The 'central core' of most operating systems, the kernel is the component directly responsible for communications between the software and hardware components of a computer.
The kernel's main task is efficiently managing the computer's physical resources (CPU, RAM, etc) so that a user can execute an application (a document editor, a game, etc).
Kernels & Malware
Rootkits pose the greatest danger to kernels, as certain types of rootkits specifically target and manipulate the kernel in order to hide their presence or actions. These are known as kernel-level rootkits.
Kernel-level rootkits typically function by exploiting vulnerabilities found in the kernel. Given the critical importance of the kernel, most security experts will strongly recommend users to keep their computer system updated with the latest patches from their operating system vendors.
A program or hardware component that surreptitiously monitors and stores all the strokes typed into a keyboard. Some keylogger programs will also forward the stored information to an external server for easier retrieval by the attacker.
Keyloggers are typically used by malicious attackers to steal vital information such as personal details, credit card details, online account login credentials and so on. The stolen information can then be used to perpetrate such crimes as identity theft, online fraud, monetary theft and so on.
Types of Keyloggers
There are two types of keylogger programs - software and hardware.
Keylogger programs may be dropped on a system by other malware, or may be manually installed by the attacker. On the other hand, keylogger hardware must be manually installed, which requires the attacker to have physical access to the target machine.
Keylogger programs will often allow an attacker to remotely retrieve the stored information, reducing the amount of risk involved; data stored on keylogger hardware must usually be physically retrieved in order to access the information saved on the device.
Nowadays, keylogging functionality can be found in so many trojans that a distinct sub-type has been developed to distinguish them - Trojan-Spy.
Like most trojans however, a Trojan-Spy can usually only be installed on a victim's computer through various social engineering-based attacks, or an exploit of a vulnerability present on the computer system.
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.