keylogged and screwed

Half Evil

Golden Master
Messages
16,076
ok heres the thing. i was playin runescape and i got off and then about 3 hours later, i got on and i had been totally cleaned out of everything.my question is how they did that, i have talked with friends about this i and they told me that there is a program for 40 bucks i forget wut it is called, and it was origionally devolped for chat rooms to steel ip's and cause runescape is basicly a giant video chat with little animated characters, im just kinda wonder how it can just grab you ip from when you say somethin......i just dont understand can someone please explain, and the other thing is how they attach the key logger but i dont wanna sound like ima gonna hack someone so just tell me about the first thing cause thats just wut really confuses me....thanks
 
Re: english

First off, please re-explain your situation...I really don't understand what you are talking about. Second, use capitalization, it is alot easier to read.
Ok...so first off. The guy probably is either at your house right now, or is someone that you talked to one AIM or MSN. Both of these instant messenging services have direct connect options that enable a user to grab the ip address by opening up cmd.exe and typing netstat -an (correct me if I'm wrong). So if you direct connect with anyone in the past two months, you are likely a victim of this ploy. Also, they have a probably had that keylogger on there for a while so I would run a virus scan and a Spybot scan for good measure.

thecoolkidontheblock
 
thecoolkid: if the keylogger uploaded to a remote location or emailed logs, there would be no reason the attacker would need the kid's ip address. it would be totally irrelevent, the only way he'd want it if he was going to portscan and exploit a service on an open or listening port.

A better thing to do in this situation is download a firewall. monitor all the apps without going traffic. if you're unsure of one, google it, check the ipaddress. you can do a whois search on the address and figure out who the application is trying to communicate to.
 
ok, so are you saying that i was sent a keylogger through email? well even if they did do that how did get the actuall keys logged cause there has to be someway of getting it back to them right? and i do have McAfee firewall and virus scan
 
re: ip address

If you don't have the ip address, how would the attacker access the key log records? You have to have the ip address to access keylogged records. I understand what you are saying by sending through email, but if he has a security hole, then a person probably exploited that. Unless he received a strange email recently?

thecoolkidontheblock
 
having an open / listening port open 24/7 just so you can read some logs is risky (assuming he keeps his connection open 24/7) if he doesn't he might not have access to the logs when he wants also it chances being found, and being closed. if this happens all your hard work (actually getting someone to run the key logger) goes down the drain. Why would you want to store the logs on his computer anyway?
 
arrizx: there are four things that could have happened

1. The guy got extremely lucky and guessed your password (unlikely)

2. The runescape server was compromized. (highly unlikely otherwise everyone would have the same problem as you)

3. Your system has been compromized (likely)

4. Someone was able to get information from you about your password, maybe the password itself. Example: a scam, some guy asking questions to get answers for the password recovery thing. (unlikely, unless you're gullible)
 
re: open connection

Since most of us here are computer specialist, it is assumed that most of us run netstat every once and a while to see what is connected to our computer. If you leave a connection open 24/7 (especially a keylogger), it is alot easier to find it. All he has to do is telnet to the port that the keylogger has opened and no doubt in my mind that the keylogger would spill its guts right then and there.

thecoolkidontheblock
 
If most of us were "computer specialists" we wouldn't have so many people asking questions would we?

Why would we run netstat? Since netstat only provides lists of connections at the time of netstat's execution. If we were "computer specialists" we'd want our system monitored all the time (right?), and keep LOGS.

My point is it's safer to upload to somewhere else...

If he's a smart person he'd upload the keystrokes to another box, where he can login, and get them. (but since he's using a keylogger stealing runescape accounts he's probably a script kiddy)

If he's dumb, he'd leave a port listening 24/7 waiting for him to login. Which risks being found, closed, executable opening the port, found deleted. Say that never happens, he logins in, gets the files, his session might be logged. With an ip address, you can find a general location and an ISP. Then all you have to do is call the isp and athorties and take legal action. Do you think he'd honestly risk all that when he could just upload it somewhere?
 
Hmm it doesn't matter if you h ave a firewall
As long as the firewall verifies its sent by you they will allow it, which would be the case if you had a keylogger
If you have a continuous connections, such as DSl or cable, then i recommend you download programs that let you see in an instant if new ports are being connected or you can just look at them all via cmd using netstat -an which will give y ou port name and ip address and the state of it.
By the way, they may have just sifted through your packets because i dont believe that hte line is encrypted before it is sent.
By the way, you stil play runescape?
 
Back
Top Bottom