Spywares and Keylogger


2.Known Spywares
3.How to check if a program has spyware?
4.Blocking Pop-ups
5.Removing Spyware
6.Link of a video on Spyware

3.Keylogger as a Threat
4.Demo Of Keylogger


Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge."Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies. Spyware is mostly used for the purposes of tracking and storing Internet users' movements on the Web and serving up pop-up ads to Internet users.

Known spywares
There are thousands out there, new ones are added to the list everyday.But here are a few: Alexa, ClickTillUWin, Cyber gate, Dark Comet etc. Keylogger is also a type of spyware.





ClickTillUWin is installed along with most file-sharing applications even when you choose not to install it. It is an online lottery game with an adware component that displays advertisements. ClickTillUWin regularly connects to its web site, www.2001-007.com, and reports your ID (unique number), IP address, web browser version and browsing habits to this site.



Type of spyware which can take over the control of whole computer and can also send malicious trojons.

Dark comet


DarkComet is a backdoor Trojan or RAT that enables remote hackers to spy on your computer’s keyboard input or webcam, steal files or download malicious files onto the PC

A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware. http://www.spywareguide.com/product_search.php

Blocking Pop-ups
There are many ways but I will suggest you any two of these:-
Google Toolbar (http://toolbar.google.com/) This program is Free

AdMuncher (http://www.admuncher.com) This program is Shareware

Removing Spyware

Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free

Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Spybot-S&D (http://www.safer-networking.org/) This program is Free


Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware

Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware

Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
Prevent "spyware" from being install.

SpywareBlaster 2.6.1(http://www.wilderssecurity.net/spywareblaster.html) This program is Free


Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free

Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

XP-AntiSpy (http://www.xp-antispy.org/) This program is Free


Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free

Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

Link For A Short Video On Spyware-:



Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.A keylogger doesn't have to be software – it can also be a device. Keylogging devices are much rarer than keylogging software, but it is important to keep their existence in mind when thinking about information security.
Legitimate programs may have a keylogging function which can be used to call certain program functions using "hotkeys," or to toggle between keyboard layouts (e.g. Keyboard Ninja). There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.
Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including:
• Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content;
• Jealous spouses or partners can use a keylogger to track the actions of their better half on the Internet if they suspect them of "virtual cheating";
• Company security: tracking the use of computers for non-work-related purposes, or the use of workstations after hours;
• Company security: using keyloggers to track the input of key words and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed;
• Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers;
• Other reasons.


Software-based keyloggers
These are computer programs designed to work on the target computer's software. From a technical perspective there are several categories:
Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes a virtual machine.
Kernel-based: A program on the machine 'gets root' and hides itself in the OS, and starts intercepting keystrokes (because they always go through the kernel). This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications who don't have root access.
API-based: These keyloggers hook keyboard APIs inside a running application. The keylogger registers for keystroke events, as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key. The keylogger simply records it.
• Windows APIs such as GetAsyncKeyState(), GetForegroundWindow(), etc. are used to poll the state of the keyboard or to subscribe to keyboard events. A more recent example simply polls the BOIS for pre-boot authentication PINs that have not been cleared from memory.
Form grabbing based: Form grabbing -based keyloggers log web form submissions by recording the web browsing on submit events.
Memory injection based: Memory Injection (MitB)-based keyloggers alter memory tables associated with the browser and other system functions to perform their logging functions. By patching the memory tables or injecting directly into memory.

Hardware-based keyloggers


Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.
Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector. There are also USB connectors based Hardware keyloggers as well as ones for Laptop computers (the Mini-PCI card plugs into the expansion slot of a laptop).
Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked beforehand if the transmissions are to be read.
Keyboard overlays: Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.[16]
Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via statistical methods such as frequency anaylise. The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters.] A fairly long recording (1000 or more keystrokes) is required so that a big enough sample is collected.
Electromagnetic emissions: It is possible to capture the electromagnetic emmission of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it. In 2009, Swiss researchers tested 11 different USB, PS/2 and laptop keyboards in a semi-chamber and found them all vulnerable, primarily because of the prohibitive cost of adding shielding during manufacture. The researchers used a wide-band receiver to tune into the specific frequency of the emissions radiated from the keyboards.
Optical surveillance: Optical surveillance, while not a keylogger in the classical sense, is nonetheless an approach that can be used to capture passwords or PINs. A strategically placed camera, such as a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being entered.
Physical evidence: For a keypad that is used only to enter a security code, the keys which are in actual use will have evidence of use from many fingerprints. A passcode of four digits, if the four digits in question are known, is reduced from 10,000 possibilities to just 24 possibilities (104 versus 4! (factorial of 4)). These could then be used on separate occasions for a manual "brute force attack".
Smartphone sensors: Researchers have demonstrated that it is possible to capture the keystrokes of nearby computer keyboards using only the commodity accelerometer found in smartphones

Keylogger can getting into your computer
Most keyloggers on average computers arrive as malware. If your computer becomes compromised, the malware may include a keylogger or function as a Trojan that downloads the keylogger along with other harmful software. Keyloggers are a popular form of malware because they allow criminals to steal credit card numbers, passwords, and other sensitive data.
Keystroke-logging software may also be installed by someone close to you. A protective parent might go beyond typical parental control and install software that includes a keylogger, allowing them to see everything their child types.
• a keylogger can be installed when a user opens a file attached to an email;
• a keylogger can be installed when a file is launched from an open-access directory on a P2P network;
• a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits a infected site;
• a keylogger can be installed by another malicious program already present on the victim machine, if the program is capable of downloading and installing other malware to the system.

