|
-
February 17th, 2004, 06:37 AM
#11
except for the part about the message "someone else is connected are you sure you want to shutdown" which is what you get when vnc or radmin are being used. and another account being found on her computer id agree. i mean thats my aunts sig if i ever saw it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 17th, 2004, 06:52 AM
#12
If you are told someone else is using the computer AND you have a new account created it sounds like a hack to me, although I sincerely hope not.
Change all passwords for STRONG passwords (get your Aunt to write them down and keep them in a safe place if she cannot remember them) If she has internet financial activities she ought to change accounts.........report the problem to the banks or whoever are involved, and dont use the new account until you have resolved the problem. It is just like losing your credit cards...................you must assume that the hacker has found the password files and will brute force them eventually?
If you can find out who it is or appears to be (their IP address & the time date of connection) then:
http://www.usdoj.gov/criminal/cybercrime/reporting.htm
I am assuming that you are in the USA.................otherwise use your local equivalent.......
Use both the FBI and the Secret Service (If it is coming from a US IP use these wherever you live 
They will probably do nothing, but as you have filed a report it covers your a$$
If it IS a hack, you MUST reformat and reinstall, there is no safe alternative
Good Luck
EDIT: damn Tedob1 I type too slow.............shouldn't have gone for that coffee half way through either..............but it is 0.600hrs here.
-
February 17th, 2004, 07:35 AM
#13
Senior Member
Many a times the sysadmin guys create a standby account.. which would not be even known to the end user.... (All the more as ur aunt is computer illeterate)....
The problem of computer resarting every 15 minutes is plainly because of a virus which was very active few months back....
I suggest instead of getting too very excited about the complete issue try updating her antivirus program and remove the virus... then monitor the comp behaviour.. if it still behaves erratically.... u have to make a choice.. do u want to store the evidience and try to catch the culprit...
Or if ur aunt really does not have much of data on her PC.... recommend that u format and reinstall the OS that would be fairly simple and less time consuming.. believe me forsensics needs lot of time and patience....
****** Any man who knows all the answers most likely misunderstood the questions *****
-
February 17th, 2004, 08:11 AM
#14
Anjali,
I think we have two separate problems here. The switching off bit sounds like you have said, a known virus. After all what hacker is going to "own" a machine then put something on it that cuts him off every 15 minutes
I don't think that there are any "sysadmins" involved...........he is going over to see her........all her accounts have admin rights?
You are right about forensics, particularly if the hacker is any good. Reporting it to the Authorities is easy and covers you if the hacker has used your machine for criminal activities.
Cheers
-
February 17th, 2004, 10:39 AM
#15
Senior Member
Nihil.... out of curiosoty tell me who all are the authorities to whom you can report such an incident..... Do we have any global authority for the same ?
Is it country based.... Frankly in the country where I stay.. i.e INDIA I am atleast not aware of such authorities.. so can we register our complain with an international organization or something like that....
Coz.. what you said is very true.... But I guess if it is based only on law governing authorities of country.... then users who are in countries which does not have such forums are at loss in event of our PC's being used to launch such attacks.....
****** Any man who knows all the answers most likely misunderstood the questions *****
-
February 17th, 2004, 06:39 PM
#16
Re: My aunt has been hacked and..
Originally posted here by Raion
Ok, I was at my grandmothers house today and my aunt was there
--- When it starts out like this you know its STORY TIME... 
Originally posted here by Raion
Well, the hacker first started out by when ever she would connect to the internet (through a dial-up modem)
--- So you know it is a HACKER (This hacker must have a lot of time on his/her hands to wait for your Aunt to sign on via DIal-Up.
Originally posted here by Raion
So I wanted to know what you people think I should do besides what I have mentioned.
--- I think you should do a quick virus scan, update the patches, delete the mysterious account, run some ad-ware/spyware program, and install a small firewall. I also suggest a nice course in explaining situations without the whole story line...
-
February 17th, 2004, 06:57 PM
#17
They will probably do nothing, but as you have filed a report it covers your a$$
I was reading a post where someone had posted over a year ago. He actually heard back with a generic sender thing. seems it autoresponds saying we can't do anything. that ISP was outside our duristiction at that time.
I personally think us starting our own task force to deal with these issues would be a great idea.
The AO anti Spam/Hackers/Crackers league of Extrordinary l33t super computer guys.
-
February 17th, 2004, 08:01 PM
#18
sounds like MSBLASTER to me, thats why its shutting down ever x number of seconds, get some AV on there and clean it up, then put a firewall on there, ie - sygate,
RPC exploits sound like the thing behind this
i2c
-
February 17th, 2004, 08:38 PM
#19
Interesting idea Mark, but how do we get the American Taxpayer to fund it?
You may get an automated response if it does not fall into the right category.........you will be told who to forward it to. For example a lot of Spam is fraud related, but there are different sorts of frauds..........some belong to the SEC (Securities Exchange Commission) others to the police. In these instances you are probably better off going straight to the IFCC (Internet Fraud Complaint Center), they act as a sort of clearing house and farm them out to the appropriate authority.
Other stuff I send to the FBI and Secret Service. Last one (19th January) got me a reply which said "THIS IS NOT AN AUTOMATED RESPONSE" and signed off by a "Supervisory Special Agent"
Obviously I only send stuff that has crossed US borders, or appears to have a direct impact on US interests.
MSBlaster?............that is odd...........it usually only takes a few minutes, not 15?
Cheers
-
February 19th, 2004, 12:17 AM
#20
Originally posted here by mark_boyle2002
I personally think us starting our own task force to deal with these issues would be a great idea.
The AO anti Spam/Hackers/Crackers league of Extrordinary l33t super computer guys.
Now that would be Something, not only would this place be the PLACE for computer Security, but it would also have an on-line l337 group saving the World, from spammers and any other skiddies that might be lurking in the dark..
Oh yeah love the Avator mark 
cheers
..::front2back::..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
A Developer.com Site
Reply With Quote
