February 5th, 2004 11:50 PM
I need desperate help... please?
I'm not really a newbie, in fact, i think i know quite a bit about computer security, but this one incident just isn't making sense...
Yesterday I was talking to a friend on aim to try to help him get rid of a trojan that was in his computer when all of a sudden a strange screename that I had never seen before started talking to me and saying some of the stuff I was sending to the other person.
I tried the most obvious things, used a spyware scanner, ran antivirus(both which i have multiple programs I use), went into the command prompt and typed "netstat -n" to look for suspicious ports. All of this stuff did nothing.
How is this person able to see what i am typing? Any help would be greatly appreciated.
February 5th, 2004 11:56 PM
OMG.... are you serious??
Let's look at the facts.
Your friend has a trojan. You are talking to your friend. Someone else knows what you are typing. Your computer checks out. Seems pretty obvious to me. It was someone using the trojan on your friends computer...
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
February 5th, 2004 11:56 PM
Did you have your friend run netstat on his computer?
What trojan was it?
Is it possible your friend was playing a joke on you? (him having another aim screenname)
February 5th, 2004 11:57 PM
It sounds like they were intercepting the data somewhere in the network which means they could be tapped in anywhere. Your friend didn't have any of this happen at their end did they? Or maybe the worm/virus/trojan on your friends computer was sending the data.
February 6th, 2004 12:05 AM
Well it isn't just with that one person, it happens to EVERYONE i ever talk to using aim. No matter which screename i instant message, he always knows exactly what im saying.
February 6th, 2004 12:09 AM
Go with HTRegz's idea. Its extremely unlikely that somewhere along the way someone is intercepting your traffic so don`t worry about that. Get your friend to run a virus scanner, do a netstat etc... and see what is happening on their computer (they should espcecially do this if the same things happens again - do it while its happening).
Although, reading your last post again, are you sure you don`t have the trojan? Do you have a personal firewall? try blocking all out bound traffic except your aim chat.
Quis custodiet ipsos custodes
February 6th, 2004 12:13 AM
I'll have to default to those with more knowledge about those messaging systems, but in less than one month, I have taken my son's hd and cleansed it of all kinds of virii, trojans etc. , because he loves chatting with his pals on the instant msg programs. I have one of his drives just sitting on the shelf because I want to check out all the crud and see what it has done. We now have his AV always on and it intercepts them. (2 this week!) The next time it happens, I'll make note of the critters and pass it on. He visits anema (spelling?) sites as well, so that may be a source also.
You didn't say it, but is this your computer at home, or is it a computer at work? The reason I ask, as stated earlier, the odds of someone sniffing your packets is really slim unless they are on the same network as you. If it's a work, that opens other possibilities.
February 6th, 2004 12:21 AM
And The Truth Is Expelled
No matter how much people tell you that there is no way; there are ways to monitor AIM convos. The person may be using a trojan, or something similar, like remote anything. But there are otehr programs, I have seen them in action...gotta test the new merchandise and such. It depends on who's messing with you, but he could be a developer, or just some script-kiddie messing with some new-found prog. The programs are very under-developed at this time, but all you do is enter a screenname, and an IP if you have it, and it searches for the user online. After a few moments, assuming the person is online and logged on, it, one way or another, intercepts and filters packets. They are reassembled to a quite readable HTML file. Sometimes there are parts of the conversation missing, and sometimes, there is useless crap that was filtered incorrectly. I'm not sure where I found the one I tested some 6 months ago, but they are out there, just still "underwraps", or so to speak.
Geek isn't just a four-letter word; it's a six-figure income.
February 6th, 2004 01:24 AM
Could he try switching to something like Trillian? Trillian isn't AIM but sends AIM messages. Or would it share the same security holes? Just a shot in the dark...
February 6th, 2004 01:34 AM
It might be a spy software. Either someone has installed it on your buddy's PC or your PC, and they're getting all your convos. Not likely but it could be. Most likely it could be a trojan in both your computer and your friends computer. To clean that up use thecleaner, instead of just using your AV software. Using spybot s&D and adaware wouldn't hurt neither.