I was wondering if anyone can tell me if there's any way to prevent someone from hacking into my instant messenger programs. I use AIM and Odigo, and I am being harrassed by a hacker that can get into my IM when I am chatting with my girfriend and they type things and it looks like it's coming from me. I have repeatedly changed my password and that doesn't seem to help. I am running McAfee Personal Firewall. I am on a completely different computer from when the harassment first started. The harrassment started in AIM and got so frustrating that me and my girfriend downloaded Odigo and came up with new screen names and started using that. Things were fine for about 2 weeks, but now the hacker has once again found us in Odigo and is starting again. We can never tell when this person is in watching our chat until they type something offensive and it looks like it's coming from my name to my girlfriend or vice versa. Is there any way to prevent someone from entering our chat and harrassing us? Any suggestions would be greatly appreciated.

Thank You

Hi,

Can't you just change your username and create a new account?

Do you have a static IP?

Bye,

DKRR

Snodog311

I would try using a virus checker with up to date definitions. It sounds like it could possibly be a Trojan of some description. Even though you are now using a different machine from when the attacks first started, you could be installing a suspect program that is putting the trojan right back on there. Always worth a try..

thanks for the replies...DaRK... we have created new names and accounts in Odigo and it worked for about a week but the hacker found us again, I can't keep doing that every week :( .... jessie... I am using McAfee VirusScan and it is updated and found nothing.... thanks anyway but I think this hacker is using different means to do this... it is sooooo frustrating!!!!!

SnoDog

What OS are you using?

first PC when problem started was Windows XP Pro current PC is Windows 2000 Pro

Do you know who the hacker is? Also, has this "hacker" contacted you directly in any way? It sounds like it's probably someone you know in person that's just trying to harass you and/or your girlfriend.

Another question, does this hacker send messages through your account when you are talking to your girlfriend? Most chat clients won't allow more than one log on of the same screen name, which means that, if he is sending the messages through it, he's most likely doing so through some means other than through the chat client itself. It's possible that he has some sort of remote access to your system or your girlfriend's system, which allows him to send messages not through his own chat client, mimicking you, but rather through your own chat client, while you are talking.

AJ

In their initial state, Microsoft Windows operating systems (98, ME, XP, 2000, NT) allow anyone on the internet to pop up Windows on your screen. There is no need for them to know anything about your computer and your computer does not care who does it.


Even less savory individuals may pop up messages on your screen that try to fool you into taking actions that may not be in your best interest.


The important thing to remember is that anyone, anywhere in the world can pop up one of these messages on your computer. At this time it looks as though all these messages will have "Messenger Service" in the Window title. It would be wise to verify with support staff any such message that appears on your computer that instructs you to to take actions that may divulge sensitive information, change your password, leads you to a web site, or take other, unusual actions on your computer.

Also know that spam senders are using the Windows Message Service as another way to distribute their advertisements.





Disabling the Messenger Service
To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service. Its easy to reverse at a later time if you wish to do so.



Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows NT
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK

Windows 98 & ME
Windows Messenger Service cannot be disabled

To my knowledge you must use a 3rd party program like these (http://download.com.com/3120-20-0.html?qt=stop+messenger&tg=dl-2001)

Hope that helps

snodog311,

Personally, if you are using a good firewall it should block any incoming connections.
You could try with a different firewall like ZoneAlarm and see what it tells you while chatting. This guys MUST be connected to your computer someway so your firewall SHOULD tell you about it.
Moreover, I would look for strange direct or simple connections to your PC, using the telnet commands under a DOS window and see if you can find something weird there.

Good luck,

DKRR

hi thanks for the replies again... avdven... I think the hacker is someone who IMed me once on AIM and she (I know it's a female) got upset when I wouldn't chat with her. My girlfriend has told me that when we were using AIM, my name would be flashing in her buddy list window and that's when the hacker would be in there. In Odigo, we can't tell when she is there, but she sends IMs to my g/f and they come through with my screenname... I can't see what they hacker types in my window but I can see my g/f's replies to what the hacker says.... I have heard that there are programs out there that will allow a hacker to access a chat client and password crackers.. could this be how it is being done? If so, is there any way to stop it? Like I said, I am using a completely diffent computer from when this first started and haven't installed any programs on it so I don't understand how they could get into this computer too... thanks again for the info.. I just hope I can put a stop to this, it really sucks!!!! :-(

Snodog you may have a static ip like stated before. This is your address given to you by your Internet Service Provider (ISP). Most ISPs use Dynamic ip addresses, but if you do get a static ip, it wont matter how many different computers you use your address given to you by your ISP will be the same. You could contact your ISP and ask them if it is static or if you could get a different one.

Just a thought

Have you tried installing the latest updates for your Windows OS from Microsoft? You may have an old vulnerability that the "hacker" is using that is now patched by those updates. If you have no Idea what I am talking about...there should be a little globe icon in your lower right corner near the clock that says 'Windows Update'. Click on it once or twice and you should be on your way to gettting all patched up.

And your messenger client...do you have the newest versions? (MSN Messenger 5.0+), or (Yahoo Pager/Messenger 5, 5, 0, x+)? There are alot of security upgrades between releases sometimes. If there is a widely known vulnerability in an older version, then it will most likely be complained about and fixed in the new version.

Hope this info helps,

nanodog

I have checked my IP and it is not static... I get a new one every time I sign on... I have switched my firewall to Zone Alarm Pro and will see if that helps... it has been blocking quite a few access attempts so I will see... I have the most recent windows updates and the newest versions of the messengers.... any more suggestions would be greatly appreciated... thanks

SnoDog

"I have heard that there are programs out there that will allow a hacker
to access a chat client and password"

She or he (never know) could have penetrated you or your
friends computer by exploiting a bufferoverflow related to a specific
feature within the instant message client sometimes it doesn't matter
if the vendor fixes the hole or not because the hacker just makes a
few adjusment or modifies things and he/she still in buisness :(
are you using the latest version of the software is your friend?

I've cleaned up systems still running ICQ and AIM all the way
back to 1997 gotta wonder why people don't update there
stuff :(

Doc

hi Doc.... yes we are both running the latest version of both AIM and Odigo messengers... everything on my PC is updated and I just switched my firewall to Zone Alarm Pro... I also installed PestPatrol and Essential NetTools today to help try to track the hacker or at least be able to tell when and how they are connecting... I hope they work but I won't know for sure until I chat with my g/f again tonight and see if anything happens.... very frustrated with this whole thing :(

SnoDog

Hey snodog,
I don't know why anyone hasn't already mentioned this but maybe it's your g/f's computer?
You're own computer can have the most accurate and powerful firewall in the world, but if the hacker found out your G/f's IP and if she hasn't changed computers or installed any type of firewall and scanned for trojans then the hacker can still annoy you. So get a firewall on your girlfriends computer, and a good antivirus program. Then make sure she uses them. Hope this solves the problem!!!

thx redhawk I will definitely double check with her to make sure she's all updated too, but I think she is... however, I don't think she runs a firewall all the time... I will have to get her to install Zone Alarm too... if they are accessing us through her computer, is it possible for them to send IMs to her as me though???

SnoDog

The sad thing is that if you can think it up you can usually do it (computers that is!) All you need is time and intelligence. It is possible, though unlikely, that the hacker is going through her computer. If you or your G/F are on a network it may even be easier to view and possibly edit messages. But it does not sound like you are.

Have simply tired running the netstat -an command when this happens? Try this on your system and your girls system next time it happens and look for any connection that should be. This would at the least let you know the what port someone is tunneling in on.

Here's a tool that basically does the netstat command, plus gives you a couple ways to organize what your looking for..

http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htmFPORT (http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htm)

no, neither one of us is on a network... I use one of the more popular ISP's dialup and have also tried netzero but that didn't make a difference... my g/f was on aol but switched to a local ISP and that didn't help either... we have tried everything we can think of but are running out of ideas :( another thing that sucks that I didn't mention before, is that the hacker can also intercept our emails to each other and even prevent us from getting mail from each other... :mad:

SnoDog

just wondering if anybody else has any more suggestions????

I have a suggestion....why don't you just call her on the phone? Do people still know what a phone is and what it does?

you can also try to go to start>control panel>network connections > then right click on your local area connection>properties and check the box that says: protect my computer and network by limiting or preventing access to this computer from the internet. make sure the box is checked off. then go to settings and make sure that your aim and odingo is unchecked then ok those settings. also go into the security logging and check: logged dropped packets and log successful packets. then go to the ICMP tab and check off what you would like to allow as well. press ok and ok again that may also help.. good luck with your stalker. :)

This person (Cracker) is using a static IP to trace, so the ISP connection could be used to make sure there is no static IP, like the others a firewall is agood idea.

This all sounds very strange to me. Hope You get rid of the annoying hacker.

If she can get to your eMail I guess she has access to the email account.
I think it would be very hard to intercept emails on the line, she would have to be on the same network (isp) to be able to listen to the line. It would be even harder if not impossible to block email traffic, so that is why I guess the person has the password for your mailbox.

Now reading other peoples mail is a serious offence against the law in some countries, so maybe You can get some outside help, or threaten the hacker that You have made a complaint about her. Any way You should contact the ISP about this problem I think.

About IM.
A firewall does protect your PC, so that outsiders cant use services freely on your PC, but You have told the firewall that it is ok for your IM programs to access Internet and vice versa.
In some firewalls You can specify that the programs are allowed to only contact a specific IP or a specific range of IP's. You could try to narrow down what IP's IM is allowed to communicate with. The firewall might then droop all traffic from the hacker, but still let You chat with the GF :)

I would also recommend that You go to the network settings, and deselect / untick all services except TCP/IP, as You tell us that You are not using a LAN, so You have no reason to share stuff via windows.

Also run MSCONFIG and look what programs is automatically run when You start windows, if You find something You don’t know what it is, just untick it and restart. You can always tick the option back if You need it later.

All protection has to be done on both systems.

Good luck

If you don't want a firewall, which is my opinion, you should try to change to a server IP.

It is possible that someone has physical access to your g/f's computer or your own, that could make it easier for them to find out what IM services you use and your IP. Hope this helps!

Run a virus checker on your girlfriends box, it is poss that their is a remote controll trojin there. You say email has been intercepted also...what is the unifing trend here, did she intercept message you sent to your girl friend or the other way arround, if someone can stop email from arriveing they probably have your/her account info and is logging in to the account. One last thing to try, one night you log in as your girl friend and have her log in as you, then see what happens, do you recive the mesages or dose she. Do the messages form you appear in the same chat window as what you type or in a new one?

i sure would like to meet this hacker/cracker chic...seems talented...bad luck on ur part though. If you use AIM then i know u can connect to send/recieve IM Images then sign off ur AIM client and still talk to her without being logged in...i dunno if this would prevnet her from her sendin the messages and stuff since u would still be connected to the internet. All vulnerabilities in windows...AIM...and other messangers and a virus scan along with a Firewall on both of ur computers should fix the problem...i dunno what else it could be :-/ Sry dude.

HEY! I have the same problem, but i'm on a Mac, running OS 9.1, and this HACKER stole my IM ID and is going onto all my chat rooms petending to be me, and saying some awful things. I turn my comp on and try to log onto my Yahoo! IM, and get the error message " You have been signed off, as you have signed in on a different machine." This hacker also has tossed files in my trash bin, froze up my screen and mouse, I recent;y installed Net Barrier, and it logs the activity and shows alerts which indicate that suspicious activity is occurring. It also bounces out the offenders, and puts them on a "stop access" list. Somehow, this Hacker STILL gets past my guard dog, and turns my web sharing and file sharing on after I have turned them off. In the past, I would awake to find my comp screen on and running/clicking in the wee hours of the night...after I had shut it down. I too, have changed my ID, passwords, etc. to no avail. I believe, too, that the perpetrator is someone I met in a chat room. He's left clues...(I've done some homework) His log on name - bobcat 822001- indicates that he is a "bob", as in Demon Internet Tech Support Personnel. "cat" refers to (UNIX) to spew an entire file to the screen or some other output sink wothout pause. By extension, to dump large amounts of data at an unprepared target or with no intention of browsing it carefully. usage: considered silly. The numerals I have yet to crack. He is logging on thru Yahoo! UK (Ireland). Personal Info: 26 yrs. old. Lives at home. Father has Prostrate Cancer. Enjoys Plato and Buddism. Has long black hair. Smokes. He works as a Security Guard, at night, when the attacks occur...utilizing up to a dozen different PC's ( as my data shows all the IP adresses.) in one evening. Often haunts Yahoo Groups Chat Rooms > Paganism 1,2,3,4,... My thought is that he must have hacked the data from (unsecured) Yahoo (commonly referred to as "BooBoo or BooHoo") on my computer's IP address and got in to steal other data and reset prefs. I'm new to all this, but not stupid. Can anyone help -both of us- with this IM HACKING PROBLEM????????

Sounds like one hell of a problem to me. Well more than likely this peson has remote access to your computer. My advice REFORMAT that should get rid of any problems.

ummm, maybe its just me but dont you people ever call in the law on this dumb shit? i mean come one man, grab your phone and call someone about it and have it taken care of, these arent hackers these are lamers, so put em in jail or somethin.

I found the following message to be helpful , as no hacker activity occurred after I posted it tonight. They will either consider it a challenge ...or a curse! :
(type this on status bar of IM):

"WELCOME TO THE IRON BOX! TAKE THE BLUE PILL AND YOU WILL WAKE UP< FORGET THIS EVER HAPPENED."

references for the unknowing: 1) IRON BOX: Hacker Jargon for "trap", see Dictionary
2) BLUE PILL: the sleep pill, see movie "The Matrix"

GOOD LUCK! (I know, still doesn't catch the hacker and give him what he deserves...but he may not sleep at night tonight for wondering.) Of course, if you hear about how to create this proverbial Iron Box, please email me, as I'd be interested. really interested.

Hi,

Virus scanners and cleaning your drive isn't going to any good in your circumstances.

Most IM services work with a portal, where the IM service provider proxies messages through to the users (Once a connection with a peer has been established, some IM protocols allow an e2e connection). The buddy lists are usually stored at the server side and not on the client.

The only way masquerading can be carried out is at the IM providers proxy. So I am stating the obvious.

From what you say, the attacker has gained access to your GF IM ID without you even telling him/her? again it seems like the obvious - this sort of backs it up.

This can be verified, if ask your GF to check the source IP of the attackers response. Now I'm thinking the attacker is more clever than the usual script kiddie and would have probably spoofed his/her IP, then things can get a bit more difficult, but we can check this if your GF tries to reply - if the attacker doesn't send a message or a while after sends a message which is not a response to the message your GF sent, then we know the IP is spoofed.