The RDV Group InfoSec Blog

Wednesday, March 15, 2006

Keylogging Basics Part II

We looked at keylogging a little bit in Part I, let's continue (excerpted from "Phishing: Cutting the Identity Theft Line.")

"Once installed on the target machine, either direct through interaction with the user, or through a more stealthy means, the keylogger program runs continually in the background. After the keystrokes are logged, they can be hidden in the machine for later retrieval or transmitted to the attacker via the Internet. The attacker then examines the reports for passwords or information that can be used to compromise the system or engineer an attack. A keylogger may reveal the contents of emails composed by the victim."

"Some rare keyloggers include routines that secretly turn on video or audio recorders, and transmit what they capture over your Internet connection. Other products capture screens, rather than keystrokes. However, most criminal keyloggers are hoping to steal bank account numbers or other financial data."

“A software keystroke logger program does not require physical access to the user's computer. It can be installed intentionally by someone who wants to monitor activity on a particular computer or downloaded unwittingly as spyware and executed as part of a rootkit or a RAT.”

“A rootkit is a collection of software tools that a cracker uses to obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. The rootkit then collects userids and passwords to other machines on the network, thus giving the hacker root or privileged access. A rootkit may consist of utilities that also monitor traffic and keystrokes, create a "backdoor" into the system for the hacker's use, alter log files, attack other machines on the network, and alter existing system tools to circumvent detection.

I'll bring more later...


Post a Comment

<< Home