Keylogger as a Threat


Increasing Use Of Keylogger—Graph->
Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.
Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user's account or access the user's online gaming account. Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual's loss of a few dollars. Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).
Keyloggers, phishing and social engineering are currently the main methods being used in cyber fraud. Users who are aware of security issues can easily protect themselves against phishing by ignoring phishing emails and by not entering any personal information on suspicious websites. It is more difficult, however, for users to combat keyloggers; the only possible method is to use an appropriate security solution, as it's usually impossible for a user to tell that a keylogger has been installed on his/ her machine.
How to protect yourself from keyloggers
Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date. However, since most antivirus products classify keyloggers aspotentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common keyloggers.
Let's take a closer look at the methods that can be used to protect against unknown keyloggers or a keylogger designed to target a specific system.
Since the chief purpose of keyloggers is to get confidential data (bank card numbers, passwords, etc.), the most logical ways to protect against unknown keyloggers are as follows:
1. using one-time passwords or two-step authentication,
2. using a system with proactive protection designed to detect keylogging software,
3. using a virtual keyboard.
Using a one-time password can help minimize losses if the password you enter is intercepted, as the password generated can be used one time only, and the period of time during which the password can be used is limited. Even if a one-time password is intercepted, a cyber criminal will not be able to use it in order to obtain access to confidential information.
In order to get one-time passwords, you can use a special device such as:
1. a USB key (such as Aladdin eToken NG OTP):


2. a 'calculator' (such as RSA SecurID 900 Signing Token):


In order to generate one-time passwords, you can also use mobile phone text messaging systems that are registered with the banking system and receive a PIN-code as a reply. The PIN is then used together with the personal code for authentication.
If either of the above devices is used to generate passwords, the procedure is as described below:
1. the user connects to the Internet and opens a dialogue box where personal data should be entered;
2. the user then presses a button on the device to generate a one-time password, and a password will appear on the device's LCD display for 15 seconds;
3. the user enters his user name, personal PIN code and the generated one-time password in the dialogue box (usually the PIN code and the key are entered one after the other in a single pass code field);
4. the codes that are entered are verified by the server, and a decision is made whether or not the user may access confidential data.
When using a calculator device to generate a password, the user will enter his PIN code on the device 'keyboard' and press the ">" button.
One-time password generators are widely used by banking systems in Europe, Asia, the US and Australia. For example, Lloyds TSB, a leading bank, decided to use password generators back in November 2005.
In this case, however, the company has to spend a considerable amount of money as it had to acquire and distribute password generators to its clients, and develop/ purchase the accompanying software.
A more cost efficient solution is proactive protection on the client side, which can warn a user if an attempt is made to install or activate keylogging software.


Proactive protection against keyloggers in
Kaspersky Internet Security

The main drawback of this method is that the user is actively involved and has to decide what action should be taken. If a user is not very technically experienced, s/he might make the wrong decision, resulting in a keylogger being allowed to bypass the antivirus solution. However, if developers minimize user involvement, then keyloggers will be able to evade detection due to an insufficiently rigorous security policy. However, if settings are too stringent, then other, useful programs which contain legitimate keylogging functions might also be blocked.
The final method which can be used to protect against both keylogging software and hardware is using a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be 'pressed' by using a mouse.
The idea of an on-screen keyboard is nothing new - the Windows operating system has a built-in on-screen keyboard that can be launched as follows: Start > Programs > Accessories > Accessibility > On-Screen Keyboard.


However, on-screen keyboards aren't a very popular method of outsmarting keyloggers. They were not designed to protect against cyber threats, but as an accessibility tool for disabled users. Information entered using an on-screen keyboard can easily be intercepted by a malicious program. In order to be used to protect against keyloggers, on-screen keyboards have to be specially designed in order to ensure that information entered or transmitted via the on-screen keyboard cannot be intercepted.

Demo of Keylogger

This is a basic keylogger known as CS Kelogger made in C#.


First we went to gmail and wrote password and Id. It is clear that keylogger logged all the keys pressed by us and showing everything even our password clearly.

Team Member
Shivam Kumar(2014161)
Mohammad Nayeem(2014147)
Akshit Singh(2014010)

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License