A Keylogger is a type of surveillance software that can record every keystroke made to a log file that can be viewed later. Keyloggers can record instant messages, emails, login information, and any other sensitive data a user types in. Keyloggers can be used legitimately in many ways, such as in law enforcement when trying to catch a criminal, companies monitoring employees' computer usage, and parents keeping tabs on their childrens' online activities. However, when used maliciously, a keylogger can be a very dangerous malware program.

There are two main categories of software keyloggers; kernel-based and hook-based.  A kernel-based keylogger is the most difficult to contend with as it resides in the kernel level (or brain) of a computer system, making it almost invisible. These types of keyloggers can subvert the computer's operating system and gain unauthorized access to the hardware. The kernel-base method can be used to have a keylogger act a s a keyboard driver, thus gaining access to any information typed on the keyboard. Hook-based keyloggers hook the keyboard with functions provided by the operating system, recording any key that is pressed. 

While software keyloggers are widely used and the most popular form for public use, there are also hardware keyloggers. There are two types of hardware keyloggers: devices which are attached to a keyboard cable and devices that can be installed inside standard keyboards. The inline device that installs into a keyboard is the most difficult to install, but also the most difficult to detect. It requires some soldering skills and extended access to the target keyboard to make the modification, but once in place it is virtually undetectable.

When used for malevolent purposes, a keylogger can obtain a user's email addresses, IM usernames, passwords, bank account information, credit card numbers, and any other sensitive information that a user may enter into a computer. They can also be used in a large corporate scheme to gain company secrets and secure data. When combined with other malware, a keylogger  can disable a firewall and setup an ftp server where it will upload the keylogs to a remote server where the attacker can retrieve the information. The compromised information can then be used by the attacker to illegally make money, steal identities, hack accounts, and even gain unauthorized access to accounts, networks, or resources.

Malicious software keyloggers can be installed in many ways, such as fake emails that contain a link to download the program, email attachments, piggyback downloads, third-party bundles, or installed by other malware. Even though writing a software application for keylogging can be tedious, it is not difficult to install a keylogger without getting caught. Once installed, a keylogger can download and upload data without a trace. Though an attacker can risk being caught or exposed by manually connecting to a host machine or having the keylogger send the data to a fixed email address.

To try and catch or prevent malware, it is suggested that users monitor the programs running on their machines on a frequent basis. Enabling a firewall will not stop keyloggers, but it can sometimes hinder the transmission of the logged material to a remote destination. Antispyware and Antivirus programs can detect and remove many keyloggers.  It is always suggested that a user scan their system with antivirus and antispyware programs, such as StopSign, on a regular basis. Network monitors, or reverse-firewalls, can be used to alert a user whenever an application attempts to connect to a network.  This gives the user a chance to prevent a keylogger from transferring the information to its destination.

Most keylogging programs assume that a user is using the standard QWERTY keyboard layout, by using an alternate layout such as DVORAK a sophisticated user can make it so that the captured keystroke information is gibberish. On-screen keyboards, such as program-to-program or web based keyboards, allow a user to “type” without pressing any keys on their keyboard. A user can also try and fool keyloggers by alternating between typing in the login credentials and typing extra characters somewhere else in the window.

Like most malware, there is no easy way to prevent keylogging. The best way to protect yourself from malware attacks is to use safe surfing habits. Don't open unexpected email or IM attachments and links.  Keep an eye on your system for any changes that may have taken place that were not intentional. It is also suggested that you keep an updated antivirus and antispyware program, such as StopSign,on your computer at all times and scan for infections on a regular basis.