Malware | Trojans & Keyloggers | ICSS Student |Gopal Roy
Category : Blog
Malware means malicious software.in fact, it has been a problem for ages.it is basically a program designed to infect a computer without the owner’s knowledge.
Type of Malware
Malware exists in Manu forms. Some common types of malware that one needs to keep track of are:
- Trojan Horse-Trojan virus or Trojan horse is a common type of malware.it is mostly used to control the victimized computer rather than infect or destroy files on it.A Trojan, horse once installed into the victim’s system, can give the hacker complete access to the victim’s computer Trojan are of the most dangerous forms of malware.
2. Computer Virus-A computer virus is a malicious program, which is mostly developed to infect a computer once it infects a computer, it replicates itself, A virus needs another host on which it can get attached in order to infect a computer.
3. Worms- Worms are almost similar to computer viruses. The only difference is that a computer virus does not require another host to attach to in order to infect a computer. Once a worm infects a computer.it replicates itself. Computer worms are major threats to large networks.
4. Keyloggers- It is a hardware or software device, which monitors every keystroke, screenshots,chats,etc ,typed on a computer . A key logger program does not require physical access to the user’s computer. Any person whit basic knowledge of computer can use a key logger.
5. Adware- Adware stands for Advertisement-supported Software. Adware is commonly designed to display Advertisement on a computer .However, some adware may contain harmful viruses and spying programs, which can harm the computer system.
After understanding malwares, their types and their function, learn about keyloggers in detail.
Keyloggers are of two Types:
- Hardware Keyogger
- Software Keyogger
Hardware keylogger IS USED FOR keyloggers loggers. A hardware keylogger is plugged between the keyoggers plug and the USB or PS/2 port socket, and it works with PS/2 keylogger and USB Keyboards looks similar to a normal USB drive or any other computer peripheral. Due to this, the victims can never about that is a keyogger. Hardware keyogger has inbuilt memory. Which stores the typed keylogger.
2. ps/2 keylogger
3. Usb keylogger
Keygrabber – Best Hardware Keylogger
Keygrabber is one of the best and most popular hardware keyloggers across the globe. The is primarily because of its large storage capacity. Keygrabber keystroke recorder comes in a standard version-4MB memory capacity, 2,000,000 keystrokes(over 1,000 pages of text), and a Venom version 2 billion keystrokes (over 1 million pages of text), organized into an advance flash FAT file system. It is compatible with all the three operating systems,i.e., windows, Linux and Mac OS.
Features of hardware keylogger:
*Observer www.e-mail and chat usage by children and employees
*Monitors employee productivity
*Protects children from online hazards and predators
*saves a copy of the typed text
*Records all keystrokes-even Facebook Password
*Huge memory capacity, organized as an advance flash FAT system
The hardware keylogger is useful only if you have physical access to the victim’s computer However, if you don’t and if by any chance the victim notices it and knows about your intention, It is only then that the software keylogger come into the picture.
Software keylogger can also be classified into two types:
Local keylogger: They are used to monitor local computer(even your own PC).They are easy to install and are completely undetectable.However,once installed in the computer, they become
Really difficulty to find them. This is because the keylogger hide themselves from the Task manager. Windows registry,etc.
Whenever you want to see logs, screenshot,etc,press a short key (example,ship+ctrl+f10)
There are hundreds of keyloggers available nowadays.However,some of them are user-friendly and actually capable of hiding themselves once they are installed.
Some popular local keyloggers are:
- Spy Agent
- Refog Keylogger
Spy Agent is an award-winning software, which is used to monitor both local and remote computers. It invisible monitors all computer usage and internet activities.spyAgent’s logging capabilities are unmatched. Spy agent can log anything from what the users type, to the files they print and programs they run-all time stamped by date for easy viewing .ALL logs are easily saved and exported for later use.spyagent can be confifured to log all users on you computer with ease.spyagent monitors and log both sides of all chat conversations made on chat clients (supported clients include the latest versions of AOL,AOL instant Messnger,MSN Messenger,ICQ pro and ICQ Lite).
Spy Agent keylogger:
Features of spy agent keylogger
*E-mail sent and received
*File/documents accessed and printed
Refog is extremely powerful and has very low antivirus detection rete. It is one of the leading remote passwords hacking software combined whit Remote Install and Remote Viewing features. Once installed on the remote PC (s),the user only needs to login to his/her personal Refog account to view activity logs of the remote PC.This means that the user can view logs of the remote PC from any where in the would, as long as he/she has Internet access.
