Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: keyloggers

From: "Brandon Enright" <bmenrigh () ucsd edu>
Date: Mon, 26 Apr 2004 11:53:34 -0700
Markus,

The "On-Screen Keyboard" sets the keyboard state for the foreground
application.  Any program monitoring the keyboard state with API calls will
see a key press whether it was generated physically or "virtually" with a
mouse click.

There are two basic types of key loggers; hardware and software.  Any decent
Anti-Virus program with scanning turned on for malicious and possibly
unwanted programs should catch a software key logger.  Unfortunately since
writing a key logger is so simple and would go undetected by AV software you
still would want to do a little poking around at the processes and services
to look for anything suspicious.

Hardware key loggers generally sit between the keyboard cable and the actual
computer.  Finding one of those should be as simple as looking.  Replace the
keyboard all together if you are feeling paranoid.  It should be noted that
the "On-Screen Keyboard" defeats hardware key loggers.

Hope this helps!

Brandon Enright


-----Original Message-----
From: Markus [mailto:markus () revti net] 
Sent: Saturday, April 24, 2004 11:56 PM
To: security-basics () securityfocus com
Subject: keyloggers


In MS windows there is "On-Screen Keyboard" or virtual keyboard. does
keyloggers also logging mouse clicks?

is there any software that can detect keyloggers? where i can find it?

thanks

Markus


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: