You might want to check this out (Here) , its an 'add-in' for MSN Messenger and has some logging features in it. Might be worth a look.
Printable View
You might want to check this out (Here) , its an 'add-in' for MSN Messenger and has some logging features in it. Might be worth a look.
actually there are so many ways of taking out sensitive info from the company... if you hv successfully block the msn messenger, the 'user' may just copy them onto a cd or diskette and walk out....
"trust" and "integrity" is difficult to control...
ternimating them is one option... knowing how the 'user' gotten hold of such info is important as it will allow you to how info within a company is kept.
good luck in getting the evidents.
rgds
de
one way is by physically securing the network.. which means having survalance cameras around and a Network Admin room with a HUGE one way tinted glass that can see most of what is going on in the room..
another is by using the logs.. notice what time and day he usually sends the files...
from there.. install a packet sniffer on your Proxy server.. once u notice he/she is starting to do his/her dirty work.. switch on ur sniffer and see which computer he/she is using through ur cameras and your HUGE window.. and lock on that IP address....
OR... link Hyper Terminal Server to the MSN messenger link so that once he/she launces the MSN messenger Hyper Terminal launches too and you can see what he/she is doing in his/her computer and u can litteraly stop him/her considering Hyper Terminal gives u full control over that computer..
BTW Hyper Terminal is not a trojan horse.. its a LEGAL Network Administration tool... :)
rerout the network to a nic on the administration computer the install another nic that attaches to the router, use a packet sniffer to pick up any information being picked up. Keep an eye on the email going in and out. If you find any "bad" email being sent. Trace it back to the IP of the computer and bust his ass. Granted it's not the best approach as going thru log files sucks serious ass.
that's nice it means that you can almost
do an attack against all microsoft product...
;)
agree with others...just install a packet sniff...ethereal is free and works great...just snap up all the packets when you think bud is doin the deed...
goin thru logs suckz but ethereal can filter by computer name so you can filter and reassemble the whole session...still some crap to wade thru but it is all there...
btw ethereal doesn't trigger av and you can install it on any box on the lan...
if yer in win2k course you could always set up an acl for the messenger dir on all yer boxes...
without explicit permissions..yer user is SOL...
this sort of thing has been going on for years. knowing microsoft the person was probably instructed to get their hands on the data. :cool:
I don't know a quick 'n' dirty solution but there are a couple of things, if you can prove it, if you've been asked to do something by management request and if your company has policies in place.
1. cut the person off from Internet access. If their job requires email, send it through an internal forwarder.
2. remove messenger from the system, or replace with a non-functional executable run your own Messenger server from an Exchange email installation (trial versions of Exchange can be ordered from MS for $10 and include the messenging and conferencing component so that companies can use Messenger internally and therefore relatively securely.)
3. use the developer kit and Messenger APIs to send a copy of all useage to a different storage device (there are other ways to reroute and capture all info tranferred on your wires that aren't Messenger specific ... but those are obvious with minimal research and so I'll leave that avenue for your own explorations .... hint: look in tutorials and downloads)
(developer link for Messenger is http://msdn.microsoft.com/downloads/.../359/topic.xml )
Give us an update when you get it sorted out .... :p
Quote:
Originally posted by dcongram
This is a serious matter, I am asking for assistance.
3. Tried 5 different keyloggers, but A/V keeps picking them up.
I'm not going to be much help for your problem but as far as keyloggers go I've always used Starr and it's never been picked up by any AV software. You can download it HERE. Very user friendly also. Being employed by a Government department we have weekly meetings regarding intellectual property and the price you'll pay for any leaks there of.......
Also, again not much help and a little off topic, but I've just finished reading a book titled "Intrepid" which goes into quite some detail on the "secret" war waged by Winston Churchill during WWII. Industrial espionage played a vital role in Nazi Germanys' downfall....
Find a way to program messenger into AV.