Menu
Is free
check in
the main  /  BY / What is a keyboard spy. Keylogger: What is it, the purpose of application, how to defend himself

What is a keyboard spy. Keylogger: What is it, the purpose of application, how to defend himself

The keyboard spy "MINI SPY KEYLOGGER", is a free keylogger of small size. This keylogger monitors the keyboard and the exchange buffer, and writes user actions operating system In the log file.

If suddenly you have a need to follow the children or wife / girlfriend, to find out which sites they attend, with whom they communicate and what on the Internet, then there will be an excellent solution - installing on their computers of the keyboard spy "Mini Spy Keylogger".

Keylogger "Mini Spy Keylogger" will also be useful and managers of firms to implement the Schedule as they make employees during working hours. Do not deal with your employees, third-party cases, thereby bringing you losses. And maybe your employees are at all "merge" secret information to your competitors.
By installing the miniature keylogger on computers, you will be able to follow them.

The advantages of the keyboard spy "MINI SPY KEYLOGGER":
-Axolly free keyboard spy;
- small size;
-Stabinal work on all OS Windows of the Windows family, starting with Windows 98 and to the newest;
- recording the clipboard log (copied text, login and passwords);
-Not require administrator rights;
-Ability of the instant installation;
-Automatic installation on autoload (keylogger will continue to work even after a computer reboot);
- notable in work;
- Do not devour the resources of the OS;
- Portability.

Installation recommendations.
Unpack the archive with the keylogger.
Dial in Start - Run the command:% APPDATA%

As a result, you will fall around there:
C: \\ Documents and Settings \\ Username \\ Application Data

Here you can create a separate folder for a keylogger, or put it into one of the existing, for example, in \\ Adobe \\ Adobe PDF (C: \\ Documents and Settings \\ Username \\ Application Data \\ Adobe \\ Adobe PDF).

Keylogger icon, if necessary, can change to any RESource Hacker program.
.

Name of the file mini_spy_keylogger.exe You can rename to any other, because In the future, it will be displayed in Windows Task Manager. I in the demonstration of Caylogger, called it sispdf.exe

Then run the keylogger file.
A log.txt file will immediately appear next to the keylogger file, in it in the future you will watch logs.
The keyboard spy log (log.txt file), you can open the usual notepad.

Demonstration of Keylogger:

What they wrote in a notebook, in the log it was written in this form:
(In the screenshot, it can be seen that the log is written both to the keyboard text and the exchange buffer).

The following screenshot shows how to detect this keyboard spy through the task manager:
(As the keylogger named, so there will be the name of the process in the dispatcher).

And so the keylogger is prescribed to autoload:
(It is prescribed on the autoload under the name svchost.exe, although it can be seen on the screen, the path leads to the file with our name).

In principle, you can run a keylogger anywhere, at least from the root of the disk, even from the desktop.
Keylogger will automatically determine its location and set to autoload in the place where you run it. Log, Keylogger always puts next to him.

Do not forget to periodically delete the log.txt file, so that it does not have to dig in it, in search of fresh records.

Keylogger has steadily working on all Windows platforms, starting with Windows 98 and to Windows 8 inclusive.

Program version: 1.1
License: Freeware.
The size: 7 Kb.
Software update date: October 26, 2009.
Platform: Windows 98, 2000, Windows XP, 2003, Vista, Longhorn, Windows 7, Windows 8

Various spyware There are necessary in conditions when many people have access to one computer.

Under these conditions, the user may want to find out which sites have been visited from his computer (for example, children), whether theft has happened from credit cards using saved passwords, etc. To clarify these issues and will need a keyboard spy.

Our review will allow you to make an optimal choice.

Features of choice

What is in its essence keyboard spy? This is a program that, strictly speaking, is not directly related to the keyboard.

It is installed in the computer memory and acts on the hard disk. Often, signs of its activity are not visible on the computer, if not to look for them purposefully.

Such a program indirectly interacts with the keyboard, that is, it works with a PC program that converts signals entering the processor as a result of pressing the buttons, in the text when printing.

That is, the action of such software on collecting information entered through the keyboard is directed.

Such utilities are of different types - With some, you can view the entire text type-scheduling from the keyboard, with the help of others, only the one has been dialed in the browser or in any selected application.

Some programs provide the ability to configure such indicators, others are not.

