signum soft keylogger

8/10/2019 Signum soft keylogger

1/12

KEYLOGGER SOFTWARE

11.11.2014.


2/12

CONTENT:

1. INTRODUCTION

2. THE CONCEPT OF KEYLOGGER

2.1.

Why can keylogger pose a threat?

3. TYPES OF KEYLOGGER SOFTWARE

3.1. Keylogger software

3.2. Hardware keylogger

4. THE WORK OF KEYLOGGER

5. PRODUCTION OF KEYLOGGER

6.

CONCLUSION


3/12

1. INTRODUCTION

Nowadays, information technology is rapidly evolving and increasingly makes life easier to

people. Also, the daily operations of individuals and large companies has been greatly

facilitated. Along with the many advantages that today's level of computerization offers, itshould be noted that the flow of information is not fully secure. There are many ways of

invasion of privacy and theft of confidential data and the large number of malicious programs

that make it happen.

This thesis aim is to present keyloggers, malicious programs that represent a great threat to

privacy and security, and make it by tracking the user's input character. Furthermore, it will be

described making a simple keylogger which will be implemented basic functionality and

methods of attack. The first chapter will describe the main representatives of the term

"keylogger". The second chapter will deal with the division of the keylogging software and

hardware as well as any of their subspecies. In the third chapter principles of operation of

each keyloggers and programming mechanisms they use, will be presented. The next chapter

will give a full insight into the process of making keyloggers. It will describe all the

functionality and code that allows them. It will also be described himself working principle

keylogger applications from initial infection to successful computer theft of confidential data.

2. THE CONCEPT OF KEYLOGGER

The term 'keylogger' itself is neutral and indicates the function of a program. Most sources

define a keylogger software program that secretly monitors and saves every keystroke on your

keyboard. Such a definition is not entirely accurate because thekeyloggerdoes not have to be

a software program, but may also be a device or hardware keylogger (as it will be shown

later). Although much less frequently used when talking about computer security, it is

important to point out their existence. Also, keylogging functionality can be (and often are)

much more than simple storage keystrokes.

The types of keyloggers and their functionality will be described in more details later in this

thesis. Legitimate programs may have a keylogging function that can be used in calling some

program functionality using "hotkeys" (or shortcut key combination). There are plenty of

legitimate software that allows administrators to monitor employees during working hours orusers to monitor the activities of guests at their own computers. However, there is a thin line
https://www.youtube.com/watch?v=72ESWT9VQdAhttps://www.youtube.com/watch?v=72ESWT9VQdAhttps://www.youtube.com/watch?v=72ESWT9VQdAhttps://www.youtube.com/watch?v=72ESWT9VQdA


4/12

between justified monitoring and espionage. Legitimate software is often maliciously used to

steal a user's secret information such as passwords, credit card numbers, etc.

Most modern keyloggers are considered legitimate software or hardware, and are available for

purchase in the open market. Developers and software dealers offer a long list of purposes for

which it is appropriate to use keyloggers:

-Security Companies: monitoring whether the computers used for the purposes of

contingencies is in the job description;

-Security Company: using keyloggers in order to monitor keywords and phrases related to

business secrets whose disclosure would harm the Company;

-Parental Control: Parents can monitor what their children are doing on the Internet and can

be notified about accessing web pages with inappropriate content;

- Jealous spouses or partners can use keylogger to monitor the actions of their better half;

- Law conduction as one of the methods of collecting evidence in a criminal investigation.

The stated reasons for the use of keyloggingare more subjective than objective whichmeans

that ll these situations can be resolved by other methods. Every legitimate keylogging

program can still be used with the evil and criminal intentions.

Today, keyloggers mainly used in such, evil intentions to steal the user's secret data is mostly

related to online payment. Having that in mind the creators of malicious programs are

constantly writing new keyloggers.
http://signum-soft.com/keylogginghttp://signum-soft.com/keylogginghttp://signum-soft.com/keylogging


5/12

Furthermore, many keyloggers hide in the computer system (rootkit functionality) which

makes them full-blooded Trojan programs.

