« New rogues coming
A day in the life of a Malware Analyst »

Keyloggers

May 5th, 2008

As part of my “patching the end user” efforts, I figured I would write about keyloggers.

This is the definition I found on the internet: “A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.” In short, not something you would ever want on your computer.

Not too long ago, I decided to manually download all the keyloggers I could find on the internet and update our database as far as that type of threat is concerned. I figured it would keep me busy for a day or so. Oh boy, was I ever wrong! There is a rather large amount of programs that log your keystrokes, for some ones else convenient later perusal. It’s big business.

I must have spent a good solid week downloading  keylogger after keylogger. Every time I thought I was nearing the end, I would stumble onto another sample. As my collection efforts finally dwindled, I noticed that some of the depreciated keyloggers migrated from pseudo legality, to downright illegality. Essentially, when some of the more “fly-by-night” outfits that market keyloggers go out of business, the source code tends to be recycled by the malware community.

I found this on a website that reviews keyloggers. I also witnessed similar disclaimers during the installation of the more commercially marketed samples I tested.

“DISCLAIMER: Logging other people’s keystrokes or breaking into other people’s computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.”

This has to say something about the ethical issues that surround using this type of software.

Here are a few select screen captures of different keylogger administrative interfaces.

Not very subtle, now are we? As far as I am concerned if you aren’t presented with a disclaimer, or explicitly made aware that your keystrokes are logged, it should be illegal.

                                                     

When you are given the option to disable the warning message and make the keylogger go into full stealth mode, it even further muddies the waters. The software maker can claim to take the high road, as these are not checked by default. 

                                        

I’m in a peculiar situation, as I’ve experienced first hand having a keylogger installed on my machine. The profound breach of trust that it engenders is devastating. Many of these applications are marketed towards the Spouse/parent/partner as a peace of mind device. The landing pages for some of these applications are eerily similar to the scare tactics pages used for rogue antispyware software.

 If you have to resort to spying, and lets not kid ourselves, that is what these programs and devices do, there is so little implied present trust in the relationship, that logging keys should be the least of your concerns…

Jean “TinFoilHatMan” Taggart

Pages




Archives




Categories
 
 
 

© 2008 ParetoLogic Inc.