They also differ from each other according to the degree of stealth. For example, the activity of one is obvious, a label remains on the desktop, etc., such programs are suitable for controlling activities, such as children.

Traces of presence and activities of others are not noticeable at all - they act hidden and suitable for installation on someone else's computer when the fact of the installation must be hidden from a third-party user.

Given such a variety, choose the most suitable software can be quite difficult.

This material presents top best programsthat can be used for this purpose. Among them is easier to choose the appropriate.

Specifications

To simplify the software selection process in the table, placed below are the main comparative characteristics All programs included in the top.

Name License type Type of information collected Functional Design
SC-KEYLOG. Is free All Wide Simplified
WideStep Handy Keylogger. Free / Paper All Wide Improved
Actual Spy. Paid All Very wide Standard
EliteKeyLogger. Paid All Wide Standard
The Rat! Free / Paper Less than in previous Pretty wide Neesthetic
Spygo. Is free Depending on the version Depending on the version Standard design of Windows
Ardamax Keylogger 2.9 Is free From keyboard Narrowed Simplified
NS KEYLOGGER PERSONAL MONITOR 3.8 Is free All Narrowed Simplified
KGB Spy. Paid From the keyboard +. open programs Narrow Plain
Golden Keylogger 1.32. Is free From keyboard Very narrow Plain

Based on the characteristics from this table, it is easy to choose the program as appropriate as possible.

More about these utilities is also described below.

SC-KEYLOG.

This is a voluminous and functional spy program that is distributed free of charge.

In addition to tracking specifically, information entered from the keyboard is able to also collect information about the clicks of the mouse, addresses of visited sites, passwords, open windows In the browser.

Gives full information About all the actions produced on the computer. In this case, the formable file can be viewed remotely from another device.

  • Opportunity remote access to a file from another device;
  • Lack of traces of program activities on a computer with the right settings;
  • A variety of data collected - practically information about all the actions on the PC can be available.

Negative:

  • Keeps passwords only not higher than NT0;
  • Too simple menu and non-psychic design;
  • Enough uncomfortable result display format.

And what do users say who actively apply this software? "Absolute invisible for the user", "the data is regularly coming to the mail."

WideStep Handy Keylogger.

This application applies conditionally for free. The price of the full paid version is 35 dollars.

A rather interesting and functional program that costs its money if you are ready to pay them.

Distinctive trait - the ability to send recorded data by email with this frequency. The rest works fine, often, more stable other programs from this list.

  • Collection of information different types;
  • Full invisibility of the user's computer;
  • Simple interface and management.

Negative:

  • The design is better than in the previous program, but still not at the height;
  • The display format is inconvenient;
  • Paid version It is quite expensive.

Opinions of users about this software are as follows: "Comfortable, simple and functional program. Quite invisible when working. "

Actual Spy.

This is a functional and complicated paid program worth 600 rubles. However, it has a demonstration version extending free of charge.

Feature of this software - Ability to make screenshots of the screen at a specified period of time.

It helps to solve the problem of entering a graphic password / key, which recently become wide spread.

  • Many types of information collected plus the ability to screenshots from the screen at the specified period;
  • A large number of others additional features and features;
  • Writes not only actions, but also the time of their execution;
  • Encrypt formed magazine.

Negative:

  • The duration of work (information collection) in a free demo version is 40 minutes;
  • Paid distribution, albeit more or less acceptable price;
  • Quite a large weight of the program.

User reviews O. this application Such: "The program is excellent. Well done programmers! ".

EliteKeyLogger.

Paid program with a fairly high price - 69 dollars. It acts on the PC completely imperceptibly in the low-level driver mode, therefore almost completely detectable.

Interesting and convenient featureautomatic start Software originated simultaneously with the start of the system itself.

It is difficult to be detected or at all is not detected even with special anti-chilokers.

  • Fully broken action and complexity in detection;
  • Format of the type of low-level driver and automatic start when loading the system;
  • Also keeps track of not only the main, but also the service keys on the keyboard.

Negative:

  • A fairly complex system of installation of the PC program;
  • High cost of the program but in russian Internet You can find an old hacked version;
  • A rather complicated system of individual program settings, which, however, justifies itself.

What do users say about this softe? " Good program"," Does not reach Jetlogger a little. "

The Rat!

Pretty common and popular, functional utility With a paid license.

However, free use is provided free demonstration version h limited action period.

The program is very simple - Write the same any advanced user. Nevertheless, it is completely elusive for antiviruses and special programsdetecting such a software.

  • Simplicity, functionality and high stability of work;
  • Minimal file weight and place occupied by it on a computer;
  • There are many settings.

Negative:

  • Pretty unpleasant design made in black, white and red colors;
  • Functionality is somewhat already than in the programs described before;
  • Uncomfortable viewing of the magazine and generally uncomfortable interface and use.

Users talk about this program as follows: "Works stable, but rustling", "The program is good, allows you to collect data unnoticed."

Spygo.

This is a fundamentally new keyloger designed to work on windows platform and developed by the Russian programmer.

Positioned not as a hacker, but as a legal means of monitoring, because its use is completely legal.

The feature of the program is that it is easy enough to be detected and it must be considered.

But it is at the expense of this that remains relatively legal. There are several versions with more or less advanced and a variety of functionality.

  • Legacy is not spyware, but a legal means of monitoring;
  • Not included in the base of antiviruses and the developer avoids this in every possible way;
  • The ability to copy and record individual phrases by causing them by keywords.

Negative:

  • It is quite easy to detect when searching;
  • Pretty complex configuration management;
  • Not too convenient log viewing format.

User reviews about this program are: "A very good spy!", " Excellent programBut the entire report comes to email, except screenshots.

Ardamax Keylogger 2.9

A very small and very simple program in managing a program that is not noticeable in neither task manager nor some other way.

It has a standard, slightly narrowed functionality.

It is able to record information constantly or with the specified frequency.

Also, with this frequency, a recorded log on email can be sent.

  • Fully hidden work;
  • Minimum weight of the program;
  • Very simple control.

Negative:

  • Excessively simplified design;
  • A few narrowed functional compared to other programs presented in the top;
  • Uncomfortable hot keys control.

What reviews received this program From users? "A good functional program. It acts more or less hidden, "few functions, but for basic tracking is enough."

NS KEYLOGGER PERSONAL MONITOR 3.8

Easy and understandable easy-to-use lightweight program. Acts hidden, it does not appear in the taskbar or in the task manager. Apply for free.

Collects information about phrases entered from the keyboard, open web windows, documents, text entered in a letter to email, etc.

  • Ease and simplicity to use;
  • Small volume installation File and a small place occupied on the PC;
  • Fully hidden work.

Negative:

  • Sometimes it can be detected by antiviruses and anti-cellokers;
  • Has a little narrowed functionality compared to paid programs;
  • Excessively simplified design.

The keyboard spy is not some kind of weapon for hackers or a kind of tool for controlling all sorts of secret organizations, but is standard means Providing personal security that is required to almost every citizen. Especially such software is needed if several people have access to its device.

However, over time, the demand for such utilities has increased so much that a variety of companies began to develop them, and not every keyboard spy is suitable in certain situations. It is for this reason that it is best to decide in advance what features and benefits each individual program has.

SC-KEYLOG.

This is a keyboard spy that completely writes all the keystroke, while carefully encrypts the data recorded by it. Among other things, it is worth considering that the program provides for the possibility of remote location of the logs.

Like any similar programThis utility logs on texts of any types of email, as well as messages in various devices. Also, the program records all sorts of changes in text files, the data that man enters on web pages, the mouse clicks, the names of opening windows, start-up and closing various programs. It is worth noting that this software also saves user passwords and many other elements.

Functional

Enter correct settings It will be possible using Wizard, which will immediately flash before your eyes after the program is installed on the hard disk.

It is worth noting that the utility is actively detected by almost anyone antivirus programs, Therefore, you should not think about what you will get used to use it.

Ardamax Keylogger.

The scope of the program is quite standard for utilities of this class and is 392 KB. The utility itself is quite an average of itself and at the same time an easy-to-use keyboard spy. The program automatically tracks and stores constantly pressing the keys from the keyboard, in parallel specifying the time, the name of the program in which data is input, as well as the window header. It is worth noting that the software can work absolutely invisible, as it has stealth functions: files, automatic loading, task manager and many others. If necessary, the system is invisible, the system starts and is controlled by the hot keys, and the logs may simply go to a certain electronic drawer or server.

How defined?

In this case, antivirus workers are not so active, so it is quite possible to use such a program is secretive. The interface is extremely affordable and understandable. The only minus is paid and costs quite expensive.

Actual Spy.

In addition to the ability to provide you with any keyboard spy for Android and other operating systems, this utility also has a lot of additional options. The most interesting among all can be called the possibility of removing screenshots from the screen at a certain period of time, thanks to which you can detect graphic passwordAll sorts of graphic access limiters to certain online services, which used the tracking object, as well as many other interesting points.

In addition, it should be noted that the program is still different a number of other special functions, such as:

  • Recording time start and closing programs.
  • Distribution of the register of the pressed keys.
  • Tracking the contents of the clipboard.
  • Control over the work of printers.
  • Monitoring file System Computer.
  • Interception of visited sites.
  • Much.

The log files of this utility are encrypted, after which the report is formed in a sufficiently convenient HTML format or also provides for the possibility of sending to a specific electronic box, a server, a computer through local network. On viewing logs can also be installed your own password.

All in the measure

For convenience of use, a restriction on the size of text logs or screenshots is set separately, since the latter occupy much more memory compared to text file. Among other things, you can establish a limit and on the volume if you will copy too much information, only the part will be remembered.

Probably the best keyboard spy among all those offered today.

Convenience and security

First of all, it is worth noting that this program is the most voluminous among all that can be found today on the Internet, but in fact only in the description everything looks scary, in reality the keyboard spy for Android has a volume of 1.51 MB. Special attention It should be given to what the domestic manufacturers are produced, so it is not so difficult to understand how it may seem at first glance.

Antivirus workers safely ignore the fact that such a utility in the system appears, although some of them can signal that certain processes performed are suspicious.

EliteKeyLogger.

"Elite Keylogger" is a completely standard utility that realizes perfectly standard set functions. Visited sites, email messages, keystrokes, activation and shutdown time of various programs, passwords are carefully written and saved in the utility logs, after which its owner can carefully study the contents. In addition, this program carefully monitors the documents sent by the user to self-search.

This keyboard spy is famous among users by the fact that antivirus workers practically do not define the program itself nor any processes that they are implemented. It is not necessary to pre-launch this utilityIt can automatically be activated with the operating system, even starts a little earlier to determine the login and password that are entered during the process. windows downloads. Immediately it is worth noting that the program cannot be deleted if the user unknown is unknown specialized password of the admin utility. Also, it is impossible not to say that this keyboard spy in Russian, it is impossible to find it, as it is not displayed in the tray, it does not give any windows and, in principle, does nothing that might give his work.

The program determines, and also demonstrates the pressing of not only any standard keys, numbers and letters. In addition, the content of the service keys, such as SHIFT, ALT, CTRL, and the many others are tracked. It is worth noting that the utility finds all the operations in the browser in detail, that is, it records the links that the user enters into the browser tracks, at what specifically the pages are filled with all sorts of fields and forms, and also remembers headings and pressed links in browsers.

Features and security

Immediately it is worth saying that the utility is distinguished by a huge number of different nuances and features. When installing, you should pay your attention to what exactly you are installing - a hidden installation or the utility itself, because then you can suffer very long time trying to remove. The utility itself is incredible large quantity All sorts of settings, so it will have to understand in it in detail.

For example, you can configure the removal mode of the screen so that the utility automatically take pictures high Quality At certain time intervals or at certain events. This is especially comfortable featureSince it ensures high efficiency of the program in most situations. It is worth noting that you can configure the fully automatic remote screen in the same way as in the case of standard surveillance cameras, and if no action takes place, the screen saving is temporarily stopped, no duplicate will be made. Thus, you will not come across such a situation when, looking into the log, you will need to view huge number Pictures in search of what could interest you.

It is worth noting that the use of this program cannot even detect the majority of utilities that are customary to call anti-chillers, not to mention the antivirus.

Fully automatically deletes outdated files after the log exceeds a certain mark. If necessary, you can configure everything at your discretion and needs, as well as, for example, to indicate that it is possible to clean the cleaning after a full-fledged report is generated, which will be sent by e-mail. Also reports can be sent via FTP or stored in a network environment.

The Rat.

The program is written on a standard assembler, so this keyboard spy for Windows takes only 13 KB. However, despite the size, the program can automatically monitor the keys in various password windows or the console, tracks the clipboard, and also has a more huge number of other standard functions.

The utility is equipped with a specialized file buster that allows you to almost completely eliminate the possibility of detection source files By signatures. There is also own text editorwhich allows you to conveniently work with dump files, solving the problem of transcoding to Cyrillic or cleaning from all kinds of garbage.