2.1. Why can keylogger pose a threat?

Unlike other malware, keyloggers do not pose a threat to a computer system. Nevertheless, a

major threat to the users of the computer system since they can be used to intercept passwords

and other confidential information entered by the keyboard, and other entering devices. As a

result, cyber criminals can get to the pin codes and account numbers of various e-payment

systems, passwords, online accounts, email addresses, etc ... Once you come forward to

confidential user information with ease can make a transfer of money from the customer's e -

account to yours. Unfortunately, access to confidential data may floor when you have a more

serious and far-reaching consequences of losing money.Best keyloggercan be used as a tool

for both industrial as well as for political espionage and thus lead to the disclosure of

classified state information that could furthermore lead to compromising the security of the

state organizations (eg, stealing private encryption keys).

Source:

http://signum-soft.com/features

3. TYPES OF KEYLOGGER SOFTWARE

It can be said that the keylogger software or hardware entities that perform keylogging

function (Eng. keystroke logging). Furthermore, we can define keylogging as the process of

capturing and monitoring (and saving) the keys typed on a keyboard, typically on a
http://signum-soft.com/http://signum-soft.com/http://signum-soft.com/http://signum-soft.com/featureshttp://signum-soft.com/featureshttp://signum-soft.com/featureshttp://signum-soft.com/screenshot-capturehttp://signum-soft.com/screenshot-capturehttp://signum-soft.com/screenshot-capturehttp://signum-soft.com/screenshot-capturehttp://signum-soft.com/screenshot-capturehttp://signum-soft.com/featureshttp://signum-soft.com/


6/12

confidential manner so that the user is not aware that his actions monitored. There are a large

number of keylogging methods, software and hardware, to electromagnetic and those based

on sound analysis ...

3.1. Keylogger Software

These are software programs designed to work on computer. They run hidden from the eyes

of customers and intercept all keystrokes on the computer on which they run.

Furthermore, a software keylogger certain intervals sends "caught" button attacker (e-mail,

FTP server, etc.).

Distinctions of sofwares according to their technical design and mode, we can divide

keyloggers into five categories :

1. Hypervisor-Based

Keylogger can be placed inside a virtual machine Malware hypervisor where, in

principle, is performed "below the" operating system, which stays unchanged. This

effectively becomes a virtual machine Virtual machine and is not in the operating

system, and this makes it difficult to find.

2. Kernel-Based

These keyloggers are very effective and difficult to eradicate. They are on the kernel

level which makes them difficult to detect. Often implemented as rootkits and so fraud

system that they see as their integral part. As part of the kernel, these programs do not


7/12

have barriers to access all hardware entries. Often implemented as the keyboard

drivers and therefore they are allowed to access directly entered with characters even

before they reach the operating system. Their complexity makes it very difficult for

them to program a while and rarely used.

3. API-based

These keyloggers are "hung up" on the API (application programming interface) so it

informs the operating system each time the button is pressed on the keyboard, and they

just store these characters. Using the API functions like GetAsyncKeyState ,

GetForegroundWindow to retrieve the state of the keyboard, and subscribe to events

from the keyboard . These keyloggers are easier to program the preceding it is more

often used.

4. Grabbing based form

These keyloggers are based on retrieving copy of the the event in function of Internet

browser (browser event functions) and recording of confidential informations with

dedicated web form. Informations recorded prior to their surrender itself for further

and thus bypasses HTTPS encryption.

5. Packet Analyzers

Type of keyloggers that capture and analyze packets mesh traffic affiliated with HTTP

POST events for the purpose of reach noncripted passwords. Keylogger softwarescan


8/12

be enhanced with additional functionalities to reach to users information without

relying on keystrokes from the keyboard as the only input.

Some of the additional functionality:

Clipboard Logging- keylogger captures all the information that the user copied into

the current containe - clipboard.

Screen Logging (screenshots)- saves picture of the current state of the screen in order

to come up with any graphical information. It is possible to capture the entire screen, a

window only one application or even just the area around the mouse pointer. Images

are captured periodically or as a result of user actions (eg, mouse click).

Text capturing within the control- Windows API allows retrieval of some control,

which means that it is possible to get to the passwords even if they are hidden behind a

mask (usually a sign asterisk).

