Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: iOpus Starr keylogger/spy - how to investigate this hacking?

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    7

    iOpus Starr keylogger/spy - how to investigate this hacking?

    Hi,

    I just found out that someone has installed the iOpus Starr system monitoring tool on my computer. Apparently, this is a fairly advanced software that runs silently and logges everything (keystrokes, passwords, screenshots) and then sends it as an encrypted html file.

    Now, this sure seems like a targeted effort to spy on me personally; so I'm more than curious to find out who's behind this... The software can only be installed by a system admin (which would be myself, this is my private computer) or by someone accessing the computer.

    Is there any way to find out where the logfile is being sent? Can I at least figure out when this was initiated/installed? Any tips on this would be greatly appreciated...

    Regards,

    TMM

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you have a spare computer and a hub put Ethereal on it and have it monitor all traffic to and from the machine. Then look for stuff that is happening that you didn't do, email, web access at 03:00am etc. If that doesn't find the traffic, (too much to filter), then we can either add filters to Ethereal or try a different route.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Just remove it. I wouldn't bother trying to track down the culprit.

    If he has half a brain it will be being ftp'd to some anonymous half way house.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Mark: Your no fun......

    Now we know he's there we can start f'ing with him...... Much more fun since we can turn him on and off as we please so he won't know what's real and what's not.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    Thanks, guys...

    I have a second computer, connected through a WLAN using an SMC Barricade router. The router also has a buildt-in firewall, I wonder if the logs there would do any good?


    Originally posted here by mark_boyle2002
    If he has half a brain it will be being ftp'd to some anonymous half way house.
    I doubt he has "half a brain"... Most likely, it's someone who aren't too familiar with hacking, probably someone I know. I'll look into Etheral.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Oooh... Oooh.... If it's someone you know you can _really_ mess with their brain because you know personal details about them. If they have any dirty little secrets you can pretend to be emailing them to others and so on....... You can pretend to be reporting him to the authorities for a computer crime...... Then when you meet them act _really_ friendly and be the best guy in the world to them..... Then watch them..... Funnier than hell......

    The possibilities are endless...... Your imagination is the only limit...... And if it limits you drop a line here.... I'm sure some of the people here have a wonderful sense of humor......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    Sounds like a good idea

    I'd just like to know what the intentions were, I'm not sure if this is a out-of-curiousity kind of thing, or if someone's actually trying to f'k with me somehow. Anyway, I really don't like the idea that someone has passwords etc. and monitors conversations (both personal and business)...

    BTW, I discovered this using Webroot's Spysweeper, and it referred to traces in the files zipdll.dll and unzdll.dll in the windows/system directory. Can anything be gathered from these? I wasn't able to upload the .dll format though.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well.... According to their website, (here ), you can't see what it is he is monitoring or the contents of the log file without his/her password since it is held in an encrypted file. It seems quite sophisticated insofar as it has some nice little features like backdating the log file so poeple who are looking to see if they are being logged by looking for files that have changed in the last x hours won't see the logfile because it's date is much older than that.......

    If he is using the built in email then you won't be able to identify him without threatening the company with a lawsuit - reading their site they may be susceptible to a threat since they already state that they can alter or remove the built in mail at will - implying that they understand their risk of lawsuits. If he is using his own email then an Ethereal capture with a filter "port 25" will capture the email address of the recipient since it is sent in clear.

    If he is using the LAN option then you need to trap all traffic on ethereal and then determine what _isn't_ your activity - that'll be his - then you have to start tracking from there which is harder.

    My guess is he'll be using the email system..... The problem is which one?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I am with you Tiger, back door infections (outside of spy ware) on my personal computers at home, warrant supreme prejudice at the attacker. It's a personal attack on me and the comfort and safety of my home. Messing with this person would be more fun than a nice juicy steak and ice cold Fosters at the Outback Steak House.

    I would ask myself this. Do my friends have access to my computer? Have I opened any email attachments lately? Who were they from? Do my friends have any knowledge of this program or Trojans in general? Have I been to any "out of the way" websites lately? Have any of my online buddies asked me for my IP or email? Have any of my online buddies directed me to their "awesome" "l337" website lately? etc etc. And finally IS my wireless LAN secure and DID I take precautions in setting it up or just Plug n Play right out of the box?

    I have found a couple real back door programs over the years and EVERY time the loser used a valid email address to mail information back to his account. Tiger_Shark has covered those paths to success.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Road: This is no backdoor "infection"..... This is a paid for, keylogging and spying program that has been deliberately installed by someone with administrative rights to the computer. Now, aside from the "usual suspects", (wife or kids), this narrows down the field quite significantly insofar as it wasn't some nice little attachment in an email that put it there.

    What this does say is one of three things:-

    1. TMM has done something to make wifey suspicious of him.
    2. TMM has placed restrictions an his kids and they want the password to unlock them
    3. TMM has someone he knows that wants something that TMM has.

    In all these cases I absolutely agree with you..... _extreme_ prejudice is the order of the day. This is no different then placing hidden microphones or cameras in my house. It's an utter invasion of my privacy without a care for me or anyone else who uses the computer. That's a very bad thing....... If it's the wife spying on him then that's easy to catch - wives are easily "baited" into giving the game away with a few suitably typed lies..... The kids are a little more difficult - you could start by sending a fake email about selling them into slavery and see how thier behaviour changes.... but the last option is more difficult and certainly requires a mich greater level of prejudice since they are an outsider.........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •