Developer Tips & Hints

SPECIALTHANKS TO http://www.securelist.com  Nikolay Grebennikov (2007) This article is a continuation of the previous report on keyloggers. It offers a detailed analysis of the technical aspects and inner workings of keyloggers. As was noted in the first article, keyloggers are essentially designed to be injected between any two links in the chain whereby a signal is transmitted from a key being pressed to symbols appearing on the screen. This article provides both an overview of which links exist in this chain, and how both software and hardware keyloggers work. This article is written for technical specialists and experienced users. Other users, who are not part of this target group, should simply be aware that Windows offers a multitude of ways in which data entered via the keyboard can be harvested, although the vast majority of keyloggers only use two of these methods (see:  Designing keyloggers, the first part of the article ). It should be stressed that this article does

SPECIALTHANKS TO http://www.securelist.com  Nikolay Grebennikov (2007) In February 2005, Joe Lopez, a businessman from Florida, filed a  suit  against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account. However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003. Joe Lopez’s losses were caused by a combination of over