A keystroke logger is a
special form of the more general man-in-the-middle attack. There are two
versions of this attack: we cover the application type here and then expand on
the concept in Chapter 7 on networks.
A man-in-the-middle attack is one in which a malicious program
interjects itself between two other programs, typically between a user's input
and an application's result. One example of a man-in-the-middle attack could be
a program that operated between your word processor and the file system, so
that each time you thought you were saving your file, the middle program
prevented that, or scrambled your text or encrypted your file. What ransom
would you be willing to pay to get back the paper on which you had been working
for the last week?