Version: 1.0.2Executing applications
- Remotely executing malicious programs designed to steal information, crack passwords, install backdoor, and so on.
- Next step after gaining access and elevating privileges.
- Programs that attackers install include
- Backdoors are designed to collect information and gain unauthorized access to the system
- Crackers are designed to crack passwords
- Keyloggers are designed to record keystrokes
- Spyware are designed to capture screenshots and send them to the attacker
Keylogger
- Software or hardware device designed to
- record every keystroke on the target's keyboard
- logs them into a file
- sends them to a remote location
- Used for monitoring employee and children computer activity
- Allow gathering confidential information including emails and passwords.
- Two types: hardware keylogger and software keylogger
Hardware keylogger
- Look like USB drives and are designed to record keystrokes, which are stored on the device.
- Placed between a keyboard plug and USB socket
- Cannot be detected by anti-spyware or antivirus programs.
- Discoverable as they have to be physically placed onto a target's machine
Hardware keylogger types
- PC/BIOS Embedded
- Modifying the BIOS level firmware to capture the keystrokes
- Keylogger keyboard
- Attaching the hardware circuit with the keyboard cable connector
- External keylogger
- Attaching the keylogger between a keyboard and computer.
- E.g. PS/2 and USB Keylogger, Acoustic/CAM Keylogger, Bluetooth Keylogger, and Wi-Fi Keylogger.
Software keylogger
- Installed on the target's machine
- Recorded keystrokes are
- logged into a log file on the target's machine
- then sent to the attacker using email protocols
Software keylogger types
- Application keylogger
- Designed to observe the target's activity whenever type something.
- It can record emails, passwords, messages, browsing activities, and so on.
- Kernel keylogger
- Designed to exist on a kernel level and act as a keyboard device driver
- Allows it to record everything that is typed on the keyboard
- Rootkit keylogger
- Forged Windows device driver which records keystrokes
- Device driver keylogger
- Designed to replace the driver that has the keylogging functionality
- Logs the keystrokes, and send the file to a remote location
- Hypervisor-based keylogger
- Designed to work within a malware hypervisor that is operating on the OS
- Form grabbing based keylogger
- Designed to record web browsing when the Submit event is triggered
Spyware
- Stealthy program designed to
- record the target's interaction with the computer and Internet
- send the recorded data to the attacker
- Able to take and send screenshots.
- Hidden when installed.
Spyware types
- Desktop spyware
- Email spyware
- Internet spyware
- Child-monitoring spyware
- Screen-capturing spyware
- USB spyware
- Audio and video spyware
- Print spyware
- Telephone spyware
- GPS spyware