RE: Hackers please help

From: Reason (reason@exratio.com)
Date: Fri Feb 21 2003 - 23:39:29 MST

  • Next message: Lee Corbin: "RE: Inability to see the enemy"

    This is pretty much a common sense answer:

    1) Buy an external hard drive or some other form of storage

    2) Drop all the documents and files (NOT applications, this would be mail,
    writing, etc) you want to keep onto it.

    3) Wipe your original PC drive; reinstall windows from scratch and format.
    (If in doubt, this is always the correct response, as well as the only way
    for a non-expert to be sure they have killed off any bad stuff).

    4) Install a firewall like Tiny Personal Firewall that requires you to clear
    and set rules for outgoing traffic by executable; this is an excellent,
    manageable defense against trojans of all sorts.

    5) Change your external passwords again.

    6) In future, keep a small stable of username-password pairs rather than one
    single one.

    Reason
    http://www.exratio.com

    > -----Original Message-----
    > From: owner-extropians@extropy.org
    > [mailto:owner-extropians@extropy.org]On Behalf Of gts
    > Sent: Friday, February 21, 2003 6:40 PM
    > To: extropians@extropy.org
    > Cc: Warren Horowitz (Warren)
    > Subject: Hackers please help
    >
    >
    > Normally I use this extropian forum to debate and pontificate about
    > those technological subjects about which I feel I have some expertise.
    > Suddenly however I find myself feeling helpless and ignorant about an
    > important subject: computer keylogging and surveillance software. I'm
    > hoping some of the expert hackers here can offer some advice to help me
    > with a rather upsetting situation.
    >
    > It appears that my personal home PC has been hacked. Someone unbeknownst
    > to me has discovered the password and email address that I once used to
    > logon to a particular website. This person then impersonated me on the
    > relevant site and used the resulting record of my activity in an effort
    > to disrupt my personal life in a very destructive way. I have no
    > evidence so far that this person is not also seeking to disrupt my
    > financial or professional life. I use pretty much the same email and
    > password for everything, though I have already rushed to change the most
    > critical passwords in the wake of this incident.
    >
    > My PC is generally not physically accessible to anyone other than
    > myself. My first guess therefore is that my security was compromised by
    > some kind of remote installation stealth keylogging software capable of
    > gathering my password information and transmitting back to the sender
    > over the internet. It's my understanding that it is possible to install
    > keylogging and screenshot copying software remotely via email
    > attachments, attachments which would then, if executed, start sending
    > data secretly to the original sender via unseen email. Normally I am
    > careful to refrain from opening email attachments from strangers, (I
    > know enough to protect myself against common email worms and viruses),
    > but in this case there is every reason to believe that the culprit was
    > no stranger. The primary suspect in my mind is one of a handful spiteful
    > and potentially treacherous ex-girlfriends who may now be trying to
    > sabotage my current relationship, and who might also possibly be
    > interested in doing financial or professional damage to my life as well.
    >
    >
    > As the saying goes, "hell hath no fury like a woman scorned." And I have
    > dated some very intelligent and computer savvy women in recent years,
    > some of whom might very well be feeling scorned. :/ (In fact the most
    > likely culprit knows of my membership here and might very well be
    > reading these very words as I write or publish them. If so then so be
    > it! She might just as well know right now that I have every intention to
    > go after her ass with a vengeance. If possible I will press legal
    > charges.)
    >
    > I am running Windows XP Home Edition. Until a couple of week ago I was
    > connected 24/7 via DSL, but in the last few weeks I have been using
    > dialup only. Normally I keep McAfee Firewall running, but I cannot say
    > with certainty that I have not manually allowed a suspect program access
    > to the internet (that imo is a serious problem with these personal
    > firewall programs... It's difficult for regular folks to know a bad
    > program from a good one unless the app name is obviously familiar).
    >
    > Today, in an effort to find stealth keylogging programs, I installed and
    > ran a trial copy of Anti-Keylogger, published by Raytown Corporation.
    > Anti-Keylogger identified these files as suspect on my XP system:
    >
    > - c:\windows\system32\wbem\repository\fs\index.btr
    > - c:\windows\system32\wbem\repository\fs\objects.map.new
    > - c:\windows\system32\wbem\repository\fs\index.map.new
    > - c:\windows\system32\wbem\repository\fs\objects.data
    >
    > Can anyone tell me if these files are in fact evidence of malicious
    > keylogging? Their location under windows/system32 leads me think they
    > are innocent.
    >
    > Also I installed and ran a trial version of SpyCop version 5.2c. This
    > trial version of the software found nothing suspicious, but according to
    > the literature the trial software does not check every file. Is this a
    > program worth purchasing? If not, what anti-computer surveillance apps
    > should I consider? Note that these applications are in a different
    > category from anti-virus software. I already run anti-virus software
    > from McAffee, along with their firewall and anti-spam software.
    >
    > In what other ways might someone gain access to my password and logon
    > information to impersonate me at a particular web site, short of having
    > physical access to my PC? Thanks in advance to anyone who can help.
    >
    > -gts
    >
    >
    >
    >



    This archive was generated by hypermail 2.1.5 : Fri Feb 21 2003 - 23:39:09 MST