Trojan
Young and Yung devised several methods for solving this problem and presented them in their 1997 IEEE Security & Privacy paper (their paper from '96 touches on it as well).[citation needed] They presented a deniable password snatching attack in which the keystroke logging trojan is installed using a virus or worm. An attacker who is caught with the virus or worm can claim to be a victim. The cryptotrojan asymmetrically encrypts the pilfered login/password pairs using the public key of the trojan author and covertly broadcasts the resulting ciphertext. They mentioned that the ciphertext can be steganographically encoded and posted to a public bulletin board such as Usenet.[citation needed]
Cipher text
Young and Yung also mentioned having the crypto trojan unconditionally write the asymmetric ciphertexts to the last few unused sectors of every writable disk that is inserted into the machine.[citation needed] The sectors remain marked as unused. This can be done using a USB token. So, the trojan author may be one of dozens or even thousands of people who are given the stolen information. Only the trojan author can decrypt the ciphertext because only the author knows the needed private decryption key. This attack is from the field known as cryptovirology.
Use by police
In 2000, the FBI used a keystroke logger to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Also in 2000, the FBI lured two suspected Russian cyber criminals to the US in an elaborate ruse, and captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects' computers in Russia in order to obtain evidence to prosecute them.
Countermeasures
The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screenloggers - but not all - and an anti-spyware application that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers.
Also, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.
An anti keylogger is a piece of software specifically designed to detect keyloggers on your computer, typically comparing all files in your computer against a database of keyloggers looking for similarities which might signal the presence of a hidden keylogger. As anti keyloggers have been designed specifically to detect keyloggers, they have the potential to be more effective than conventional anti virus software; some anti virus software do not consider certain keyloggers a virus, as under some circumstances a keylogger can be considered a legitimate piece of software.[citation needed]