In fact, by activating a certain version of this program on your computer, we see the application that sets the work of the utility. The result of this customizer is the executable file - a multifunctional keyboard spy (Windows 7). Passwords and other text data that enters the user is saved in the log automatically, and even after rebooting the system, the utility will continue to work. You can remove it from a computer exclusively using a specialized configurator setup, as well as hotkeys.

Does its anti-virusers detect?

The developer stated that this keyboard spy in Russian is completely invisible for antivirusers and special programs that track such "keyloggers". TO full version Most antivirus belongs are absolutely indifferent, but at the same time it is almost immediately determined free program. The keyboard spy also offers a lot of settings, but normally view the log is not as easy as it may seem at first glance.

Of course, the functionality is far behind any serious utilities. However, if you need a keyboard spy to a computer just to familiarize yourself, then this utility is suitable as it is not better.

The Cailogger program or the Vkurse keyboard program is capable of reading the keys on the phone, and then save them to a special file. With the help of another device, you will be able to follow what the person wrote, which messages sent and which passwords introduced. If you translate the name of the "keylogger" program, then it means "recording buttons".

The owner of the phone will not be able to notice our service interceptor installed on his phone, because it is completely hidden. And you, in turn, can easily get all the information you need about the user's actions in the Personal Account on the site. In order for the program to forward all messages when you install, you need to note the corresponding options. VKURSE program includes two different versions. For phones S. root access and the usual version. The differences of the options root version from ordinary are well described by one of our users.

In addition, the VKURSE keyboard spy program will help protect information on the phone. Many establish this program specifically for espionage, because it is the best, and most importantly is not expensive mobile spy.

Now you know that this kind of keyboard spies exists not only for the computer, but also for the phone based on Android.

Today information Technology develop rapid rates. And the information leakage also occurs quickly and constantly, so all new methods of confronting these leaks appear. The keyboard spy allows you to receive information in a secretive way, and all reports come to you in personal Account and can duplicate on a predetermined email.

Complete short registration, and get the opportunity to follow Android devices, read records in social networks, SMS and MMS messages.

If you look at it from a moral point of view, then you do not correctly, but there may be different situations. For example, security departments are used by keyboard spies. They monitor the commercial secrets of the Organization in no way disclose employees. In addition, with the help of our service, you can determine where the device is located if it fell in other people's hands.

The VKurse program is able to record and pass all the actions that the user performs on its phone. Do you still choose the way of surveillance?

Install and keep the course of all actions on Androyd!


Keyboard spies form a large category of malware, which is a great threat to user security. Like Rootkit, about which in the previous article, keyboard spies are not viruses, because Do not have the ability to reproduce.

Keyboard spies are a program for secretly user-based information on the key. The term "keyboard spy" has a series of synonyms: K Eyboard L Ogger, Keylogger, Cailogger; Less often meets the terms "Snuper", "Snoop", "Snooper" (from the English. Snoop - literally "man, ever-firing nose in other people's business")

As a rule, modern keyboard spies do not just write the codes of the input keys - it "binds" the keyboard input to the current window and the input element. In addition, many keyboard spies track list running applicationsCreate a "snapshots" of the screen on a specified schedule or event, spy on the contents of the clipboard and solve a number of tasks aimed at secretly tracking the user. The recordable information is stored on the disk and most modern keyboard spies can form different reports, they can transmit them by e-mail or HTTP / FTP protocol. In addition, a number of modern keyboard spies use rootkit technologies to mask traces of their presence in the system.

For the system, the keyboard spy is usually safe. However, it is extremely dangerous for the user - it allows you to intercept passwords and other confidential information entered by the user. Unfortunately, hundreds of various keloggers are known recently, and many of them are not detected by antiviruses.

Before describing the basic principles of the keyboard spy, it is necessary to consider the hardware input model. windows systems . Enough detailed description This model can be found in the book of D. Richter "Windows for professionals".

If a certain input event occurs (pressing the mouse, moves), the events are processed by the appropriate driver and is placed in the system queue of the hardware input. The system has a special stream of untreated input, calledRIT (RAW INPUT Thread), which extracts events from the system queue and converts them to messages. The received messages are placed at the end of the virtual input queue of one of the threads (the virtual stream queue is called VIQ - Virtualized Input Queue). At the same time, RIT himself finds out, in a queue of which specifically, the event must be placed. For the mouse events, the stream is determined by the search window, over which the mouse cursor is located. Keyboard events are sent only to one thread - the so-called active stream (i.e., the flow to which the window belongs to which the user works). In fact, this is not quite so-in particular, the figure shows a stream A, which does not have a queue of virtual input. In this case, it turns out that streams A and B share one queue of virtual input. This is achieved by calling the ATTachthreadInPut API, which allows one thread to connect to the queue of the virtual input of another stream.

