HOWTO: Detect and Defeat Keyloggers

Category: Security

It's a fact that many malware infections result in a vulnerability to keystroke logging, which can compromise your privacy and lead to identity theft. A recent news story tells how over TWO MILLION passwords were stolen by keyloggers. Learn more about keyloggers, how they work, and how to defend yourself from this growing threat...

Keyloggers: What they Are and How to Defend Yourself

A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, "key logger." The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.

A recent report by Trustwave security researchers revealed that malware known as "Pony" was responsible for the theft of over two million usernames and passwords, many of them for popular sites such as Facebook, Gmail, LinkedIn, Twitter and Yahoo.

Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission. See my related article Should I Install a Keylogger? if you're thinking about using one to spy on someone, as there are some serious ethical and legal concerns.
How to Defeat a Keylogger

Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you've been told to type your password into Notepad, then copy & paste it to a web form, that's bad advice.

Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use "hooks" into the operating system's keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.

Detect, Defeat and Defend Against Keyloggers

A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.

A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard's connection to the computer, or replacing the keyboard will solve the problem.

Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user's need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers. (See Is Your Password Strong Enough? for links to password manager software, and tips on creating secure passwords.)

Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.

An antikeylogger program attempts to detect and/or disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers, and look for low-level software "hooks" that indicate the presence of a keystroke grabber. Antikeyloggers and keylogger detectors are more effective against keyloggers than general antivirus programs because the latter often don't identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above.

Anti-Keylogging Software Options

KeyScrambler is an anti-keylogger for Windows that works a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes. Three versions are available, Premium ($45), Pro ($30) and Personal (Free). The free version only protects web browsers. The Pro and Premium versions add protection for other popular software programs.

Zemana AntiLogger Free is an anti-keylogger that claims to protect every application on your computer, not just your web browser. Like KeyScrambler, it uses keystroke-encryption to scramble every keystroke, and protect everything that you type. Zemana works on Windows XP, Vista, 7 and 8. A Premium version ($29) adds protection from keystroke-stealing malware that attempts to work by grabbing screenshots of what you're typing.

KL-Detector is one free program that will detect keyloggers, but it doesn't remove them. Although the KL-Detector web page says it's for Windows 2000 and Windows XP, I've seen reports that it also works on Vista and Windows 7.

Just be aware that your anti-virus program may flag these programs as malware, but you can safely ignore any such "false positive" alarm.

Some antispyware programs detect keyloggers by signature or by behavior; for example, programs which hook into keyboard APIs may be flagged as potential keyloggers. Ad-Aware, Malwarebytes Antimalware, SUPERAntiSpyware, Spybot-Search & Destroy and Windows Defender are examples of general purpose anti-malware apps that also have keylogger detection ability.

A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to "phone home" with its log file. I have mixed feelings about the usefulness of outbound firewalls. See Do I Need an OUTbound Firewall?. If you decide it's for you, check out my list of Free Firewall Protection software.

Have you been bitten by a key logger? Do you have something to say about dealing with keyloggers? Post your comment or question.

 
How Else Can I Help You?   (Enter your question in the box above.)
 

Sign up now for AskBob Updates!

Boost your Internet IQ, keep up with the latest online trends... get your FREE subscription now!


Email:


Posted by on 19 Dec 2013


For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Word Processing on Smartphone or Tablet

The Top Twenty
Next Article:
Get Free TV With Hulu?

Link to this article from your site or blog. Just copy and paste from this box:


Most recent comments on "HOWTO: Detect and Defeat Keyloggers"

(See all 21 comments for this article.)

Posted by:

john
19 Dec 2013

Bob I have just downloaded Keylogger thinking I should try to find out if I am currently under attack. If I now go ahead and download Zemana what's to stop it from thinking the monitoring being done by Keylogger is not a keystroke thief.
Best regards, john.


Posted by:

duane
19 Dec 2013

AOL has an anti-key logger program too called Datamask by AOL. I don't know on what level it works but everything is scrambled on the monitor.


Posted by:

MerryMarjie
19 Dec 2013

Apparently I was hit by a keylogger last week as I was notified by Discover Card that "unusual activity" had occurred. When I checked it out, there was a $500+ Walmart.com purchase made between midnight and 6 a.m. that morning. Fortunately, Discover Card was so helpful and deleted that transaction plus movies at Netflix the idiot ordered (I don't have an account there). Of course, my card was safe at home, my passwords are stored locally, so the keys had to be acquired online or with keylogging. I'm still mystified as to how "they" did it, but how else do you protect yourself?

It's a scary world out there!


Posted by:

bob price
19 Dec 2013

Quote: "However, there are other forms of spyware which can intercept data posted to forms by form-fillers."

I would like that explained in more detail. I have an auto-fill pw program and always felt safe.


Posted by:

bob price
20 Dec 2013

MerryMarjie,
Do you have wireless. Many CCN's are stolen that way from someone 100 feet away, outside your home.


Posted by:

The Rube
20 Dec 2013

Mr. Rankin et al . . .

I have had KeyScrambler (Premium version) running in my computer system for a number of years now . . . So Far So Good!


