Illicit Keyloggers

Recently, several machines in the College of Natural Sciences have been found to be infected with a variant of Elite Keylogger. 

Keyloggers can be hardware or software, and are designed to capture all keystrokes a user makes on a machine.

This variant of Elite Keylogger is illicit software that sends logs of captured keystrokes to machines on the Internet, where these logs are parsed.

The people responsible for deploying the keylogger are usually looking for keystrokes that are username/password combinations that will gain them access either to information or to accounts like bank accounts that they can then plunder.  They are also looking for credit card information used with on-line shopping sites.

If your machine is infected with a keylogger, and you have logged into other accounts on the infected machine, you should assume that all those accounts are now compromised; and that at a minimum, the passwords to all of them should be changed.  This includes the password to any password manager you might be using on that machine.  You should also be on alert for any credit card information you might have entered via keystokes on the machine.

If you know that your machine was infected with a keylogger, and you are trying to assess which accounts might have been compromised, the rule of thumb is this: if you have to enter a password via keystrokes to gain access anywhere from that machine, that password, and the info it was protecting, should be considered compromised.

Written by CNS OIT staff
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.

See also: Security