Keyloggers – 6 Simple Tips to avoid being a victim of Keylogging

How safe is internet banking? Online banking fraud has doubled in the first half of 2009.

 

Some customers are still falling foul of ‘phishing’ schemes i.e emails that pretend to be from a bank and then direct customers to bogus websites where their passwords are stolen.

 

But more careful online bank customers are also suffering at the hands of underground hacking technology – ‘Keylogging’ – and is largely held responsible for the rise in online fraud.  Unlike Phishing, this is not an attack that alert and sophisticated users can avoid.

 

A keylogger is a software program or a device designed to secretly monitor and log all keystrokes.

 

Many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan programs.

 

Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard.  So any PC – which could even be your home PC – can be vulnerable to keylogging software.

 

Here are some simple tips you can take to prevent being the next victim of a keylogging attack – after all prevention is definitely better than losing the money in your bank!!

 

Tip 1 – Have a robust and updated anti virus solution running

 

Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date. However, since most antivirus products classify keyloggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common keyloggers.

 

Tip 2 – Use a firewall always

 

Most keylogger software transmit a “I am alive” message as well as the recorded keystrokes to the bot handler.  To detect this, install a personal firewall on your PC and keep a track of the data that is being sent by your PC to the external world.

 

Configure an alert whenever any data is being transmitted to internet, review the alert and block the file or port if it is a suspicious data packet.

 

Tip 3 – Use a virtual keyboard

 

Another method which can be used to protect against both keylogging software and hardware is using a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be ‘pressed’ by using a mouse.

 

So if your net banking login screen has a virtual keyboard use it always.

 

The idea of an on-screen keyboard is nothing new – the Windows operating system has a built-in on-screen keyboard that can be launched as follows: Start > Programs > Accessories > Accessibility > On-Screen Keyboard.  Unfortunately this emulates keystrokes and sends them to the application that has focus. Even the simplest keylogger will catch all of the entries from the On screen keyboard as though they were typed.

 

Thus only specially designed virtual keyboards will prevent keylogging attempts …. we hope that the banks that have deployed virtual keyboards have specifically designed it that way.

 

Tip 4 – Check the system processes running

 

At weekly intervals check the system processes running by typing “msconfig” in your Run Command.  Note down the processes that are currently running as well as the processes that are configured to automatically Start when your system boots.

 

Investigate suspicious processes – which is easier said than done !!

 

Unfortunately, malware processes are rarely named “evil keylogger.exe” !! Often malware, like keyloggers, have names that are similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious one.

 

Further there are quite a few keyloggers that will not show up at all in the Task Manager process list.

 

Nevertheless, precaution is better than cure.

 

Tip 5 – Fool the keylogger – a simple way

 

Another tip – as suggested by a couple of researchers at Microsoft – is to type your password in random way.

 

Like if your password is “yourpassword”: Type “password” first then bring cursor to beginning, type “your”.  This way you can fool keyloggers.

 

Tip 6 – Fool the keylogger – a more methodical way

 

The string of keys sent to the browser will often contain domain names, followed by userid and passwords.

For example the segment www.netbanking.xyz.comiamsafeweak123 tells the logger that user id “iamsafe” has password “weak123” at www.netbanking.xyz.com

 

So one way of fooling the keylogger is by entering random keys so that they will be seen by the keylogger, but will not affect normal login.

 

The trick lies in the fact that keyloggers employ very low level OS calls. The keylogger sees everything, but it doesn’t understand what it sees. The browser also sees everything, but it doesn’t use everything that it sees: it does not know what to do with keys that are typed anywhere other than the text entry fields, and lets them fall on the floor. The keylogger has no easy way to determine which keys are used by the browser and which fall on the floor.

 

Between successive keys of the password enter random keys. The string that the keylogger receives will contain the password, but embedded in so much random junk that discovering it is not feasible.

 

Here is the method:

 

Navigate to the login page desired;

Type in the userid;

 

In the password field enter the first character of the password, then click somewhere outside the password field on a text (not a hyperlink) and enter some random characters, then click again on the password text field enter a few password characters and repeat this process.

 

The browser will ignore the random characters entered outside the password field, but the text that the keylogger will record will be something like

www.netbanking.xyz.comiamsafewrfeolsdfadjflkrefj1sdfsd2dfvjl3flsdlf

 

It involves typing random characters between successive characters of the password, and changing focus to and from the password field using the mouse.

 

Follow these tips and have a safe online banking experience.

Comments are closed.