Keylogger
A Keylogger is a program or file that has been executed to record keystrokes a computer user makes. Once a computer user has been infected with a Keylogger, it will continue to run in a hidden manner, and report all the information that is being input into the computer, and this is sent back to the hacker or some other hidden third party. After the hacker has compiled enough information using the Keylogger, they might use this information to access bank accounts or log into online email addresses, and send Spam. [1]
Dangers of Keyloggers
Dangers of malicious Keyloggers are that they trap information before it can be encrypted. For example, banking websites (should) provide a secure connection between your computer and the website so that all data is encrypted in transit. However, as you type your credentials in, the Keylogger is recording those keystrokes, bypassing security measures. Keyloggers not only have the ability to trap login credentials, but credit card numbers, bank account numbers, private passwords for encrypted files, financial records, email and other PII. [2]
Protecting Yourself from Keyloggers [3]
- Install top-notch anti-pestware software on your system, preferably programs that help to prevent Keyloggers and watch for Keylogging activities. Though this won't guarantee you will not get a Keylogger, it can help by recognizing and removing known Keylogger signatures.
- Regularly check the processes running on your system looking for anything that doesn’t belong. In Windows® systems you can use Task Manager to view running processes. Third party applications are also available that will not only show you which processes are running, but will provide a direct link to information online regarding the nature of the process.
- A firewall commonly does not provide Keylogger protection, but can alert you if a program is trying to send information out to the Internet. By stopping this action you can prevent a thief from retrieving a log, and be alerted to the possible presence of a Keylogger.
- Other methods to ‘confuse’ a Keylogger include typing extra letters or numbers when entering secure information, then highlighting the characters that do not belong and entering a legitimate character to replace them. You can also use a browser with a form-filler function that will keep usernames and passwords securely on your system, and fill them in automatically when you enter a site, without forcing you to use the mouse or keyboard. There are also programs that scan for Keyloggers, but they can detect legitimate processes as well, making it difficult for the average person to make real use of these tools.