Summary Keyloggers, phishing, pharming, sniffering are serious security
issues in the internet. Both businesses and consumers can physically lose
confidential information and money. Current anti-virus, anti-spyware mechanisms
use file signature scanning that do not provide enough protection to the user from
these threats. Additionally, the pure software solution is not the final for
the limitation of PC hardware. We introduce a final solution that does reduce
the keylogger threat and both for the information leakage currently as well as
future. Introduction PC users usually care about computer
virus and spyware that crashes their PCs and tracks their activities online.
Indeed, it a very insidious threats in the internet. A powerful spyware can be
created in ten minutes without programming skill as the video in YouTube. The
spyware can log keystrokes (including usernames, passwords id number and credit
card numbers, etc.) and send the information to owner. This type of malice
software is called keylogger.
A keylogger is a type of monitoring
software that records every keystroke you type. It can record any information
you type by your keyboard. The recorded data is usually stored in the log file
created by the keylogger, then be sent to some where the criminal specified.
How Keylogger
Impacts Your Business? This danger was highlighted for “Keyloggers Foiled In Attempted $423 Million Bank Heist” in
2005 when a keylogger infected the PC inside Sumitomo Mitsui Banking
Corporation in London (reference 1). In 2008, “Swedish
Police Warn of Tampered Credit Card Terminals” (reference 2). A
keylogger was installed in POS(Point Of Sale) of ToysRUs store. “In that case,
at least 500 to 600 cards were compromised.” Keylogger is a serious security
issue that can be seriously harmed to both businesses and consumers. By logging
the keystrokes data, hackers can login your private financial system such as
bank accounts, credit card numbers, social security numbers, etc. All you could
do on the internet, hackers will do it for you. And you will not aware about it
until you found something wrong in your accounts. Maybe you can show up the
statement to prove it’s is not your business deal, but you have to take days,
weeks, even months to surface authorities in legal. Symantec issued news on
June 7th, 2010. It warmed online users to scan files and update virus database
to protect accounts and passwords.
Reference 1: Keyloggers Foiled In
Attempted $423 Million Bank Heist http://www.banktech.com/showArticle.jhtml?articleID=159902118
Reference 2: Swedish Police Warn
of Tampered Credit Card Terminals http://www.pcworld.com/article/155525/.html?tk=rss_news
Reference 3: 自由電子報 使用公共電腦 提防鍵盤被側錄 (in Chinese)
http://www.libertytimes.com.tw/2010/new/jun/7/today-e15-2.htm
How Keylogger
Infects Your Computer? There are several
techniques to insert a keylogger in your computer. Most of the cases, the
keylogger is insert to your computer by computer virus or spyware. The virus or
spyware may exist in email, web pages, instant messenger software. For instant,
we receive spam email every day. The spam may contain script or a website link.
At the moment you click to open the email or link to the website, you get
infected by the virus or spyware.
How Keylogger
Steal Your Data? There are three types of keyloggers:
Hardware keylogger:It’s a
adapter looks like our adapt cable to connect to host PC. Instead of
encryption, the hardware keylogger log every keystrokes of users and save it in
the inside flash memory. The hardware keylogger is usually used as data crisis
conditions for professional writers and journalists. The user needs to use
another tools to get the log keystrokes data.Software Message Keylogger:It
is the most common keylogger. A keylogger can be generated in 10 minutes
without requiring of programming skills, but only a keylogger generator.
Kernel Mode Keylogger:The keylogger is existed in OS kernel level driver. It is harder
to be generated and protected. There are several levels in kernel mode drivers.
In each level, the hackers can get information in different format.
Why Anti-virus /
Anti-spyware Tools Don’t Work? All anti-keylogger
tools are based on file signature scanning. The database of the tools contains
known signatures of malice software, the database have to be continuously
updated. The major problem by this way is the latest malice software is
undetectable. Furthermore, the criminals are easily to develop a new version of
malice software in minutes. Additionally, there are some virus can dynamically
change its’ own file signature. Therefore, anti-virus tools are unable to fight
with keyloggers effectively. Most of the cases of infections are caused by not
updating virus/spyware database or before the new virus/spyware is detectable
by anti-virus / anti-spyware tools, there is a period of time gap from several
weeks to months.
How Anti-keylogger
Security Solution Protects Your Keystrokes Data? Anti-keylogger uses proactive approach to protect keyboard data
from been stolen by spyware.
Anti-keylogger hardware mode encrypts the keyboard data in
hardware chip, and decrypt it in the text box (the keystrokes data destination
area) of application, so as that the keylogger can’t catch the real keyboard
data in toppest layer.
Anti-keylogger software mode encrypts
the keyboard data in lowest layer of OS kernel mode driver. No other software can get the real keystrokes
data from keyboard. The existed spyware can’t steal Anti-keylogger software
mode encrypted data.
About Keyboard Anti-keylogger
Security Solution: This is the first anti-keylogger solution by hardware and software
combination. It’s also the only proactive solution for anti-sniffer,
anti-phishing and anti-pharming for securing the user data input in cloud
computing.
Anti-keylogger architecture is a
secured user data input system by encrypting keystrokes data in keyboard
hardware, and decrypting the keys data in application software or destination
server. By this way, Anti-keylogger can resistant spywares, sniffer, phishing,
pharming in nature. Even if there are spywares running in the PC, the spywares
can’t get the real keystrokes data unless they group up a hackers’ team
concentrating at programming a top layer software as same level as ours to try
to imitate our route, but in that case, that’s very hard to be hidden in user’s PC as the
operation speed will be dragged down even crashed down from must be a very big
spyware programing.