Keyloggers – CompTIA Security+ SY0-501 – 1.1

It’s easy to guess your password if someone is already watching your keystrokes. In this video, you’ll learn how the bad guys use keyloggers to steal our login credentials and I’ll show the results of a keylogger running on my computer.

<< Previous Video: Rootkits Next: Adware and Spyware >>

For most of us, the keyboard is the primary input method to our computers. We’re typing in URLs, our passwords, information in emails, and practically everything that goes into the computer is going through that keyboard. A keylogger is a piece of software that’s saving all of those keystrokes, putting them into a file, and then sending that file off to the bad guys.

A keylogger gets around a lot of the encryption methods that you put in place, because you’re obviously not inputting things in an encrypted form when you’re using the keyboard. All of your keystrokes are in the clear. You’re typing in normal sentences and normal passwords, and no encryption is involved when you’re using the keyboard. These keyloggers can also store other types of information besides keystrokes. They might grab information that’s in your clipboard, they can store screenshot information, and send all of that information off to the bad guys.

I installed the DarkComet remote access trojan in a lab that’s completely isolated from the rest of my network to give you an idea of what some of the bad guys would see once they received these logs. In my notepad up here, I’ve typed in username and put username as Professor Messer. And then his password. I put in a password, not a real password, just typing things in to a simple notepad.

You can see that the keylogger captured the date and the time when this was opened. It noticed that I was using Notepad. It had not been saved as a file. It was untitled. It knew exactly when I was doing it. It also recorded all of my keystrokes, even when I put in a spacebar and then hit the backspace. It logged all of that information into a file that can now be sent off to the bad guys for them to read through at their convenience.

These keyloggers are usually installed as a piece of well-known malware. So if your anti-virus and your anti-malware has been updated with the latest signatures, they’ll be able to stop it before it even executes inside of your computer. If the malware does get installed onto your computer, another place to stop the process will be during the exfiltration process as those files are sent off to the bad guys. So you could set up firewall rules or some monitoring software to help watch for any file transfers occurring from your computer. There are also standalone keylogging scanners that can watch for these keylogging process to occur in the operating system, and prevent them from capturing data or sending that data to the bad guys.