It should be noted that the streaming stream is responsible for the processing of special combinations of keys, in particular Alt + Tab and Ctrl + Alt + Del.

Tracking keyboard input with traps

This technique is classic for keyboard spies. The essence of the method is to apply the operating system traps (hook) mechanism. Trap allows you to watch messages that are processed by other programs. Installing and removing traps is made using the well-documented Functions of the User 32.dll API (SetWindowsHookEx function allows you to install a trap, unhookwindowshookex - to remove it). When the trap is set, the type of messages for which the trap handler should be called. In particular, there are two special types of WH_Keyboards wh_mouse - to register the keyboard and mouse events, respectively. The trap can be installed for a given stream and for all flow streams. A trap for all system streams is very convenient for building a keyboard spy.

The trap event handler code must be located in the DLL. This requirement is due to the fact that the DLL with the trap handler is processed by the system to the address space of all GUI processes. An interesting feature It is that DLL projection occurs not at the time of installation of the trap, but when receiving the GUI process, the first message that satisfies the parameters of the trap.

On the supplied CD there is a demonstration "keyboard spy", built on the basis of traps. It registers the keyboard input in all GUI applications and duplicates the text entered on its window. This example can be used to test programs that oppose keyboard spies.

The technique of traps is quite simple and effective, but it has a number of shortcomings. The first disadvantage can be considered that the DLL trap is projected into the address space of all GUI processes, which can be used to detect the keyboard spy. In addition, the logging of keyboard events is possible only for GUI applications, it is easy to check with the help of a demonstration program.

Tracking the keyboard input using the keyboard survey

This technique is based on a periodic polling of the keyboard state. To survey the keys, the system provides a special GETKEYBoardState function, which returns an array of 255 bytes, in which each byte contains the state of a specific keyboard key. This method No longer requires the introduction of DLLs in the GUI processes and as a result of the spy less noticeable.

However, changing the status of the keys takes place at the time of reading by the keyboard messaging from its queue, and as a result, such a technique works only for tracking GUI applications. From this disadvantage, the GETASYNCKEYSTATE function, which returns the state of the key at the time of calling the function.

There is a demo "keyboard", built on the basis of a cyclic keyboard survey built on the attached CD, the KD 2 application.

The disadvantage of the keyboard spies of this type is the need for a periodic survey of the state of the keyboard with a sufficiently high speed, at least 10-20 surveys per second.

Tracking the keyboard input using the interception of the functions API

This technique has not been widespread, but nevertheless, it can be successfully used to build keyboard spies. The methods of interception of the API functions were considered in detail in the rootkit article. The RootKit difference and keyboard spies in this case are small - the spy will be intercepting for monitoring purposes, and not in order to modify the principles of work and call results.

The simplest way to intercept the GETMESSAGE, PEEKMESSAGE and TranslateMessage libraries of the USER 32 library, which will allow you to monitor all messages received by GUI applications.

Keyboard spy based driver

This method is even more effective than the methods described above. There are at least two options for implementing this method - writing and installing your keyboard driver instead of a regular or installation of the driver - filter. The application of the driver - filter in my opinion is the most correct technique, a good option Implementation is described on the site www. wasm. RuAnother option can be found in Windows DDK (an example is called KBFiltr).

Hardware keyboard spies

During solving problems on protection against information leakage, only various software For spying for the work of the user. However, in addition to software, hardware is possible:

  • Installing the tracking device in the keyboard cable (for example, the device can be performed in the form of an adapter PS / 2);
  • Embedding the keyboard tracking device;
  • Reading data by registering pemin (side electromagnetic emissions and tip);
  • Visual keyboard observation

Hardware keyboard spies are much less common than software. However, when checking particularly responsible computers (for example, used to commit banking operations) The possibility of hardware tracking after the keyboard input should not be forgotten.

