora.com/How-does-a-keylogger-work [4] Detecting and Removing Keylogger: How To Detect Keylogger & Remove It From PC 2018: https://techviral.net/detect-keylogger-in-your-system/ [5] Keyloggers: How they work and how to detect them: https://securelist.com/keyloggers-how-they-work-and-how-to-detectthem-part-1/36138/ [6] How to Detect Keyloggers? https://www.malwarefox.com/detect-keyloggers/ [7] How to detect if a Keylogger is installed? https://answers.microsoft.com/en-us/windows/forum/windows_vistasecurity/how-to-detect-if-a-keylogger-is-installed/d14c6cd6-69754b25-a2c5-17e5de194b50 [8] Keyloggers’s Presentation: https://www.slideshare.net/doranegoda/keyloggers-71486403 [9] Creating a simple Keylogger with C#: https://www.youtube.com/watch?v=_y3BAQs8-uc Page 12 ... NETWORK KEYLOGGERS TABLE OF CONTENTS I INTRODUCTION OVERVIEW .3 HISTORY OF KEYLOGGERS .3 II TYPES OF KEYLOGGERS HARDWARE KEYLOGGERS .3 SOFTWARE KEYLOGGERS. .. WHY KEYLOGGERS ARE A THREAT IV HOW TO DETECT AND DEFEAT KEYLOGGERS HOW KEYLOGGERS FIND THEIR WAY INTO YOUR COMPUTER? PROTECT YOURSELF FROM KEYLOGGERS DETECT AND DEFEAT KEYLOGGERS. .. are two types of keyloggers namely Hardware Keyloggers & Software Keyloggers There have Several Measures can be taken to protect against keyloggers Page 11 ELEMENT OF NETWORK KEYLOGGERS REFERENCE