Software // Information Management
Commentary
6/11/2009
09:37 AM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

More Tales From The Crypt

Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........

Sometimes you just have to accept defeat. Such was the case for a friend of mine who recently spent a great deal of time pondering how a corporate rival always seemed to be a step ahead, knowing things he shouldn't have known and one-upping him at almost every turn. This friend asked me to drop by and scan his PC, and guess what I found........A KEYLOGGER!

I know what you're thinking, why didn't a simple virus or spyware scan detect the keylogger? Before answering that question, it helps to understand why some keyloggers are so difficult to detect. Some software based keyloggers are easy to discover. Someone with some Win32 skill could easily tap into several functions exposed in various Windows API's to record keystoke events. Problem here is that you typically need to poll each key at a relatively fast frequency for this technique to work. Multiply an aggresive polling interval by all of the keys on a typical 101 button keyboard, and you're going to see a noticable CPU hit, which is probably enough to tip off the victim pretty quickly.

Other spyware based keyloggers do the job a tad more intelligently by hooking into the OS and subscribing to keyboard events more passively, but other keyloggers, such as the infamous WebWatcher keylogger, run at the kernel level. WebWatcher is particularly nefarious because its hides its payload so well. No detectable registry keys, running processes or services. Some spyware tools pick up on WebWatcher, but they might call it something else and definitely won't be able to remove it (if you know of one that does please let me know which one).

In the case of my friend, the keylogger wasn't software based at all, it was actually an inline hardware keylogger dongol, and I found it accident while popping a thumb drive into the back of his PC. There's no defense to my knowledge from a hardware keylogger, a favorite tool among law enforcement and a great tool for forensics. You can buy them anywhere online, just google "hardware keylogger". The indexing and searching capabilities built into some of these buggers are impressive to say the least, and with storage support ranging from several MB to several GB's, theses devices can compile a ton of data that can be discovered and used against you pretty quickly.

The moral of the story....if your enemy plants one of these suckers on you, you're toast. Say sayanora (goodbye), arrivaderci (goodbye), adios (you know).

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - September 2, 2014
Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In in-depth look at InformationWeek's top stories for the preceding week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.