iOpus Starr keylogger/spy - how to investigate this hacking? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: iOpus Starr keylogger/spy - how to investigate this hacking?

  1. #11
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    As Mr. Deeds would say, "My Bad" I didn't read up on the program and in truth I know nothing about it. I assumed that this program was a Trojan. The fact that is a commercial program installed through administrator privy makes it even WORSE. There are a lot of paranoia adds that directly sabotage the trust between spouses. They show a picture of one spouse doing naughty things that catch the attention of another spouse and make them question why someone spends so much time online. They are as bad as those X10 adds.

    A kid wanting access to something is definitely a possibility. Unless they are like 4 and play Bob the Builder games all day. My neighbor’s kid is constantly trying to unlock the DVD adult codes. I don't blame the kids; I would have done the same thing.

    The 3rd party part is scary. It would make one start to suspect everyone around him.... You definitely have to find out who did it though.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  2. #12
    Banned
    Join Date
    Jun 2003
    Posts
    23
    Now before we jump the guy we need to ask this person if they have a wife and/or children and if so they I say go ahead with tigers idea but instead of the whole slavery thing...I would scratch that its not too believeable. I would go more along the lines of military school or boot camp or something. If its an outsider I need you to think about all the confrontatiopns you have had in the past 2 months or so... think of anyone who would believe that you have wronged them in one way or another. Also think of anyone who has asked you for some form of information. I also experienced that people who play game have alot of enemies or just people who want their character, like in runescape if you have a decent character someone would try to get your pw and steal all your stuff, it has happened to me before. So i suggest you step back and take a look at your life and see things a little more clearly. Thats just my idea and yes if you cant uninstall it or trace the program threaten to sue the company who made this program for aiding someone in invasion of your privacy.

    Alright so i downloaded this software and im still learning stuff about it but try this...go to your start menu and then run type starrcmd and the program should come up asking for the password if there is one...if not go to the settings tab and click uninstall...if there is a password click search under the start menu and search for the starrcmd file then after you locate it delete it...the program should stop working unless this person found out a way to password protect this file...but i doubt it

  3. #13
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Dark: I apologize if I misunderstand you but it isn't TMM we are jumping on..... It's whoever installed the keylogger that needs jumping on. If it's his wife then there are serious problems in the household and I don't even want to go there...... Who knows what or why and it isn't any of my business. If it's his kids then they should be grounded for an appropriate amount of time, (they'll look pretty silly to their friends when they still aren't allowed out to play when they are 35..... ). If it's an outsider then let's have at it....... While the wife and kids can claim some right for doing what they are doing, however tenuous that "right" may be - an outsider has no rights whatsoever and should be taught that lesson in a way that they will never forget it........

    I also wouldn't limit myself to confrontations etc. He mentioned that he had work/business stuff on that machine so we need to think about "fellow" businessmen. It does mention on the site that the program is small so it is possible that it was installed remotely but I would still lean towards physical access until I get more info.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #14
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Gentlemen, this is the best thread I have followed so far! This epitomises what AO is all about!
    We do not like people who do this sort of thing.

    I am no expert on this type of software, but I think I know a bit about people. If it is a family member, they would need a reasonable degree of computer literacy?...also, I wonder why they would want to send it out, when they must have local physical access?...anything going out risks interception at the firewall doesn't it?

    OKAY, they may have hired a private detective or enlisted the co-operation of a school buddy?

    I guess that I am cynical but this looks more like a business associate/rival.

    I am very impressed, and glad that I subscribed to AO

    Regards

  5. #15
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    Thanks everyone for your insight, I really appreciate your help on this!

    Well, to adress some key points: I live alone, no wife and no children. That means that the only ones with direct access to this computer are my friends and occatinally friends of friends; although the extent of this "friendliness" remains to be seen...

    As for the security of my WLAN, I've enabled WEP encryption along with MAC access control; so only approved MAC addresses should be able to gain access. However, the WLAN did run unprotected for a while at first, a little more than a year ago. I've been trying to scan the computer with a couple of anti-spyware utilities (like Ad-Aware) on a regular basis, but this software wasn't detected there, so who knows how long it's been there... What made me try other scanners this time, was that my computer sent out virus-infected e-mails (a worm) the other day, even though I have Norton AV installed (with automatic updates and full e-mail scanning activated). I thought it was strange, because my friends' Norton stopped the very same virus. Also, my computer goes out of stand-by mode by itself during the night...

    Does anyone know for sure if this program has to be installed with physical access, or if it could have been placed there using another normal-looking file that I downloaded somewhere?
    I am very impressed, and glad that I subscribed to AO
    Me too, it's great to get some support concerning this problem, both technically and on the mental level...

    I'll try the suggested actions, and report back soon...

    Thanks,

    TMM

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    TMM: Ok, we can rule out the wife and kids.......

    I'm a lot uncomfortable with the unprotected WLAN early on. Having said that, I'm pretty sure that one would need desktop access to install a program like this. If I already have desktop access, (not physical but through PCAnywhere, Terminal Services, RDP or worse some form of RAT), then I'm not sure I would need to go through the trouble and risk of installing a program like this. I'm sure I could come up with something "quick and dirty" to grab the odd password etc.

    I'm also uncomfortable with the waking up at night...... I do it all the time myself and it's a pain...... ;) ..... I think we need a little snort box on an old hub to this machine and run a single rule to start with

    alert tcp any any -> any any (msg: "Traffic Detected"; Flags: S; classtype: bad-unknown;)

    if you have only the snort box and your PC on this hub it will capture all traffic inbound and outbound to it. We can then filter through the alerts to see what was valid, what was questionable and what was definitely invalid. It will also tell you if the WLAN is compromised and the guy is connecting to your machine - which is a possibility.

    Do you have the equipment to run a snort box in stealth mode?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    TigerShark, what equipment would I need to do this?

    Concerning the WLAN, my gut feeling tells me that it's unlikely to be the problem, at least if MAC access control is what it's supposed to be. Although it was wide open for a couple of months (won't happen again!), back then hardly anyone knew what WLAN was around here...

  8. #18
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    An old computer and a small hub, (not a switch - and remember your WAP probably acts as a switch as well). The go to www.demarc.com , download and install PureSecure on the old computer per the instructions in their documentation section.

    Go to the network interface and unbind all the services from it so it cannot respond to anything and therefore will most likely not be detected.

    A thought just struck me...... Are you doing this, (chatting here), from the keylogged box??????????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #19
    Senior Member
    Join Date
    May 2002
    Posts
    101
    LMAO, not to be a pessimist but if he is that is just funny. Let's plan a plot to catch this guy and tell him all about it. The person must be laughing all along while TMM is typing all this info here. Sorry, I couldn't help but think about it and laugh. Even though I wouldn't be laughing if it happened to me but would have definitely just have said forget trying to catch this guy and reformat reinstall.

  10. #20
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    A thought just struck me...... Are you doing this, (chatting here), from the keylogged box??????????
    No, from my laptop - which according to Spysweeper is clean I did of course run that program on my "infected" computer, and spent an hour or so researching the spy software before moving my search (& destroy) efforts to my laptop.

    Hmm, I'll try and get a hold of a hub, and I guess the laptop should do...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides