DOCSLIB.ORG

L6. Hacking, Malware, and Cyber Warfare

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
L6. Hacking, Malware, and Cyber Warfare Outline Malware: Definitions and Examples Cyber Warfare L6. Hacking, Malware, and Cyber Warfare Alice E. Fischer September 18, 2018 L6. Hacking. 1/25 Outline Malware: Definitions and Examples Cyber Warfare Malware: Definitions and Examples Cyber Warfare L6. Hacking. 2/25 Outline Malware: Definitions and Examples Cyber Warfare Dishonesty on the Internet Malware comes in may forms I Root kits, Viruses, worms, and Trojan horses I Spyware and weapons. I Dishonest adware. I Fake people, fake news, and \trending". Much of today's information is adapted from Wikipedia. L6. Hacking. 3/25 Outline Malware: Definitions and Examples Cyber Warfare Viruses Virus: a computer program that can replicate itself. I It must attach itself to another piece of software, and runs when that other software is activated. I January 1986: the Brain boot sector virus became the first virus epidemic. It infected IBM-compatible hardware. it was created in Lahore, Pakistan by 19 year old Pakistani programmer and his brother. I August 2012: Shamoon is designed to target computers running Microsoft Windows in the energy sector. Symantec, Kaspersky Lab and Seculert announced its discovery. L6. Hacking. 4/25 Outline Malware: Definitions and Examples Cyber Warfare Worms Worm: a standalone malware computer program that replicates itself in order to spread I November 2 1988: The Internet worm, created by Robert T. Morris, infected DEC VAX and Sun machines running BSD UNIX connected to the Internet. It became the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities. I November 21 2008: Computer worm Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta. The French Navy, UK Ministry of Defense (including warships and submarines), Sheffield Hospital network, German Bundeswehr, and Norwegian Police were all affected. L6. Hacking. 5/25 Outline Malware: Definitions and Examples Cyber Warfare Trojan Horses Trojan Horse: malware that masquerades as a legitimate file or a helpful program. When installed, it will give a hacker remote access to a targeted computer. Typical purposes: I Enroll the machine as part in a botnet I Data theft I Installation of third-party add-ons I Downloading, deletion of, or uploading files I Keystroke logging I Watching the user's screen I Crashing the computer I Anonymizing internet viewing L6. Hacking. 6/25 Outline Malware: Definitions and Examples Cyber Warfare Trojan Horses Trojans are currently becoming more prevalent. I 1974: ANIMAL, by John Walker for the UNIVAC 1108 became the first trojan to propagate itself \in the wild". It played a harmless guessing game, but also made copies of itself in all directories to which the user had access. I Anti-Spyware 2011, a trojan which attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It actually disables the security-related processes of anti-virus programs, while also blocking access to the Internet to prevent updates. I Is Kaspersky's antivirus a Trojan horse whose purpose is to gain access to U.S. defense systems? L6. Hacking. 7/25 Outline Malware: Definitions and Examples Cyber Warfare Spyware Malware that collects information without the user's knowledge. I In 2005, 61% of surveyed users' computers were infected with spyware. I Microsoft used to claim the right to install or remove software on any machine that ran Windows. I Keyloggers. (Several years ago at UNH. ) I Installed by employers to monitor employee usage. I Installed by crooks to get passwords. L6. Hacking. 8/25 Outline Malware: Definitions and Examples Cyber Warfare Spyware Major companies install spyware to collect personal information. Some of the products are aimed at children. I 2000: The Mattel toy company sold \Reader Rabbit" educational software that sent usage data back to Mattel. I 2011: Android malware was found in Angry Birds add-on apps. I Alexa records conversations in your home and reports them to Google. It is often in the news because of newly discovered surveillance issues. I Barbie relays conversations with children back to the company's processing center. L6. Hacking. 9/25 Outline Malware: Definitions and Examples Cyber Warfare Weapon-Malware The use of malware as a weapon is relatively new. I can find no mention of this before Stuxnet, in June 2010. Sept. 2011: Gauss I Gauss appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it. I Of the 2,500 or so discovered instances of Gauss across the world, about 1,660 of them were found in Lebanon. I The virus is specifically designed to target customers of Lebanese banks, aCitibank, eBay, and PayPal. L6. Hacking. 10/25 Outline Malware: Definitions and Examples Cyber Warfare Weapon-Malware Flame (September, 2012), a spy vs. spy weapon. I It attacks computers running the Microsoft Windows I It uses multiple encryption techniques and spreads through four different transfer protocols. I It record local activity and network traffic and attempts to download information from nearby computers. This info, plus local documents, is sent to one of several command servers. I It can delete itself it it receives a \kill" command. I Victims include governmental organizations, educational institutions and private individuals. At that time 65% of the infections happened in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt, L6. Hacking. 11/25 Outline Malware: Definitions and Examples Cyber Warfare Root Kit: Sony 2003? { November 2005 A set of tools that disable the diagnostic tools that are designed to let you discover that your system has been compromised. This gives the attacker privileged access to a computer, any time. I August 2000: Designed to combat Napster in an effective way, the XCP software was installed on Sony BMG music CDs. A detailed description and technical analysis was published in Oct. 2005. I XCP was installed silently, the EULA does not mention it, there was no uninstaller, and it created security holes. All are illegal in various ways and places. I Inexpert attempts to uninstall the software could lead to Windows failing to recognize an existing drive. I It used unsafe procedures to start/stop the rootkit, which could lead to the Blue Screen of Death. L6. Hacking. 12/25 Outline Malware: Definitions and Examples Cyber Warfare Phishing and Pharming I Phishing: Often delivered as spam, a phishing message tries to induce you to give up personal information that can be used to defraud you. I Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called \phishing without a lure." L6. Hacking. 13/25 Outline Malware: Definitions and Examples Cyber Warfare How does it get in the door? I It was put there when the equipment was manufactured or the system was installed. I System vulnerability + some level of access + known exploit I Plugging in an infected stick / disk. I Mis-designed features: autoexec.bat I Password cracking. I On-site collaborators: Firewalls are often configured to filter out tcp connection packets. But an insider can establish a connection to the outside, which then becomes a 2-way street. L6. Hacking. 14/25 Outline Malware: Definitions and Examples Cyber Warfare Fake people, Fake News, and \Trending" These are indirect cyber tools that foster \group-think" and can influence large numbers of people to believe things that are not true. I From Hitler, we learned that people will believe anything they hear over and over and over, from sources all around them. I Putin uses the same technique to control his own country. I During the 2016 presidential election, Russian hackers created multitudes of fake people (Facebook and Twitter accounts). They injected fake news into the network, and ensured that it was \liked" and \retweeted" again and again. The \trending" lies were picked up by thousands of unwary Americans and passed on to their friends. I By election day, hundreds of thousands of people did not know what was true. They had no idea that the news was planted. L6. Hacking. 15/25 Outline Malware: Definitions and Examples Cyber Warfare The Business of Hacking I Social Engineering: DefCon.pdf, http://www.defcon.org/ I Zero-Day.pdf: A price list for secret exploits I Who are the Hackers? I Government agencies: powerGrid.pdf, GoogleHacked.pdf I Military organizations. I Bored kids: ClassExercise.eml I Bright, angry young adults: PayForPlay.pdf I Professional thieves: FreeApps.rtf L6. Hacking. 16/25 Outline Malware: Definitions and Examples Cyber Warfare Definition and Overview An act is Cyber Warfare if it uses the internet and/or computer technology to attack another country's economy, infrastructure, government, or people. Motivations might be: I To weaken or destabilize an economy. I To damage the military readiness of a country. I Stealing military or industrial secrets and/or plans I Identifying the people who are spying on your country. L6. Hacking. 17/25 Outline Malware: Definitions and Examples Cyber Warfare Weapon-Malware The use of malware as a weapon is relatively new. I can find no mention of this before Stuxnet, in June 2010. Sept. 2011: Gauss I Gauss appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it. I Of the 2,500 or so discovered instances of Gauss across the world, about 1,660 of them were found in Lebanon. I The virus is specifically designed to target customers of Lebanese banks, aCitibank, eBay, and PayPal. L6. Hacking.
Load more

Recommended publications
  • The Spyware Used in Intimate Partner Violence
    The Spyware Used in Intimate Partner Violence Rahul Chatterjee∗, Periwinkle Doerflery, Hadas Orgadz, Sam Havronx, Jackeline Palmer{, Diana Freed∗, Karen Levyx, Nicola Dell∗, Damon McCoyy, Thomas Ristenpart∗ ∗ Cornell Tech y New York University z Technion x Cornell University { Hunter College Abstract—Survivors of intimate partner violence increasingly are decidedly depressing. We therefore also discuss a variety report that abusers install spyware on devices to track their of directions for future work. location, monitor communications, and cause emotional and physical harm. To date there has been only cursory investigation Finding IPS spyware. We hypothesize that most abusers find into the spyware used in such intimate partner surveillance (IPS). spyware by searching the web or application stores (mainly, We provide the first in-depth study of the IPS spyware ecosystem. Google Play Store or Apple’s App Store). We therefore We design, implement, and evaluate a measurement pipeline that combines web and app store crawling with machine learning to started by performing a semi-manual crawl of Google search find and label apps that are potentially dangerous in IPS contexts. results. We searched for a small set of terms (e.g., “track my Ultimately we identify several hundred such IPS-relevant apps. girlfriend’s phone without them knowing”). In addition to the While we find dozens of overt spyware tools, the majority are results, we collected Google’s suggestions for similar searches “dual-use” apps — they have a legitimate purpose (e.g., child to seed further searches. The cumulative results (over 27,000+ safety or anti-theft), but are easily and effectively repurposed returned URLs) reveal a wide variety of resources aimed at for spying on a partner.
    [Show full text]
  • Spytech Keystorke Copy
    Spytech Keystroke Spy Invisible Computer Keystroke Logging and Screen Capturing So�ware Keystroke Spy is a keylogger and computer monitoring solu�on that allows you to easily, and efficiently log what your computer users are doing. Keystroke Spy is a powerful tool that can log every keystroke users type and capture screenshots of their ac�vi�es. Keystroke Spy can run in total stealth, email you when specific keywords are typed, and can even be set to only log keystrokes typed in specific applica�ons. With Keystroke Spy you will be able to log websites users visit, emails they send, passwords they use, appli- ca�ons they interact with, typed documents, and see everything they did with visual screenshot playback! Uses: - Home Keystroke Spy can be used in many computer environments, and in countless ways. Here are a few possible uses for Keystroke Spy Computer Monitoring Parental Control Employee Monitoring Keystroke Logger / Keylogging Spouse Monitoring Internet Monitoring **Log Delivery via E-Mail Overview Keystroke Logging and Screenshot Applica�on Usage Capturing Social Ac�vity, Emails & Chats Remote Ac�vity Log Delivery via Email Document Ac�vity Secure Stealth Opera�on Specific Applica�on Logging Keystrokes and Passwords Keyword Phrase Alerts Screenshot Captures Easy-to-use Interface Website Usage & Searches Tracks User Activities by Logging All Keystrokes and Capturing Screen shots Remote Monitoring and Behaviour Alerts via Email Completely Secure, Stealth Monitoring Keystroke Logging and Screenshot Recording Keystroke Spy's keystroke logger allows you to record all keystrokes users type while using your computer. All logged keystrokes are viewable in their raw format, displaying the keys as they were typed, and can be formatted for easy viewing.
