From: Samantha Atkins (samantha@objectent.com)
Date: Sat Feb 22 2003 - 02:04:55 MST
If you tend to use the same username/password in a lot of place
then it is not particularly likely that said username/password
was obtained by key-logging or other hacks on your machine. It
is more likely that it was obtained by any site you used it on
that is a bit lax with the security of such user credentials.
Then the offender could simply try it in other places where you
have been seen on the Net.
It is not terribly difficult to keylog Windows machines. They
are a lot of tools sold commercially for doing this and Windows
does not easily lend itself to security methods against this
sort of activity. Some commercial software has actually been
detected to include a hidden keylogger.
Windows XP??? Microsoft also reserves the right to read over
your shoulder whenever it likes! :-)
- samantha
gts wrote:
> Normally I use this extropian forum to debate and pontificate about
> those technological subjects about which I feel I have some expertise.
> Suddenly however I find myself feeling helpless and ignorant about an
> important subject: computer keylogging and surveillance software. I'm
> hoping some of the expert hackers here can offer some advice to help me
> with a rather upsetting situation.
>
> It appears that my personal home PC has been hacked. Someone unbeknownst
> to me has discovered the password and email address that I once used to
> logon to a particular website. This person then impersonated me on the
> relevant site and used the resulting record of my activity in an effort
> to disrupt my personal life in a very destructive way. I have no
> evidence so far that this person is not also seeking to disrupt my
> financial or professional life. I use pretty much the same email and
> password for everything, though I have already rushed to change the most
> critical passwords in the wake of this incident.
>
> My PC is generally not physically accessible to anyone other than
> myself. My first guess therefore is that my security was compromised by
> some kind of remote installation stealth keylogging software capable of
> gathering my password information and transmitting back to the sender
> over the internet. It's my understanding that it is possible to install
> keylogging and screenshot copying software remotely via email
> attachments, attachments which would then, if executed, start sending
> data secretly to the original sender via unseen email. Normally I am
> careful to refrain from opening email attachments from strangers, (I
> know enough to protect myself against common email worms and viruses),
> but in this case there is every reason to believe that the culprit was
> no stranger. The primary suspect in my mind is one of a handful spiteful
> and potentially treacherous ex-girlfriends who may now be trying to
> sabotage my current relationship, and who might also possibly be
> interested in doing financial or professional damage to my life as well.
>
>
> As the saying goes, "hell hath no fury like a woman scorned." And I have
> dated some very intelligent and computer savvy women in recent years,
> some of whom might very well be feeling scorned. :/ (In fact the most
> likely culprit knows of my membership here and might very well be
> reading these very words as I write or publish them. If so then so be
> it! She might just as well know right now that I have every intention to
> go after her ass with a vengeance. If possible I will press legal
> charges.)
>
> I am running Windows XP Home Edition. Until a couple of week ago I was
> connected 24/7 via DSL, but in the last few weeks I have been using
> dialup only. Normally I keep McAfee Firewall running, but I cannot say
> with certainty that I have not manually allowed a suspect program access
> to the internet (that imo is a serious problem with these personal
> firewall programs... It's difficult for regular folks to know a bad
> program from a good one unless the app name is obviously familiar).
>
> Today, in an effort to find stealth keylogging programs, I installed and
> ran a trial copy of Anti-Keylogger, published by Raytown Corporation.
> Anti-Keylogger identified these files as suspect on my XP system:
>
> - c:\windows\system32\wbem\repository\fs\index.btr
> - c:\windows\system32\wbem\repository\fs\objects.map.new
> - c:\windows\system32\wbem\repository\fs\index.map.new
> - c:\windows\system32\wbem\repository\fs\objects.data
>
> Can anyone tell me if these files are in fact evidence of malicious
> keylogging? Their location under windows/system32 leads me think they
> are innocent.
>
> Also I installed and ran a trial version of SpyCop version 5.2c. This
> trial version of the software found nothing suspicious, but according to
> the literature the trial software does not check every file. Is this a
> program worth purchasing? If not, what anti-computer surveillance apps
> should I consider? Note that these applications are in a different
> category from anti-virus software. I already run anti-virus software
> from McAffee, along with their firewall and anti-spam software.
>
> In what other ways might someone gain access to my password and logon
> information to impersonate me at a particular web site, short of having
> physical access to my PC? Thanks in advance to anyone who can help.
>
> -gts
>
>
>
>
This archive was generated by hypermail 2.1.5 : Sat Feb 22 2003 - 02:02:19 MST