Tracking down the data thieves

Data thieves are making increasing use of keyloggers to record keystrokes on your computer.

According to a study by the security firm Idefense, distribution of these programs increased by a huge 65 per cent last year.

They are mainly installed to gain access, unnoticed, to sensitive user data. In the current Spyware Report from Webroot for example, Perfect Keylogger ranks at number two in the top 10 of spyware tools.

Astonishingly, this program is not a dodgy hacker tool but is sold quite openly and legally at blazingtools.com (ironically, on the same page as the company’s anti-spyware package). It’s billed as a tool for you to keep track of who’s using your PC.

Finding keyloggers
If you want to track down software keyloggers, you will usually need to use specialised utilities – you often can’t find them using the built-in Windows utilities because they hide themselves so they don’t show up in the Task Manager or Explorer.

Autostart entries are also hidden from the Windows Msconfig utility. You may have more success using virus and spyware scanners, as one of our lab tests showed. This is particularly true if you are looking for protection from the malware that many keyloggers leave behind.

These can usually be detected with the help of a scanner program and up-to-date signature files. The free Spybot Search & Destroy immediately uncovered Perfect Keylogger and removed it at the next restart.

An alternative tool, Anti-Keylogger, is free and just 50KB in size, but it too found Perfect Keylogger. Tests using anti-virus programs from McAfee, Kaspersky and Antivir also uncovered Perfect Keylogger without problems.

Kernel-based keyloggers such as Elite Keylogger are in a different league, however; they exhibit no telltale process signatures because they are usually started quietly as drivers.

You’ll often find that even process and task managers such as Taskinfo 6.2 reveal no suspicious signs. In our tests, we found that Spybot and Ad-Aware – both of which have good reputations as spyware detectors – failed to alert us to Elite’s presence.

Some virus scanners also failed to find it, among them NOD32, F-Secure and Kaspersky. In short, Elite Keylogger stubbornly resisted all attempts to detect it. Anti-Keylogger, mentioned above, could not prevent Elite from continuing to collect data.

Anyone worried about the security and privacy of their computer will rightly wonder why this is. How can so many well-known and reputable security packages fail to spot such a potential threat?