    [Show full text]
  • (Fake Websites) Spam, Phishing and Pharming Are All Terms Relating to Dubious
    Spam (Junk email and Phishing email) and Pharming (fake websites) Spam, phishing and pharming are all terms relating to dubious online practices, either to sale goods or services online or to gain access to confidential information, often with malicious intent. Spam is the term used to describe unwanted (junk) emails that are typically distributed in bulk. Spam messages will typically contain commercial content – examples include pornography, pharmaceuticals, dubious financial transactions, or ‘too good to be true’ offers. In most cases, spam emails are sent with fraudulent intent, but there are also cases where reputable companies or private users send mass emails too. An example of Junk email: (to many recipients, requesting a response) Spam can also be used to launch phishing attacks where users are sent emails tricking them into ‘updating’ their personal details online via a fake website (imitating a bank or similar). The tricky part is that phishers pretend to be someone you know, like a bank or even a department from right here at Purdue, to make you think they are trustworthy. That’s why it’s so important to keep in mind that CLA-IT or any other Purdue department will NEVER, under any circumstance, ask you for your login information via email or web form. Anyone asking for this type of information via email is undoubtedly a fraud. Spam can also be used as a means of distributing malicious software, which can install key-logging software on your PC without your knowledge. Pharming is the term used to describe the process of redirecting users to a fraudulent copy of a legitimate website, again with the aim of stealing personal data and passwords for criminal intent.
    [Show full text]
  • Mcafee Potentially Unwanted Programs (PUP) Policy March, 2018
    POLICY McAfee Potentially Unwanted Programs (PUP) Policy March, 2018 McAfee recognizes that legitimate technologies such as commercial, shareware, freeware, or open source products may provide a value or benefit to a user. However, if these technologies also pose a risk to the user or their system, then users should consent to the behaviors exhibited by the software, understand the risks, and have adequate control over the technology. McAfee refers to technologies with these characteristics as “potentially unwanted program(s),” or “PUP(s).” The McAfee® PUP detection policy is based on the process includes assessing the risks to privacy, security, premise that users should understand what is being performance, and stability associated with the following: installed on their systems and be notified when a ■ Distribution: how users obtain the software including technology poses a risk to their system or privacy. advertisements, interstitials, landing-pages, linking, PUP detection and removal is intended to provide and bundling notification to our users when a software program or technology lacks sufficient notification or control over ■ Installation: whether the user can make an informed the software or fails to adequately gain user consent to decision about the software installation or add- the risks posed by the technology. McAfee Labs is the ons and can adequately back out of any undesired McAfee team responsible for researching and analyzing installations technologies for PUP characteristics. ■ Run-Time Behaviors: the behaviors exhibited by the technology including advertisements, deception, and McAfee Labs evaluates technologies to assess any impacts to privacy and security risks exhibited by the technology against the degree of user notification and control over the technology.
    [Show full text]
  • Hardware Keylogger User Guide
    KeyGrabber Forensic Keylogger User’s Guide KeyGrabber Forensic Keylogger Check http://www.keelog.com/ for the latest version of this document. 1 Copyright © www.keelog.com KeyGrabber Forensic Keylogger Table of contents Table of contents ...................................................................................................................... 2 Getting started .......................................................................................................................... 2 Introduction .............................................................................................................................. 3 About the product ................................................................................................................. 3 Features ............................................................................................................................... 3 Requirements ....................................................................................................................... 3 Applications .......................................................................................................................... 4 Quick start ................................................................................................................................ 5 Recording keystrokes ............................................................................................................... 6 Viewing recorded data .............................................................................................................
    [Show full text]
  • Component 3 Learning Aim B Cyber Security- B1 Threats to Data Why Systems Are Attacked
    Component 3 Learning Aim B Cyber Security- B1 Threats to Data Why Systems are Attacked Key Vocabulary Intellectual Property An idea that you invented that belongs to you, for example, an image that is copyrighted. Ransomware A form of malware, usually infecting unprotected digital systems, occurring when users open malicious email attachments. Malware A malicious form of software that is transferred to, and then executed on, a user’s machine to damage or disrupt the system or allow unauthorised access to data. Denial-of-Service (DoS) attacks Attack a remote computer by making it unable to respond to legitimate user requests. Cybersecurity The combination of policies, procedures, technologies and the actions of individuals to protect from both internal and external threats. Organisations have become reliant on digital systems to hold data and perform vital business functions. Data and information theft Many organisations have their digital systems attacked daily. Industrial Espionage Data and information both have value as they can be sold The reasons these attacks may occur are varied Intellectual property (designs, business strategy for financial gain. etc) can be stolen through organised cyberattacks. This can be done by stealing customer payment information and then using it to purchase goods These types of assets can be highly valuable, leading •Fun/ illegally. to cheaper, fake copies of products being sold and Breaches of data and information are a major cause of •challenge the original organisation suffering a loss of income. identity theft. •Data and Financial Gain Fun/ Challenge •Industrial information • Hackers may attack systems for the thrill, adrenaline espionage theft A very simple motive: money.
    [Show full text]
  • KEYLOGGERS Comparison of Detection Techniques & Its
    INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY, VOLUME-4, ISSUE-11, NOV-2017 E-ISSN: 2349-7610 Cyber Security – KEYLOGGERS Comparison of Detection Techniques & Its Legitimate Use Aaradhya Gorecha Information Technology Department SVKM NMIMS MPSTME, Shirpur, Maharashtra, India. ABSTRACT This paper presents an introduction of key loggers with explaining the different types and comparison of different detection techniques overview. Also how one of these technique which could be used for keeping to keep a watch on the children web activites to guarentee their protection from online predators and dangers. And also organizations can also use this technique to monitor their employee’s activity on internet. Index Terms:- Keyloggers, hooking, KLIMAX, OS. 1. INTRODUCTION Mainly keyloggers are divided into two types Hardware Keyloggers are software or hardware tools which capture the keylogger and Software keylogger. Hardware key loggers are computer user’s keystrokes and then send this information the electronic devices used for keystroke logging or capturing back to attackers. Keylogger has some bad reputation in the the information between the keyboard device and input/output world of technology because it is often linked with illegal use port. These type of devices have a inbuilt storage where they of the someone personal data. But it can also be used for some capture the keystrokes so a person who had installed it on the of the legal functions. An example can be taken as of the system can get the information of all the activities done on that company security purpose, which states that web activities of system. workers can be checked and keylogger can be used to monitor Software keylogger programs are made to work on the target any employee, which is suspected of being a insider threat.
    [Show full text]
  • Phishing – a Growing Threat to E-Commerce
    Phishing – A Growing Threat to E-Commerce M. Tariq Banday* and Jameel A. Qadri** * Department of Electronics & Instrumentation Technology, The University of Kashmir, Srinagar – 190006, email: [email protected]. ** School of Computing, Middlesex University, Hendon, London, UK, email: [email protected]. Abstract: In today’s business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing – a constantly growing and evolving threat to Internet based commercial transactions. Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed. This paper also highlights the latest phishing analysis made by Anti-Phishing Working Group (APWG) and Korean Internet Security Center. Introduction commerce has given a boon to both customers and Electronic Commerce (E-Commerce) is commercial businesses by driving down costs and prices. E- transactions conducted electronically especially commerce allows real-time business across using a computer over a large network like Internet. geographical borders round the clock. In developed It involves exchange of business information using countries almost all business employs e-commerce electronic data interchange (EDI), email, electronic or has e-commerce provisions and in developing bulletin boards, fax transmissions, electronic funds countries like India, it is registering a rapid growth transfer, etc. Internet shopping, online stock and in terms of both popularity among consumers and bond transactions, selling and purchase of soft the revenue generated through e-commerce merchandise like documents, graphics, music, (Vashitha–2005).
    [Show full text]
  • Trojans and Malware on the Internet an Update
    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
    [Show full text]
  • Malware Types
    What is Malware? As a catch-all term, these are the the top 10 and how they work. TROJANS 10 It takes its name from the ancient trojan horse and tries to blend in with other applications to open up a backdoor. This allows access to a host of undetectable malicious software. 9 WORMS There are several types of malicious computer worms. They propagate themselves to carry a payload of malware, such as a viruses, that can spread to other programs or systems. PHISHING 8 These are emails that are essentially con jobs in that someone has to convince you they are credible and can be trusted. They try to trick you in to a reply or to click on a link or an attachment used for identity or financial theft or fraud. 7 KEYLOGGERS This is an insidious form of spyware. As you enter sensitive data onto your keyboard the, keylogging software is hard at work logging everything that you type, including usernames and passwords. BACKDOORS 6 Backdoors are where unauthorized users are able to bypass normal security measures and gain high level user access on a computer system, network or software application to "HEART, SMARTS, GUTS, AND LUCK" Read more at stBeY aAlN TpHeONrYs,o RnICaHlA RaDn, AdN Df TinSUaNn-YcAiNal data, instarlelallygreatsite.com. additional malware and hijack devices. 5 EXPLOITS An exploit is a piece of code or a program that takes advantage of any application or system vulnerabilities in an attempt to attempt to install and execute malware. ADVANCED PERSISTENT THREAT (A4PT) As the name suggests, this malware uses continuous, clandestine and sophisticated hacking techniques to sneak its way into a system and remain for a prolong time to monitor it and persistently steal data.
    [Show full text]
  • Advanced Persistent Threats (Apt): an Awareness Review
    Journal of Economics and Economic Education Research Volume 21, Issue 6, 2020 ADVANCED PERSISTENT THREATS (APT): AN AWARENESS REVIEW Hussin J. Hejase, Senior Researcher, Beirut, Lebanon Hasan F. Fayyad-Kazan, Al Maaref University, Management Information Technology, Beirut, Lebanon, Imad Moukadem, Al Maaref University, Compuetr Science, Beirut, Lebanon ABSTRACT COVID-19 pandemic has become a major threat to all institutions, irrespective of its economic role, private and public, by threatening all the functions capitalizing on the Information and Communications Technology (ICT) infrastructure, networks, systems and Internet-based solutions including Internet of Things and Cloud computing. The field is open to advanced persistent threats (APTs) whereby the outcomes may become very costly to all institutions and governments across the globe. This paper aims to shed light on the premises of APT in order to provide awareness to what it is, understanding its functions and how to mitigate its impact on institutions of all sizes. The approach is based on descriptive analysis based on secondary data reported in books, journals, websites and blogs. The outcomes are presented as an eye opener to the current status-quo of systems and networks and how to remedy the aforementioned threats. Keywords: Advanced Persistent Threat, APT, ICT, Life Cycle, Mitigation, Cyberattacks. INTRODUCTION An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an unauthorized person (an intruder) gains access to a network and stays there undetected for a long period of time (Rouse, 2020; Gonzalez, 2014). According to Jeun, et al. (2012), APT is an invention by a community involved in cyber-espionage to steal information for monetary gains.
    [Show full text]
  • The Strange World of Keyloggers - an Overview, Part I
    https://doi.org/10.2352/ISSN.2470-1173.2017.6.MOBMU-313 © 2017, Society for Imaging Science and Technology The strange world of keyloggers - an overview, Part I Reiner Creutzburg Technische Hochschule Brandenburg, Department of Informatics and Media, IT- and Media Forensics Lab, P.O.Box 2132, D-14737 Brandenburg, Germany Email: [email protected] Abstract events, as if it was a normal piece of the application instead In this article we give a bibliographic overview of keyloggers of malware. The keylogger receives an event each time the and review the relavant hard- and software and mobile keyloggers user presses or releases a key. The keylogger simply records that are available and in use. The functionalities, availability, it. + Windows APIs such as GetAsyncKeyState(), GetFore- detection possibilities of keyloggers are described and reviewed. groundWindow(), etc. are used to poll the state of the key- In a future Part II keyloggers for mobile devices and the eth- board or to subscribe to keyboard events [3]. A more recent ical and legal aspects are reviewed. example simply polls the BIOS for pre-boot authentication PINs that have not been cleared from memory [4]. Keylogger – Introduction • Form grabbing based: Form grabbing-based keyloggers Keystroke logging, often referred to as keylogging [1] or log web form submissions by recording the web browsing keyboard capturing, is the action of recording (logging) the keys on submit events. This happens when the user completes a struck on a keyboard, typically covertly, so that the person using form and submits it, usually by clicking a button or hitting the keyboard is unaware that their actions are being monitored.
    [Show full text]