Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-23-2005, 02:53 AM   #1
Golden Master
 
ArrizX's Avatar
 
Join Date: Apr 2005
Posts: 16,073
Send a message via MSN to ArrizX
Default keylogged and screwed

ok heres the thing. i was playin runescape and i got off and then about 3 hours later, i got on and i had been totally cleaned out of everything.my question is how they did that, i have talked with friends about this i and they told me that there is a program for 40 bucks i forget wut it is called, and it was origionally devolped for chat rooms to steel ip's and cause runescape is basicly a giant video chat with little animated characters, im just kinda wonder how it can just grab you ip from when you say somethin......i just dont understand can someone please explain, and the other thing is how they attach the key logger but i dont wanna sound like ima gonna hack someone so just tell me about the first thing cause thats just wut really confuses me....thanks
__________________

__________________
. ()()()()
./l ,[_\_\ ],
l---L ()lllllll()-
()_) ()_)--o-)_)
ArrizX is offline   Reply With Quote
Old 06-27-2005, 09:52 AM   #2
Baseband Member
 
thecoolkid's Avatar
 
Join Date: Feb 2005
Posts: 91
Default Re: english

First off, please re-explain your situation...I really don't understand what you are talking about. Second, use capitalization, it is alot easier to read.
Ok...so first off. The guy probably is either at your house right now, or is someone that you talked to one AIM or MSN. Both of these instant messenging services have direct connect options that enable a user to grab the ip address by opening up cmd.exe and typing netstat -an (correct me if I'm wrong). So if you direct connect with anyone in the past two months, you are likely a victim of this ploy. Also, they have a probably had that keylogger on there for a while so I would run a virus scan and a Spybot scan for good measure.

thecoolkidontheblock
__________________

__________________
"Computers are one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'computer' is often merely a talented machine who has done all of its homework."

-Thomas Edison, Modern Day.
thecoolkid is offline   Reply With Quote
Old 06-29-2005, 09:02 PM   #3
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: keylogged and screwed

thecoolkid: if the keylogger uploaded to a remote location or emailed logs, there would be no reason the attacker would need the kid's ip address. it would be totally irrelevent, the only way he'd want it if he was going to portscan and exploit a service on an open or listening port.

A better thing to do in this situation is download a firewall. monitor all the apps without going traffic. if you're unsure of one, google it, check the ipaddress. you can do a whois search on the address and figure out who the application is trying to communicate to.
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 06-30-2005, 06:01 AM   #4
Golden Master
 
ArrizX's Avatar
 
Join Date: Apr 2005
Posts: 16,073
Send a message via MSN to ArrizX
Default Re: keylogged and screwed

ok, so are you saying that i was sent a keylogger through email? well even if they did do that how did get the actuall keys logged cause there has to be someway of getting it back to them right? and i do have McAfee firewall and virus scan
__________________
. ()()()()
./l ,[_\_\ ],
l---L ()lllllll()-
()_) ()_)--o-)_)
ArrizX is offline   Reply With Quote
Old 06-30-2005, 01:12 PM   #5
Baseband Member
 
thecoolkid's Avatar
 
Join Date: Feb 2005
Posts: 91
Default re: ip address

If you don't have the ip address, how would the attacker access the key log records? You have to have the ip address to access keylogged records. I understand what you are saying by sending through email, but if he has a security hole, then a person probably exploited that. Unless he received a strange email recently?

thecoolkidontheblock
__________________
"Computers are one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'computer' is often merely a talented machine who has done all of its homework."

-Thomas Edison, Modern Day.
thecoolkid is offline   Reply With Quote
Old 07-01-2005, 10:53 AM   #6
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: keylogged and screwed

having an open / listening port open 24/7 just so you can read some logs is risky (assuming he keeps his connection open 24/7) if he doesn't he might not have access to the logs when he wants also it chances being found, and being closed. if this happens all your hard work (actually getting someone to run the key logger) goes down the drain. Why would you want to store the logs on his computer anyway?
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-01-2005, 10:58 AM   #7
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: keylogged and screwed

arrizx: there are four things that could have happened

1. The guy got extremely lucky and guessed your password (unlikely)

2. The runescape server was compromized. (highly unlikely otherwise everyone would have the same problem as you)

3. Your system has been compromized (likely)

4. Someone was able to get information from you about your password, maybe the password itself. Example: a scam, some guy asking questions to get answers for the password recovery thing. (unlikely, unless you're gullible)
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-02-2005, 07:23 PM   #8
Baseband Member
 
thecoolkid's Avatar
 
Join Date: Feb 2005
Posts: 91
Default re: open connection

Since most of us here are computer specialist, it is assumed that most of us run netstat every once and a while to see what is connected to our computer. If you leave a connection open 24/7 (especially a keylogger), it is alot easier to find it. All he has to do is telnet to the port that the keylogger has opened and no doubt in my mind that the keylogger would spill its guts right then and there.

thecoolkidontheblock
__________________
"Computers are one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'computer' is often merely a talented machine who has done all of its homework."

-Thomas Edison, Modern Day.
thecoolkid is offline   Reply With Quote
Old 07-03-2005, 12:19 AM   #9
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: keylogged and screwed

If most of us were "computer specialists" we wouldn't have so many people asking questions would we?

Why would we run netstat? Since netstat only provides lists of connections at the time of netstat's execution. If we were "computer specialists" we'd want our system monitored all the time (right?), and keep LOGS.

My point is it's safer to upload to somewhere else...

If he's a smart person he'd upload the keystrokes to another box, where he can login, and get them. (but since he's using a keylogger stealing runescape accounts he's probably a script kiddy)

If he's dumb, he'd leave a port listening 24/7 waiting for him to login. Which risks being found, closed, executable opening the port, found deleted. Say that never happens, he logins in, gets the files, his session might be logged. With an ip address, you can find a general location and an ISP. Then all you have to do is call the isp and athorties and take legal action. Do you think he'd honestly risk all that when he could just upload it somewhere?
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-09-2005, 01:38 AM   #10
Fully Optimized
 
dyserq's Avatar
 
Join Date: Jul 2005
Posts: 2,281
Default Re: keylogged and screwed

Hmm it doesn't matter if you h ave a firewall
As long as the firewall verifies its sent by you they will allow it, which would be the case if you had a keylogger
If you have a continuous connections, such as DSl or cable, then i recommend you download programs that let you see in an instant if new ports are being connected or you can just look at them all via cmd using netstat -an which will give y ou port name and ip address and the state of it.
By the way, they may have just sifted through your packets because i dont believe that hte line is encrypted before it is sent.
By the way, you stil play runescape?
__________________

dyserq is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:23 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0