Posted by:

Juan
20 Dec 2013

Hi Bob. Two questions:
* Is there any anti-keylogger software for Mac?
* Is it "typing" a credit card number or password by using the virtual keyboard any better than actually typing it with the physical one?

EDITOR'S NOTE: I looked, but could not find one for Mac. As I mentioned in the article, using a virtual keyboard may not be sufficient. Some keylogger malware can actually snap screenshots.


Posted by:

bob price
20 Dec 2013

Would a two stage pw work? The second layer shows a picture of alphanumeric that you must repeat. It would change every time. [and NOT those annoying captcha things]


Posted by:

Charles Eldredge
21 Dec 2013

What about smartphones? It seems like there is not much protection available out there for them. I use Spybot on my pc for anti malware, and love it,, but it is not available for smartphones. A coupe months ago the keyboard on my android phone started having a long delay before popping up. I can't help but think this is caused by some sort of malware or keylogger.


Posted by:

Sharon H
01 Jan 2014

I know this is sort of late to respond to this threat but I had to share 2 items:

1. When I clicked on the KL-Detector link, McAfee Security Advisor flashed a big red Bad Site warning. It did scare me away.

2. I've picked up keyloggers twice. Each time what aroused my suspicion was that not only was the PC somewhat slow, but every time I typed something there was a discernible lag between the keystroke and the letter or number appearing on screen. The keyboard felt kind of "sticky" as a result. Sure enough, a scan caught them each time. It's been a while now. This just goes to show that, lacking as they are in some areas, it's still important to regularly scan your PC with whatever protective anti-malware programs you are using.


Posted by:

Mike Regan
11 Jan 2014

Been using LassPass, a form filler like Roboform, for a few years now and had no problems. On the occasional time when I need to type I will use Virtual keyboard.


Posted by:

Sheri
12 Jan 2014

I downloaded Zemana's Keylogger Simulation Test Program and my Norton IS 2013 successfully blocked it. According to Zemana's FAQs, this means that Norton IS 2013 is already protecting my computer against keyloggers. So do I really need AntiKeylogger as well or wouldn't that just be over-kill?

EDITOR'S NOTE: Sounds like you should be OK with just Norton.


Posted by:

sam
16 Jan 2014

I had it on my mac for 1,5 years, but thanks to little snitch all outgoing communications where denied. I learned about this spyware accidentally, while running Gfxcardstatus on my mac, when .BPK was preventing the program to switch to integrated graphic card…then I couldn't find any .BPK in finder ! Thanks god little snitch located the folder where the .BPK was nesting with it's dynasty.html pages. I was in chock when I opened this html with Safari and discovered all y passwords and logs data in there ! Thanks god I had this Little Snitch always on ! I do internet banking always from my mac, all emailings everything ! I suspect that maybe the Bastards got my password from one of my email because the password is always not correct !


Posted by:

lisa g
31 Jan 2014

i am not quite getting if there is a solution here. so, i get what the keylogger is, but i dont see how you are saying we can prevent it, find out if we have or other? Tx and look forward to a response.

EDITOR'S NOTE: I'm wondering if you read the entire article. I discussed prevention, detection and removal.


Posted by:

Gamecox
06 Feb 2014

Bob - Just an idea, but what if those of us who have a development platform on his machine could develop an application that sends a password or credit card number straight to the IE window by process to process data messaging or some other form of data exchange, thus bypassing the clipboard. The app could have the password/credit card number hard coded so it's never typed in and a button click would initiate the send. Do you think that would work to thwart a keylogger?

EDITOR'S NOTE: If you know how to develop an application that sends data to an IE window by process to process data messaging, by all means give it a try! :-)


Posted by:

Gamecox
07 Feb 2014

Yes, but if it could be done, would it bypass the keylogger?


Posted by:

ALE
22 Feb 2014

I have a seldom-used gmail acct that I've been hardening via Keepass generated Pwd, and only enter it via the random paste scrambler feature; a month ago, gmail alerted that it had blocked access from an unknown computer, using the password! I changed pwd, added 2-step auth via cellphone txt, so far no more alerts. Still, have no idea how the pwd to gmail was obtained, unless a keylogger has access to my machine. Very disconcerting.


Posted by:

NetSecurity
28 Feb 2014

Just note that anti-keyloggers can be rendered useless if they run after the keylogger, which can then capture keystrokes and take control of the clipboard. I was surprised by this fact when running my own tests.


Posted by:

bradley
04 Mar 2014

NetSecurity, if you have something like Zemana set to launch at system start-up, it'll be fine, won't it?


Posted by:

Jen
05 Jun 2014

Can keyloggers detect past strokes or just ones done after it's installed? Assuming that if I reset my laptop back to factory settings, this would wipe out anything on my laptop and then any keylogger would only be able to detect current and future strokes, correct?


There's more reader feedback... See all 21 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- HOWTO: Detect and Defeat Keyloggers (Posted: 19 Dec 2013)
Source: http://askbobrankin.com/howto_detect_and_defeat_keyloggers.html
Copyright © 2005 - Bob Rankin - All Rights Reserved