What are risks of getting a keylogger?

Are unintended keyloggers common or pretty rare?

I can find no information on the chances of getting them, but my guess is they are pretty low chances?

If one never downloads unknown files, only from trusted sources like Microsoft, Nvidia, game companies, etc., uses adblockers, site reputation filters, and good AV, does not use client side mail readers, only established online ones, etc., is the only person to use his computer, never uses other people's USB/Disk etc. media on hsi computer, what are chances of getting a key logger?

Also, are they fairly large programs, versus simple script, so you would have to download something that contained one because they would be too large to be delivered via a simple drive-by web page sticking one on your computer?

 

No, they are not large at all. I used to have a good collection for testing but they all accidentally got deleted. I have never come across one that I did not seek out deliberately. I am sure it is possible to pick one up unintentionally but you would most likely get one from someone planting it on your machine.

 

Thanks.


So it seems yes it is possible to get infected with one no matter what but it is very rare and low risk (unless of course you are downloading questionable pirated software etc.)?

 

I would agree with that. Possible but not likely for the cautious user.

 

Big problem is differentiating between good and bad keyloggers.
I dont agree with the whole concept at all of using keylogging software to "spy" on people.

 

Agreed. That is why I did the testing on them that I did. I wanted to make sure that I wasn't being spied on, since it had been considered a possibility on our work machines at the time.

 

There is no moral difference between a hacker using these and an employer using them to spy on his employees.

 

Maybe so, but one key difference being, whereas the hacker's activity is illegal, the employer has the right, and one presumes the legal recourse to use them.

 

Incorrect.
That is pure semantics.

Im speaking of the moral and ethic behind it.
As for saying the employer has the right to spy on his employees,well that is corrupt hogwash.

It doesnt say much for the company has a whole.

 

I am not condoning the practice of employers spying on their employees, and I suspect there are probably more companies doing it than those that don't. But I am also aware that employers have the right to set what rules and policies they enact in their respective work place(s) What company operating today does not have a legal department, or at the very least access to legal counsel? Whatever policies they put in place cannot violate laws. I don't know about your country, but I have yet to hear of anyone suing an employer here (successfully) for monitoring its employees, electronically or otherwise!

 

True, and I understand the point you are trying to make, but what is legal is not always right, and if we silently let something continue because it is legal then we deserve it.

 

That is very true what you say about legal not always being right. Bear in mind, however, here in the US the corporation has more rights than the individual. We see it every day by watching government's actions and policies.

 

I believe the correct way to say this is that the corporation has the same rights as an individual. It most certainly has more resources and corresponding influence than the individual.

 

Boom! In a nutshell.

 

It depends on the OS. With the introduction of "patchguard" on Win 7 x64, it's much more difficult for a keylogger to get installed. So difficult that many mainstream x64 antimalware software do not have antilogger protection.

Today most keyloggers are installed under the control of financially motivated malware. This software's whole purpose is to remain as sleath as possible to avoid detection and rob you as blind as possble. It can even detect virtual keyboard input in "man in the middle" scenarios.

I also agree with the statements of "antilogger" software on the market. I have become very leery of it of late.

One of the best statements I have heard about keyloggers is "bend down and look under your desk and see what is attached to your phone/cable/etc. connection."

 

Yeah chances are pretty low but don't forget about hardware keyloggers.
In that case other people don't have to use your computer - it's enough to install it if they are close enough your PC

 

As I understand the process, they are usually installed in the second pass download of the malware. The first pass will install crap to disable your antimalware software and/or firewall or cripple it and then initiate the control software to initiate the second pass malware download. The final stage is to reset everything to make it appear your PC is fully protected. Remember this sucker's goal is to remain as stealth as possible. The exact opposite of rogues who operate through overt extortion by hijacking your PC.

Actually any antimalware software that prevents it's realtime protection from tampering is a good alternative. NIS comes to mind. Try to disable or tamper with ccsvchst.exe. Good luck on that one. On the other hand, the best way to disable realtime protection is to prevent it from starting at boot time i.e. rootkit.

 

BTW - you can usually spot most commercial software keyloggers; the type many business use. You should see a lag in the keystrokes as entered. I believe that can be adjusted through a sensitivity setting but most business leave the lag as a warning that your being monitored.

 

That's not accurate - PatchGuard prevents the modification of kernel structures but keyloggers can exist at any level in the stack. The highest level keyloggers still receive the same keystrokes as the lowest, and they work fine on Win8 x64.

That being said, most malware is moving away from using conventional keyloggers and instead looking to steal data in a more optimal way to avoid the hackers from having to pour through your chat conversations to find your passwords.

 

Here are two articles from a Kapersky researcher that will tell you everything you would ever want to know about keyloggers. Part 1 is the overview. Part 2 gets into the real details and I mean the nitty gritty.

http://www.securelist.com/en/analysis?pubid=204791931

http://www.securelist.com/en/analysis/204792178/Keyloggers_Implementing_keyloggers_in_Windows_Part_Two

 

I would think it would be extremely difficult to detect a hardware keylogger. I can't find any links immediately but I remember reading a while back about being able to pick up the electrical interference from your wired keyboard up to a certain distance without having to connect or install anything to your PC. I'll see if I can find anything about it later. Don't have time now...

 

Here is another article that covers all the bases, is fairly brief, and not too technical: http://www.symantec.com/connect/articles/introduction-spyware-keyloggers#comments-begin