Keyloggers

A keylogger is a piece of software that sits on the consumer’s desktop and captures keystrokes. Operating systems include several programming interfaces to capture keystrokes even if these keystrokes are generated in the context of other programs. These mechanisms are widely used by keylogger spyware to capture sensitive information such as usernames and passwords.

Keyloggers can be installed on the consumer’s desktop through a variety of attacks. Some of these attacks exploit known operating system, browser, and mail vulnerabilities to transparently install the keylogger without the consumer’s knowledge. Another common approach to distributing keyloggers is Trojan programs. With Trojans, the consumer is lured to download and run a program that claims to perform certain functionality while in reality this program installs the keylogger instead or in addition to its published functionality.

Keyloggers usually send aggregated keystrokes to the fraudster using e-mail, web upload, FTP, or other connections. The fraudster can then use this information to sign into the consumer’s account.

Sample Attacks:

• Swedish bank hit by 'biggest ever' online heist
• Malware Writers Target Google AdWords
• Police Foil $420 Million Keylogger Scam
• Stealth keylogger used in bank heist
• New threat to online bank accounts

Rapport defeats keyloggers using both its API blocking layer and data encryption layer. Whenever the consumer communicates with the website and enters sensitive information, Rapport blocks keyloggers from using operating system API calls to read keystrokes. Keyloggers are blind to keystrokes typed into Rapport protected websites. Rapport also encrypts all keystokes from keyboard to network and prevents keyloggers from reading the real keystrokes.

Rapport provides protection against all keystroke logging methods regardless of whether the specific keylogger is known or unknown. Rapport does not try to clean the consumer’s desktop of keyloggers. Instead it turns these keyloggers blind whenever the consumer types sensitive information into a protected website. Rapport definite protection is provided even with keyloggers that already exist on the consumer’s desktop when Rapport is installed.

View Demo

Other approaches to keylogger protection are based on keylogger blacklisting and whitelisting.

One example is scanning anti-spyware software that runs on the consumer’s desktop and removes any known keylogger found on the consumer’s desktop. The problem with this approach is that it is very hard to maintain an up-to-date blacklist of all keyloggers in the wild. New keyloggers are generated every day and many of them go under the radar of these scanning tools.

Another method is to create a whitelist of all programs that are allowed to trap keyboard events and use a real-time software that monitors programs on the consumer’s desktop. The anti-spyware tool then removes programs that are not included in the whitelist but still try to read keyboard events. The problem with this approach is that there are endless programs and many of them require key trapping functionality. Trying to build a whitelist of these tools is impossible and would result in many false positives.