Catching any open programs, folders or windows as well as a screenshot of every

visited web pages.

Catching Query browser, instant messenger conversations applications and other

Internet activities.
http://signum-soft.com/keyloggerscreenshotshttp://signum-soft.com/keyloggerscreenshotshttp://signum-soft.com/keyloggerscreenshots


9/12

3.2. Hardware keylogger

Hardware keyloggers are not dependent on the software installed and are as a device in the

computer system. The most commonly implemented as a condition of the connection between

the keyboard and the computer. They record all keyboard activity and are stored in its own

internal memory.

4.THE WORK OF KEYLOGGER

The main idea behind keylogger is to stand between the two series of events from the moment

when a key is pressed on the keyboard to display information on the screen. As described

above, this can be achieved either by video surveillance hardware modification of the

keyboard, inserting a device between the computer and the keyboard driver modification, a

modification of the kernel, or, most often, requesting information from the keyboard using the

standard API methods.

Most widespread methods for entering characters are:

- Systemic Hook that IS using WinAPI method (SetWindowsHook) intercepts a call

about the pressed key

- Demand-cyclic keyboard (keyboard cyclical information request) for information

about the key you press. Implemented WinAPI methods Get (Async) KeyStore or

GetKeyboardState

- By Using filter DriverS keyboard. Type of drivers which first receives the information

about the pressure keys and forwards the information to drivers of operating system


10/12

The following is an outline of different types of keyloggers, depending on the type of

implemented methods. Recently increasingly present keyloggers that use different methods of

masking their files to avoid detection. One of the noted software is Signum best keylogger.

These methods fall under tzv.rootkit method, or set of programs that can hide files and

running processes of the operating system.

5.PRODUCTION OF KEYLOGGER

Here it will be shown an example of a simple keylogger software. Also it will be explained in

more detail the process of creating the same. Furthermore, it will be described all that maters

including functionality and program code which allows their use.

Therefore, the goal is to write a keylogger application that will have the basic characteristics

and functionality of each keyloggers. Keylogger will retrieve all user entered from the

keyboard. The application will be hidden from the user and will trigger at each power-up. All

available data will be saved in a text file whose location can be freely selected. The resulting

text file (log file) will be sent by e-mail to an e-mail address. In addition to the basic

functionality of the goal is to implement some of the more advanced features that can have a

keylogger.

Basic keylogger featuresto be implemented:

- the presence of user-Hide

- catching keystrokes

- saving data to a desired location on the disk form of the division of the text log file

- sending data mail

- Raising at each starting of computer (modification of the registry)
https://animoto.com/play/Iu0l970HASE3Dyy1jYQcFAhttps://animoto.com/play/Iu0l970HASE3Dyy1jYQcFAhttp://signum-soft.com/featureshttp://signum-soft.com/featureshttp://signum-soft.com/featureshttps://animoto.com/play/Iu0l970HASE3Dyy1jYQcFA


11/12

Further, in this practical implementation of development,it will be demonstrated some of the

additional functionality that a keylogger may have:

- hidden menu

- the possibility of detection of keywords and acting accordingly

- capturing the picture of the current situation on the scren, screenshots and send it by email

- current show captured text on the screen for the purpose of eventual optical surveillance

- detection of presence of users

- unobtrusive installation


12/12

6. CONCLUSION

In this text it is shown and explaind, the problems of invasion of privacy and security of users

of computer systems. Both theoretically and practically is presented an attack of keyloggers,

malicious software that secretly monitors the user'sinput of characters. With a description ofthe types of keyloggers is described a the very principle of their work, as well as the basic

software mechanism that allows Windows Hooks their main function - monitoring character

input from the keyboard.

The problem of keylogging is not negligible, the more forward with only a basic knowledge

of programming can make a keylogger that is able to compromise a user's privacy and

security and lead to undesirable consequences, the loss of money from your bank account. In

the practical part of this work is provided a method of making a keylogger applications that

are implemented within the core functionality and methods of attack.

Since more and more people rely on computers in everyday life it is necessary to be aware of

the existence of such malicious software that can make a tangible and emotional damage, and

it is advisable to take some of the protective measures presented in this graduate work.

signum soft keylogger

Documents