Saturday, September 12, 2009

Bypassing Keyloggers

Introduction


There is no need to tell what a keylogger is but for some n00bs a keylogger can be some kind of mechanism to create a log file of all the keystrokes you made. Keyloggers are of different variety some even offers tracking mouse clicks, takes screenshots periodically. Keyloggers can be software based or hardware based. Software based keyloggers can be remotely activated on a computer by a Trojan. By carefully reading the log file created by keylogger anyone can sieve out the useful information.

Hardware based keyloggers, uses a small socket in the keyboard, which is impossible to bypass. To know if a computer has a hardware keylogger or not look at the keyboard wire at the CPU port if it is connected normally than every thing is fine, but if it is connected to CPU via some other socket or hardware equipment than you must be aware that a Hardware keylogger is working on the computer.

Cybercafés and other PCs are possible threat as you don't know if a keylogger is running on it or not, you even can't find it on Add/Remove programs or in Task Manager as these programs has the ability to hide them. So you should be careful of specific and targeted attacks. Here I am listing some of the techniques/tricks that you can use to avoid being in such conditions.
  • A simple Trick
This is a simple trick which I use this most often whenever I uses computer in college or in cybercafés. This is a simple trick which is used to bypass or we can say to fool a keylogger, let takes an example that I have to enter a Password. Let say my password is SPOOLSV. If you type the password as it is than keylogger track you password so I enter my password as follows

First I enter P then O then S i.e. I get POS then I use my mouse to click before P and then type S then again use my mouse to click after P and then type O and so on, this will help you a lot.
  • On-Screen Keyboard
The simplest and the easiest method to bypass a keylogger is to use a On-Screen Keyboard (Go to Start > Programs > accessories > Accessibility > On-Screen keyboard). It is virtual keyboard that will be shown at bottom of your screen and you can use mouse to key in any sensitive information. You can use this tool to enter sensitive information like Credit card details, passwords, account name etc. Well in most of the cases it works well, but if a keylogger has mouse click tracking system than again you will be in difficulty.
  • Carry browser with you
Portable browsers like Firefox, Chrome and Opera are the browser that you can take with you on the USB to Cybercafés. A simple way to bypass the process of entering email information's and passwords etc is to select "remember me" option on a secure computer. In this case browser does not save any information on the host machine, and all the information is stored in your USB only. Also it will help save your time since you carry all your favorites and bookmarks with you.
  • Deep freeze
Ahh! You must be thinking how Deepfreeze by Faronics can be used to protect your sensitive information, but yes it is a great tool and mine favorite to use. As you already know when you use deepfreeze it saves the state of machine anything you do after installing deepfreeze are temporary after you shutdown your computer your system will again come back in the previous state. We will use deepfreeze this feature to bypass keyloggers. Whenever you access a public computer first install deepfreeze on it and freeze all hard drives and then use the system. What it will do is it will allow keylogger to log all your keystroke but as soon as you shutdown all the log information get wiped off and the system will remain as it was before. Using deepfreeze with any of the above given method will surely protect you.
  • By Software
I am not discussing how to use it but KeyPass is the best software I know to bypass any kind of keyloggers. It is also Open Source software thus trustworthy.

The above discussed ways can be used bypass software based keyloggers, as well as hardware based keyloggers. But in hardware based keyloggers it will safer if you don't use keyboard at all. In spite you can use on-screen keyboard.

Apart from this securely delete all your data from the public PC so that no trace of your activities can be traced. Don't think that [SHIFT] + [DELETE] will help, since the data is still in hard disk to delete your data securely use programs like Free Commander and Eraser.

0 comments:

Digg Facebook Technorati Delicious StumbleUpon Reddit BlinkList Furl Mixx Google Bookmark Yahoo Add to Technorati Favorites TwitThis

Post a Comment