An example of a keyboard spy

Currently, hundreds of keyboard spies, consider as an example a fairly common commercial program ACTUALSPY (http://www.actualspy.ru). This program can register the keyboard input (with registration of the header and the program name), take screenshots of the screen screenshots, register start / stop programs, follow the exchange buffer, printer generated by user files. In addition, the program has been implemented by tracking Internet connections and visited sites. ACTUALSPY selected as an example


The program has the simplest masking from detection - it is not visible in the standard Windows task list. To analyze the collected information, the program generates protocols in HTML format. The principle of operation of the ACTUALSPY program is based on a trap that registers the keyboard event.

SPYAGENT (http://www.spytech-web.com), ActMon (http://www.actmon.com), spybuddy (http://www.actmon.com), PC Activity Monitor can be performed as other examples. (http://www.keyloggers.com), KGB Spy (http://www.refog.ru/). This list can be continued for a very long time, however, in most cases, modern keyboard spies have about the same basic functionality and differ in service functions and masking quality in the system.

Methods for searching keyboard spies

  1. Search by signatures. The method does not differ from the typical methods for searching for viruses. Anarted search allows unambiguously identifying flavia spies, proper choice Signatures The probability of error is almost equal to zero. However, the signature scanner will be able to detect the objects known in advance and described in its database;
  2. Euristically algorithms. As it is obvious from the name, these are the methods of searching for a keyboard spy on its characteristic features. The heuristic search is probabilistic. As practice has shown, this method is most effective for searching for keyboard spies of the most common type - trap-based. However, such techniques give a lot of false positives. My studies have shown that there are hundreds secure softwarewho are not keyboard spies, but installing traps for tracking the keyboard input and mouse. The most common examples - Punto Switcher programs, Lingvo Dictionary, software from multimedia keyboards and mice;
  3. Monitoring API functions used by keyboard spies. This technique is based on the interception of a number of functions used by the keyboard spy - in particular, the SetWindowShooKex, UnhookWindowsHookEx, GetasyncKeyState, GetKeyboardstate. Calling these functions by any application allows you to raise the alarm on time, but the problems of numerous false triggers are similar to the method 2;
  4. Track the drivers used by the system, processes and services. This is a universal technique applied not only against keyboard spies. In the simplest case, you can apply Kaspersky Inspector or ADINF programs that track the appearance in the system of new files.

Programs for searching and removing keypad spies

  1. Any antivirus product. All antiviruses in one way or another can find keyboard spies, but the keyboard spy is not a virus and as a result of the benefit from the antivirus;
  2. Utilities that implement the mechanism of signature search and heuristic search mechanisms. An example can serve utility AVZ. , combining an anarted scanner to the detection of keypad spies based on traps;
  3. Specialized utilities and programs designed to detect keypad spies and blocking their work. Such programs are most effective for detecting and blocking keypad spies, as usually can block almost all types of keyboard spies.

Of the specialized programs, interest can represent the commercial products PrivacyKeyboard and Anti-Keylogger (http://www.bezpeka.biz/). Anti-Keylogger program interface is shown in the picture:


The Anti-Keylogger program works in the background and detects programs suspected of tracking the keyboard. If necessary, you can manually unlock the work of any of the detected programs (for example, in the figure it is clear that the MSN Messanger and the program is swapped from the Internet FlashGet on the Spy List. In order to detect keyproof spies, items are not used, detection is conducted by heuristic methods.

The testing of the program showed that it effectively counteracts keyboard spies based on the use of traps, cyclic interviewing of the keyboard driver-filter.

Another example is the program Advanced Anti Keylogger (http://www.anti-keylogger.net).


In the training mode, this program on the logic of the work is reminiscent of Firewall - when suspicious activity is detected, a warning is displayed indicating the name and description of the program. The user can select an action on a session (allow, prohibit), or create a permanent rule for the application rule. In the course of the tests Advanced Anti Keylogger confidently discovered all the main varieties of keyboard spies (based on trap, cyclic survey, driver filter). The program settings are protected by a password that is specified during installation.

Conclusion

The keyboard spy is not a virus, but, nevertheless, represents a greater threat to users, because it allows an attacker to monitor the operation of the user and can be used to abduct confidential information, including user passwords. The danger of the keyboard spy can significantly increase when it is combined with rootkit-technology, which will allow you to disguise the presence of the keyboard spy. An even more dangerous is the Trojan or Backdoor program containing a keyboard spy - its presence is significantly expanding the functions of the Trojan program and its danger to the user.