Recently, my friend's mac was hacked. The attack was pretty malicious in my opinion. My friend is on a Mac OS9 and she connects to AOHell with her cable modem. The cracker was signed on to her AOL account and IMing her friends. My friend also has a dot com and the person logged in as her was asking me and a few other people for "the addresses and passwords" to her site. This person also collected personal info about my freind by reading her saved emails and files on her computer and emailed all this to freinds and family members. Now cousins know all about her sex life, financial situation, etc. Oh the person was also passing out her car's plate number and street address. Totally not cool.

During the evening that the hacker type person was IMing with her friends, one person got the cracker to visit her website. The stats gave the IP number. It traced back to the cable provider my friend has. Once the hacker was gone and my friend was signed on, I checked her IP and it was identical. That's why I think they were actually in her computer somehow.

Anyway, my friend keeps changing her password, but the hacker keeps getting it. The other day my friend told me that prior to this incedent she would go to sign on AOL and it wouldn't allow her to because "her account was already in use".

I tried to get my friend to download a firewall, but she would tell me she was too afraid to download anything and that she wanted to wait till she could buy one at a store. Right now she is out of town. Her AOL is safe I'm sure because she was able to change her passwords on a different computer.

You all are the security pros. Do you think there is a trojan, keylogger, or something? Does a mac keep any kind of activity logs? I'd love to find out who they are. If there is a trojan or something like that, is there a way to read the code and see where the info is being sent?

Thanks