Skip to main content
Version: 1.0.2

Executing applications

  • Remotely executing malicious programs designed to steal information, crack passwords, install backdoor, and so on.
  • Next step after gaining access and elevating privileges.
  • Programs that attackers install include
    • Backdoors are designed to collect information and gain unauthorized access to the system
    • Crackers are designed to crack passwords
    • Keyloggers are designed to record keystrokes
    • Spyware are designed to capture screenshots and send them to the attacker

Keylogger

  • Software or hardware device designed to
    1. record every keystroke on the target's keyboard
    2. logs them into a file
    3. sends them to a remote location
  • Used for monitoring employee and children computer activity
  • Allow gathering confidential information including emails and passwords.
  • Two types: hardware keylogger and software keylogger

Hardware keylogger

  • Hardware keylogger
  • Look like USB drives and are designed to record keystrokes, which are stored on the device.
  • Placed between a keyboard plug and USB socket
  • Cannot be detected by anti-spyware or antivirus programs.
  • Discoverable as they have to be physically placed onto a target's machine

Hardware keylogger types

  • PC/BIOS Embedded
    • Modifying the BIOS level firmware to capture the keystrokes
  • Keylogger keyboard
    • Attaching the hardware circuit with the keyboard cable connector
  • External keylogger
    • Attaching the keylogger between a keyboard and computer.
    • E.g. PS/2 and USB Keylogger, Acoustic/CAM Keylogger, Bluetooth Keylogger, and Wi-Fi Keylogger.

Software keylogger

  • Installed on the target's machine
  • Recorded keystrokes are
    • logged into a log file on the target's machine
    • then sent to the attacker using email protocols

Software keylogger types

  • Application keylogger
    • Designed to observe the target's activity whenever type something.
    • It can record emails, passwords, messages, browsing activities, and so on.
  • Kernel keylogger
    • Designed to exist on a kernel level and act as a keyboard device driver
    • Allows it to record everything that is typed on the keyboard
  • Rootkit keylogger
    • Forged Windows device driver which records keystrokes
  • Device driver keylogger
    • Designed to replace the driver that has the keylogging functionality
    • Logs the keystrokes, and send the file to a remote location
  • Hypervisor-based keylogger
    • Designed to work within a malware hypervisor that is operating on the OS
  • Form grabbing based keylogger
    • Designed to record web browsing when the Submit event is triggered

Spyware

  • Stealthy program designed to
    • record the target's interaction with the computer and Internet
    • send the recorded data to the attacker
  • Able to take and send screenshots.
  • Hidden when installed.

Spyware types

  • Desktop spyware
  • Email spyware
  • Internet spyware
  • Child-monitoring spyware
  • Screen-capturing spyware
  • USB spyware
  • Audio and video spyware
  • Print spyware
  • Telephone spyware
  • GPS spyware