Features of Refog Keylogger are as follows:
- Keystroke recording: Once installed and running. Refog registers all keys pressed by the user, thus action as a keylogger. This function captures all data that has been entered using the keyboard, including chats, username,password,e-mail, search queries and other content. In addition to key logging, refuge is also enabled to log clipboard text.
- Web History Logging: Even If users delete their prowler history, the information is retained in refog’s log database, and is always available via the reports function. All relevant information can be collected including URLs visited page titles, etc.
- Application monitoring: since Refog can record all programs executed on a PC, it is hence possible to establish if a child is playing game instead of doing homework, an employee is wasting time logs etc sitting in any part of the world.
You can find tons of Remote keyloggers on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rete.one keylogger worth the price is win spy.
Remote keylogger are used for the purpose of monitoring a remote pc, once a remote keylogger is installed on your computer the attacker can get your keystrokes, your webcam shots, chat logs etc sitting in any part of the world.
You can find tons of Remote keylogger on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rate. One keylogger worth the price is win Spy.
WinSpy Software is a complete stealth Monitoring software that both monitor your Local PC and remote PC.It includes remote install and real-time remote PC viewer. Win spy software will capture anything the user sees or type the keyboard.
*Remote Screen Capture
*Remote PC Browser
*Notify’s User Online
*Remote Sound Listening/Recording
*Remote Camera view/Recording
*Remote File Launch
*Dualside Chat Recording
*WebAccess Remote PC
*SMS Intruder Alert
*Works behind Firewall
Rat or ‘Remote Administration Tool’s is one of the most dangerous types of malware. It is very similar to a Trojan. Once a RAT is installed in a computer, the attacker can do almost anything on the remote computer, such as installing a keylogger, shutting down the computer, infecting files, uploading & downloading files, etc If this is successful, the Trojan can operate with increased privileges, and go about installing other malicious codes. If the user has administrative access to the operating system, the Trojan can do anything that an administrator can.
A Compromise on any system on a network may have consequences for other system on the network. Particularly vulnerable are system that transmit authentication material, such as passwords, overshared networks in clear text or in a trivially encrypted from, which very common. If a system on such a network is compromised via a Trojan (or another method), the intruder may be able to record usernames and password or other sensitive information as if navigates through the network.
Some common types of RATS are:
Trojan work similar to the client-server model. Trojan come in two parts, Client and server part. The attacker deploys the Client to connect to the server, which runs on the remote machine when the remote user(unknowingly) executes the Trojan on the machine. The typical protocol user by most Trojan is the TCP?IP protocol;however,some functions of the Trojans may mark use of the UDP protocol as well.
When the server is activated on the remote computer, it will try remain in a stealth mode or simply stay hidden, This is configurable, for example, in the Back Orifice Trojan, the server can be configured to remain in stealth mode and hide its processes.Onec activated, the server starts to listen on default or configured ports for incoming connections from the attacker.it is usual for Trojan to also modify the registry and/or use some other auto-starting methods.
Most Trojan use auto-starting methods so that server are restarted every time the remote machine reboots/starts, which in turn also notifies the attacker. As these features are being countered, new auto-starting methods are evoling.The Startup method ranger from associating the Trojan whit certain common executable files such as exploere.exe to the known methods such as modifying the system files or the Windows Registry. Some of the Popular system files targeted by Trojan are Auto start Folder, Win.ini,system.ini,wininit.ini,winstart.bat,Autoexec.bat ,Config.sys
Now, after getting the clear idea about RATS (TROJANS),let us see as to how we can even use Trojan to hack into a system.
ProRat is a powerful remote administrator tool ( RAT ) based on backdoor Trojan . It opens a port on the infected system , which allows the client to perform various operations on the infected computer . ProRat cannot to users over the WANs ( Wide Area Networks ) . It can connect only over LANs ( Local Area Networks ) . However , once ProRat is installed , almost impossible to remove it without up – to date antivirus software .
The following procedure is usually followed by a hacker to take control of the victim ‘ s computer using ProRat . it also dis cusses some of the author is using functions , which can be performed with the help of this Trojan . Here the author is using the term `you ‘ to the hacker .
Most Popular Training Courses at Indian Cyber Security Solutions:
Cybersecurity services that can protect your company: