Key Logger Software

This is the most harmful and hardest to keep out.


Keyloggers are on the rise and they are no match for even the most security-conscious organizations. Just look at some of the names done in by a tiny chunk of code in the last 12 months: RSA, Lockheed Martin, Epsilon, Oakridge Nuclear Weapons Lab, Sony, Iranian Nuclear Program and Linked-In to name just a few. Keyloggers have been around for a long time, but today they may be the most dangerous threat an enterprise faces.

What is a Keylogger?

A keylogger is a piece of malicious software, usually called “spyware” or “malware,” that records every keystroke you make on a keyboard. Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail, install a program, or perform other activities. Once installed, the keylogger records all your keystrokes, and then e-mails the information and other data to the computer hacker.

How Keyloggers are Constructed The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor. This can be achieved using video surveillance: a hardware bug in the keyboard, wiring or the computer itself; intercepting input/output; substituting the keyboard driver; using a filter driver in the keyboard stack; intercepting kernel functions by any means possible (substituting addresses in system tables, splicing function code, etc.); intercepting DLL functions in user mode, and requesting information from the keyboard using standard documented methods.


Keyloggers can be divided into two categories: keylogging devices and keylogging software. Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes.

The most common methods used to construct keylogging software are:

  • A system hook that intercepts notification that a key has been pressed (installed using WinAPI SetWindowsHook for messages sent by the window procedure). This hook is most often written in C.
  • A cyclical information keyboard request from the keyboard (using WinAPI Get(Async)KeyState or GetKeyboardState. This software is most often written in Visual Basic, sometimes in Borland Delphi.
  • Using a filter driver. This requires specialized knowledge and is typically written in C.

Recently, keyloggers that disguise their files to keep them from being found manually or by an antivirus program have become more numerous. These stealth techniques are called rootkit technologies. There are two main rootkit technologies used by keyloggers: masking in user mode and masking in kernel mode.

Active Network Service Monitors real-time reports of new ways in which this malware can be introduced into your system. once alerted we go into action to ensure you are protected.