-
January 30th, 2002, 10:52 PM
#1
Junior Member
A friend's mac was hacked
Recently, my friend's mac was hacked. The attack was pretty malicious in my opinion. My friend is on a Mac OS9 and she connects to AOHell with her cable modem. The cracker was signed on to her AOL account and IMing her friends. My friend also has a dot com and the person logged in as her was asking me and a few other people for "the addresses and passwords" to her site. This person also collected personal info about my freind by reading her saved emails and files on her computer and emailed all this to freinds and family members. Now cousins know all about her sex life, financial situation, etc. Oh the person was also passing out her car's plate number and street address. Totally not cool.
During the evening that the hacker type person was IMing with her friends, one person got the cracker to visit her website. The stats gave the IP number. It traced back to the cable provider my friend has. Once the hacker was gone and my friend was signed on, I checked her IP and it was identical. That's why I think they were actually in her computer somehow.
Anyway, my friend keeps changing her password, but the hacker keeps getting it. The other day my friend told me that prior to this incedent she would go to sign on AOL and it wouldn't allow her to because "her account was already in use".
I tried to get my friend to download a firewall, but she would tell me she was too afraid to download anything and that she wanted to wait till she could buy one at a store. Right now she is out of town. Her AOL is safe I'm sure because she was able to change her passwords on a different computer.
You all are the security pros. Do you think there is a trojan, keylogger, or something? Does a mac keep any kind of activity logs? I'd love to find out who they are. If there is a trojan or something like that, is there a way to read the code and see where the info is being sent?
Thanks
-
January 30th, 2002, 11:15 PM
#2
-
January 31st, 2002, 07:45 PM
#3
Junior Member
Thanks for the reply Ratman! The box probably will get reformatted even if we can find the nastyware. Who knows, the code kiddie might have added a more nasty stuff after gaining access.
-
January 31st, 2002, 08:01 PM
#4
Yes Ratman is right it is a trojan or a keylogger. She must have downloaded a file that was binded with a trojan and everytime she presses a key while on-line the SCRIPT KIDDY GETS IT! Tell your friend to get nortons virus software 2002 and for security get nortons firewall 2002 internet security!NOT (ZONEALARM) The SCRIPT KIDDY PROBED THE SYSTEM AND, AFTER GATHERING INFORMATION ABOUT WEAKNESSES IN HER DEFENSE , HE JUST REMEMBERED THE IP NUMBER! OR MAYBE HE DID A CABLE-MODEM HIJACK
Anyway, my friend keeps changing her password, but the hacker keeps getting it. The other day my friend told me that prior to this incedent she would go to sign on AOL and it wouldn't allow her to because "her account was already in use".
-
January 31st, 2002, 08:15 PM
#5
Junior Member
its just a stupid pass word stealer look on aol 4 a remover itz only going to steal her aol pass nothing bad
-
January 31st, 2002, 08:37 PM
#6
Junior Member
Originally posted by I am a cracker
The SCRIPT KIDDY PROBED THE SYSTEM AND, AFTER GATHERING INFORMATION ABOUT WEAKNESSES IN HER DEFENSE , HE JUST REMEMBERED THE IP NUMBER! OR MAYBE HE DID A CABLE-MODEM HIJACK
How would I be able to tell the difference between the cable-modem hijack and a trojan/key logger?
Thanks
-
January 31st, 2002, 08:42 PM
#7
It does sound like some kind of password stealer, or trojan but if you can't find anything, here is something else I have heard of.
I had a few friends that were into this malicious stuff back in the day. This one may not apply to you, but it is a technique I have heard was used. The victim used AOL, and AIM under the same screen name. I forget how the cracker did it, but somehow they got ahold of the person's AIM account. They changed the person's AIM e-mail address from the AOL one to there e-mail. Then whenever the victim changed their password, the cracker would simply request the password from the web site, and it would get sent to his e-mail.
An Ounce of Prevention is Worth a Pound of Cure...
-
February 1st, 2002, 05:33 PM
#8
Junior Member
itz just a pws just d/l a cleaner itz prob smile no one on aol is going to hijack her modem or enthign else ppl on aol have been using pws to get paswords 4 the longest itz either netbus sub7 or a home made pws nothing else also check her sent mail
-
February 18th, 2002, 04:02 AM
#9
trojan
keep that computer off the internet and scan it for everything possible. That's just my advice?
-
February 18th, 2002, 04:17 AM
#10
i can give u something that will give the kiddie a taste of their own medicine
this pill will be tough for the hacker to swallow and mabey he wont wnna do anything else like that again
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|