Attempted hack through Wireless?

[otisisbald]

Hello,

I was wondering if somebody on this forum could advise me here? I live in an apartment building with about 10 - 20 other wireless networks in addition to my own visible to my computer's wireless card at any time. I have my own router WEP encrypted and the admin for the wireless is also set up with a password so only I can access it.

My question is: I have noticed at times strange login ID's saved in the login boxes for various web sites I need to login at: email accounts, ebay account, paypal, etc. They all look the same. Here's exactly what will happen:

I will log in at Gmail with my login name, "otisisbald"

a few days later, when logging in again, I notice as I type in "otisisbald" and that term autofills in the login box, I see another term also prefilling which will look like this: "otisbotisbotisbotisb...." It appears as if somehow the first portion of my login ID was typed into the login box repeatedly. If i select that, the password box will then have what appears to be a limitless amount of characters.

I have a similar situation occur with logging into ebay on another of the ID's I use there.

It occured to me that somehow there could be a remote attempt to log in to those accounts through my computer, although as I mentioned my wireless is secure, and I don't have a wireless keyboard so I'm not sure how my computer could have been accessed remotely. I am using an updated version of McAfee antivirus and regularly check for spyware on my computer.

Advice would be much appreciated

[hknetmaster]

First, the autofill terms are memorized by the browser, so if some strange term appears is because someone accidentally tapped it.

Second, WEP is not secure, is better to use WPA. And the admin password can be cracked with bruteforce.

[otisisbald]

Hey thanks very much for posting a response.

So just to confirm, are you saying that the autofill terms in no way could be in there due to some bot on my computer or other remote attempt, through my computer, to log into those various accounts? I am fully sure that i did not type the terms, and this has happened to me on two different laptops I have owned while using this wireless router. Do you think this could be some browser issue where it somehow remembers a series of characters from the log in term?

Again, thanks very much for your assistance.

[hknetmaster]

Yes, I think that may be a browser issue, try to update your browser. And clear the autofill terms, just to see if they appear again.

But it is also possible you have a bot/worm in your computers that is trying to use your browser to access your accounts, but if this happens you will see some strange process and network activity.

[phishphreek]

Enable auditing on your workstations and keep an eye out for unauthorized login attempts. Be sure to password protect your user accounts. I also recommend that you change your passwords to passphrases. Use different passphrases for your computer login than your online accounts. Its also wise to use different passphrases for each online account. I know this can be a bit of a pain to remember all those passphrases, but I've managed to come up with a scheme that relates to the specific service or site.

See the following link with more information on auditing security events.
http://www.microsoft.com/resources/d....mspx?mfr=true

See the following link with more information on passwords best practices.
http://technet2.microsoft.com/Window....mspx?mfr=true

As mentioned above, WEP is insecure and can be cracked in under 1 minute. http://www.schneier.com/blog/archive...ng_wep_in.html

Switch to WPA and and enable MAC filtering.

[otisisbald]

hknetmaster, do you know how I could try to detect the bot of the type you mentioned? I have run all major updated anti virus and spyware and my computer is clean according to them.

Also, re: the bot. Is it possible for hte computer to become remotely controlled by a bot or other type automated program purely through the wireless? Assuming i did not actually download a virus, I'm not sure how this could be possible. It does occur to me that somebody could track my keystrokes through the wireless, and then on a remote computer attempt to log in to my accounts, but I can't see how a bot could actually try to access my accounts from the web browser on my computer via my wireless. That would mean that the bot is accessing my computer through a similar signal as the one that comes from my router with the internet, correct? I wasn't aware that was possible, but I'd be grateful if you could enlighten me as to how this works

Thanks again you are very helpful

[hknetmaster]

The best way to detect the bot is to enable auditing as phishphreek said. And see if there is some program(bot) trying to use the browser.
As I said before WEP is not secure, and is possible that someone has access to your network and infected your computer with the bot and/or manipulate the data between your computer and the Internet.
I don´t understand the last part. But I think the bot is a program in your computer that simulates a person interacting with the browser, with the objective of accessing accounts that have the password memorized in the browser.

[Ghost_25inf]

Spybot or AdAware are two of the most common spyware detectors. Use these to verify that all is good. What Antivirus are you using? Dont use easy to guess passwords for your Access Point and the Default password is worse. too many people use the default linksys Admin Admin and thats where they go wrong. Turn off file sharing and make sure your firewall is up and running. Turning off your PC at night is also a good idea. Saves you on the electric bill and keeps crackers out of your computer. On the wireless side remove the SSID so that it is undetected. There is a log you can use to see what computers are connected to the network. once you know what computers are connected get that persons MAC address and block him. there are also access restrictions times you can set on the wireless router so they cant connect after a certain time. There are alot of other things you can do but this information sould be enough to keep the basic war driver at bay or at least frustrated enough to move on.

[e><ius]

WEP is 64-bit right? and WPA is 128-bit?

what kinda system can crack a 64-bit key in under 1min?

once a cracker gets the key, he can access the network. he has time to crack the admin pw for router to delete logs and change settings. but how can he dig out other connected computers' pws? i know he could see the computer names listed in the router, but where will he obtain win usernames and bruteforce pw? usually when you try to connect to a comp via \\computername it just says" not authorized," w/o a username and pw prompt.

[hknetmaster]

WEP is 64-bit right? and WPA is 128-bit?

WEP is 64 or 128 bit.

what kinda system can crack a 64-bit key in under 1min?

I don´t know if its possible to crack WEP in 1min, because this would need a lot of packets to be captured in 1min. But is possible to crack WEP in 10min.

but where will he obtain win usernames and bruteforce pw? usually when you try to connect to a comp via \\computername it just says" not authorized," w/o a username and pw prompt.

To login the computer must have shares enabled and don´t have firewall blocking netbios ports.