Black & White Notes

Defense Froom Keyloger, Simple way to beat Keyloger

Posted in life style, tips by dimazgyba on December 3, 2010

You can’t trust a computer that you don’t manage. Luckily, there is a way to avoid any typical keyloggers that reside on your grandma’s computer. Its kind of low tech, but – still – its better than nothing.

How Keyloggers Work

First you need to understand how a basic keylogger works. It installs itself as a hidden service or a daemon that monitors the events passed in Windows. The bulk of these events includes keystrokes and mouse changes. With these event handlers, you can easily swipe someone’s login. In the keylogger … log, it may have something like this

“myspace.comusername@domain.com[tab]pa$$w0rd[tab][enter]”

for logins

“123-45-6789”

for socials security numbers or

“John Doe[tab]123 Easy Street[tab]Beverly Hills[tab]c[tab]90210[tab]1234567890123456[tab]345[tab]10[tab]2008”

for credit card billing information

See how easy it is for a cracker to parse your sensitive information from the log?

Exploiting a Flaw in the Exploiter

One flaw in most keyloggers is that they don’t record mouse clicks or the time of input. Most can also only determine which program is receiving the input. They cannot detect what element in the program is receiving the input or even if the program is actually using the input!

So, to scramble the logs, you enter random characters between sensitive information. At the same time, you don’t want the random characters to alter what you are actually trying to type in the form field. So, you would periodically remove focus from the desired field.

For example, imagine that your password is “pa$$w0rd.”

  1. Click the password field.
  2. Type ‘p’
  3. Click the background. Type some random characters. Click the password field again.
  4. Type ‘a’
  5. Click the background. Type some random characters. Click the password field again.
  6. Type ‘$’
  7. Click the background. Type some random characters. Click the password field again.
  8. Type ‘$’
  9. Click the background. Type some random characters. Click the password field again.
  10. Type ‘w’
  11. Click the background. Type some random characters. Click the password field again.
  12. Type ‘0’
  13. Click the background. Type some random characters. Click the password field again.
  14. Type ‘r’
  15. Click the background. Type some random characters. Click the password field again.
  16. Type ‘d’
  17. Click the background. Type some random characters.

If you performed this method correctly, the keyboard capture log would look something like this (without all the bolding).

p467gjaj,d7g$45fdj$dfhsdw5gndc0hgdnfrgh7kodsgreb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: