Results 1 to 10 of 10

Thread: A friend's mac was hacked

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    12

    A friend's mac was hacked

    Recently, my friend's mac was hacked. The attack was pretty malicious in my opinion. My friend is on a Mac OS9 and she connects to AOHell with her cable modem. The cracker was signed on to her AOL account and IMing her friends. My friend also has a dot com and the person logged in as her was asking me and a few other people for "the addresses and passwords" to her site. This person also collected personal info about my freind by reading her saved emails and files on her computer and emailed all this to freinds and family members. Now cousins know all about her sex life, financial situation, etc. Oh the person was also passing out her car's plate number and street address. Totally not cool.

    During the evening that the hacker type person was IMing with her friends, one person got the cracker to visit her website. The stats gave the IP number. It traced back to the cable provider my friend has. Once the hacker was gone and my friend was signed on, I checked her IP and it was identical. That's why I think they were actually in her computer somehow.

    Anyway, my friend keeps changing her password, but the hacker keeps getting it. The other day my friend told me that prior to this incedent she would go to sign on AOL and it wouldn't allow her to because "her account was already in use".

    I tried to get my friend to download a firewall, but she would tell me she was too afraid to download anything and that she wanted to wait till she could buy one at a store. Right now she is out of town. Her AOL is safe I'm sure because she was able to change her passwords on a different computer.

    You all are the security pros. Do you think there is a trojan, keylogger, or something? Does a mac keep any kind of activity logs? I'd love to find out who they are. If there is a trojan or something like that, is there a way to read the code and see where the info is being sent?

    Thanks

  2. #2

    Trojan Horse Attack

    These are CLASSIC symptoms of a Trojan/keylogger attack. The box is a HAZARD to your friend and the Internet untill it's cleaned up. Keep it off the Net. If you have any trouble at all removing the nastyware reformat the box...then get her a firewall. I HATE CODE KIDDIES Kiddies

  3. #3
    Junior Member
    Join Date
    Jan 2002
    Posts
    12
    Thanks for the reply Ratman! The box probably will get reformatted even if we can find the nastyware. Who knows, the code kiddie might have added a more nasty stuff after gaining access.

  4. #4
    I am a cracker
    Guest
    Yes Ratman is right it is a trojan or a keylogger. She must have downloaded a file that was binded with a trojan and everytime she presses a key while on-line the SCRIPT KIDDY GETS IT! Tell your friend to get nortons virus software 2002 and for security get nortons firewall 2002 internet security!NOT (ZONEALARM) The SCRIPT KIDDY PROBED THE SYSTEM AND, AFTER GATHERING INFORMATION ABOUT WEAKNESSES IN HER DEFENSE , HE JUST REMEMBERED THE IP NUMBER! OR MAYBE HE DID A CABLE-MODEM HIJACK





    Anyway, my friend keeps changing her password, but the hacker keeps getting it. The other day my friend told me that prior to this incedent she would go to sign on AOL and it wouldn't allow her to because "her account was already in use".

  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    10
    its just a stupid pass word stealer look on aol 4 a remover itz only going to steal her aol pass nothing bad

  6. #6
    Junior Member
    Join Date
    Jan 2002
    Posts
    12
    Originally posted by I am a cracker
    The SCRIPT KIDDY PROBED THE SYSTEM AND, AFTER GATHERING INFORMATION ABOUT WEAKNESSES IN HER DEFENSE , HE JUST REMEMBERED THE IP NUMBER! OR MAYBE HE DID A CABLE-MODEM HIJACK
    How would I be able to tell the difference between the cable-modem hijack and a trojan/key logger?

    Thanks

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    It does sound like some kind of password stealer, or trojan but if you can't find anything, here is something else I have heard of.

    I had a few friends that were into this malicious stuff back in the day. This one may not apply to you, but it is a technique I have heard was used. The victim used AOL, and AIM under the same screen name. I forget how the cracker did it, but somehow they got ahold of the person's AIM account. They changed the person's AIM e-mail address from the AOL one to there e-mail. Then whenever the victim changed their password, the cracker would simply request the password from the web site, and it would get sent to his e-mail.
    An Ounce of Prevention is Worth a Pound of Cure...
     

  8. #8
    Junior Member
    Join Date
    Aug 2001
    Posts
    10
    itz just a pws just d/l a cleaner itz prob smile no one on aol is going to hijack her modem or enthign else ppl on aol have been using pws to get paswords 4 the longest itz either netbus sub7 or a home made pws nothing else also check her sent mail

  9. #9
    Banned
    Join Date
    Sep 2001
    Posts
    113

    trojan

    keep that computer off the internet and scan it for everything possible. That's just my advice?

  10. #10
    AntiOnline Jr. Member
    Join Date
    Feb 2002
    Posts
    110
    i can give u something that will give the kiddie a taste of their own medicine
    this pill will be tough for the hacker to swallow and mabey he wont wnna do anything else like that again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •