Monday, November 21, 2005

Keystroke Loggers

Another group of Trojan horses you need to know about are keystroke loggers. This type of malware is exactly what it sounds like: When a user launches a keystroke-logging Trojan horse, it installs a program that logs all the keystrokes the user makes. Periodically, the program transmits the log to a remote email address (as the Backdoor/Slydude Trojan horse did), letting the person at that email address see everything the user typed. Yes, this is an invasion of privacy, but more importantly, it gives unauthorized individuals a way to find out usernames, passwords, and credit card numbers.
An example is the Girlgif Trojan horse, which arrives in an email message with two attachments, Girl.exe and Girl.gif. The file with the .GIF extension is not really a GIF (Graphics Interchange Format) file. Instead, it’s a DLL (dynamic-link library) file that remains harmless until the user double-clicks the Girl.exe attachment.
After the executable file launches, it moves the Girl.gif DLL file into your System directory and renames the file Imnepr.dll. The Girlgif Trojan horse monitors all keystrokes, logs them in the System.dat file of the System directory, and occasionally transmits this file of logged keystrokes to a designated email account.


Post a Comment

<< Home