Beware! Someone might be monitoring your keystrokes
It may never occur to you but even as you type something or surf the internet to buy a gift for your loved ones or enter a password when banking online, someone could be monitoring your keystrokes and know exactly what you are doing.
This someone or something — known as a keylogger or keystroke logger or even system monitor — could be a hardware device or a small programme that monitors each keystroke a user types. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user’s keyboard and computer. A keylogger programme does not necessarily require physical access to the user’s computer. In most cases, it can be downloaded by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT) Trojan horse. Keylogger programmes are also promoted for benign purposes like allowing parents to monitor their children’s activities on the internet, but in most cases it raises privacy issues.
“The user is online and is entering his personal details on his computer and the website, that hosts the keylogging crimeware, is being remotely monitored by the hacker. This method is used to fish (rather phish) out important information like passwords, user names and bank account numbers which can then be sold. This is where dynamic passwords and constantly changing the passwords comes handy,” cautions Rajiv Chadha, vice-president, VeriSign India.
“The attacker can process the keystroke data to extract user account credentials such as those for online game accounts, online banking websites or stock-trading websites. Additional data such as information typed in email messages or other documents could also be exposed. This information can then be sold or used to launch further attacks,” concurs Shantanu Ghosh, VP, India Product Operations Symantec.
So how can a user protect himself? “Internet Security companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious programme. Users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common keyloggers. Also, keep on changing the passwords,” advises Abhinav Karnwal, product marketing manager, APEC Trend Micro.