|
Help please with identity hijacking
Hello folks...
I was wondering if anyone could possibly tell me how someone could have discovered not only the passwords to numerous hotmail accounts when some of them are not only unknown to anyone other than me and when all are unrelated to one another... used in separate identities in Outlook express? Also if possible is there anyway that I could connect to a ip address (of the suspected hijacker)? I know the IP address as they have sent me an email from one of my accounts.. I have sent numerous emails to Hotmail without any assistance.. Thanks.. |
If you have their IP number you need to contact the ISP that handles that IP number. There will be a way to report it to the abuse dept. Thatmay be a long shot but about the only one I would attempt.
You will want to do a through scan of your system to check for trojans, viruses and spyware. It is possible there may be a "keylogger" on your system. Thanks Dudelive |
Yep, I am thinking a keylogger may be there also - you should maybe also back up your critical data then wipe the box; reformat and reinstall :(
/JD |
Contact hotmail and tell them you want to cancell your accounts, tell them that the accounts have been hijacked and that you can no longer access them. If all goes well a hotmail technician will contact you and you can arrange to have the passwords changed. Worked for me a few months back when a trojan slipped through the defenses- they even posted messages on this forum. Thats the quickest way to get them to help you :)
Get a decent virus scanner and firewall- you can download free trials from most of the big name virus hunters now. Install the firewall and antivirus, use the firewall to kill all traffic and after the antivirus has been updated then run a scan. you can choose to allow only certain applications acess to the internet- start with just internet explorer and check the list of services running in Taskmanager by googleing for them- if anything is suspicious then kill it. Don't take any ilegal actionagainst the IP addy you have found- it could be a proxy or dynamic IP in wich case it's you that will be up sh*t creek without a paddle. As mentioned above contact the ISP and provide them with all the details you have- a copy of the email sent to you showing the full headers will help. If all else fails the it's time to wipe the box and start againjust remember to back up only the critical information. It's best if you compress all the files you back up, that way you can scan them for trojans/worms/virus's before you restore them. And the most important thing are: Don't open anything you get sent to you in an email before you scan it with AV Block any suspicious net traffic Get an Antivirus and prefferably an Internet security suite that contains a firewall. Good luck! |
As was stated you most assuredly need a firewall that will ASK do you want this app to access the net or sometimes will only ask if it can contact a certian IP address and depending on which one and the way your system is secured as to allow or not.
If you follow what DoG stated you will be in good shape to start with. Above all do NOT destroy all files with formatting till you find the source of the problem. If you don't find the source it just may be back. Go slow and think things through and ask questions. Good Luck Thanks Dudelive |
Thank you all for your advice... Microsoft has finally got back to me and it looks like i will likely get my email back... As for keylogging? Can someone send a trojan to my IP address or gain access through my an IP portal??
|
There are many ways for that exact thing to happen. The most likely is you accidently downloaded something that had it inside. Warez sites are very famous for these things happening when downloading compressed files. The other way involves port scanners which act as tattle tales reporting back to the owner letting the owner know it found a certain type of port number at a specified location to be open.
There are several methods in which you can use to secure your system. The first thing you need is a firewall that will report what is going OUT from your computer while at the same time letting you know what is trying to come in. The methods that work for me may not work for you, depemnding on your setup. Thanks Dudelive |
Ok... I retrieved the hijacked email account with Microsofts help. A few days before that I recieved an email from this person that at least gave me an impression of how and why they would be interested in attacking my personal information..
The situation... Armed with only an IP address from one email that was sent to this person (from a Yahoo account not using O.E), this person was able to figure out my wifes email address and content on O.E., my personal email address and content in separate XP login using O.E. and a very, very personal email and content using O.E. but using a separate O.E. identity with a O.E. password to access it? So three emails, within three very distinct separate places on my computer?? All from I assume from an IP addy in my original Yahoo email sent to this person ? First off...does this sound possible? with IP keyloggers?, or am I dreaming? If its possible how do I find a IP keylogger??, and prevent it when i'm using a software and hardware based firewall. What is the name of such a keylogger? Any explaination would be greatly appreciated? |
@XPatriot:
A quick Q: How do you connect to the internet ? Wired ? Wireless ? Dialup ? |
Adsl wireless/wired..started using it in Oct, 2004, before that ADSL only.
As an update I have been able to better identify the offending person, but I'm still confused as to their ability to find out so much with just my IP address. I sent an email to this person back in January of 2004 with my Yahoo account (I know this because they sent me a copy of that a few weeks ago from their hotmail acount, luckily with an Telus IP address attached). I'm positive I didn't open up any attachments from them via that account, in fact I don't remember sending them or recieving another email after that one, and their is zero chance that this person knew my id, my wife, from one anonymous email from my yahoo account. The absolute only way I can think of that this person was able to find out so much about our email usage was via a keylogger of sorts, I scoured the internet and no such luck. I've been able to convince my IP provider to send them a "Stop harrassment" notice. I don't know if that will put an end to the hassles, or the know hassles. It doesn't mean that they can't keep attempting to guess at my passwords on the accounts that she/he is aware of. Does anyone know of an IP keylogger?, such as I've suspected? I can't seem to find anything. |
|
Quote:
You don't need to "lsten" directely to the computer, as long as you have access to parts of the network involved. A wiretap, or wireless listening (with unencrypted or weakly encrypted wireless) will reveal the passwords used when checking the e-mail. And as a "side effect" also your username... so it's all available to be stolen. More on the subject. |
Hello again and thanks,
I've did the research via Google on keylogging and only found programs that you would have to open (via email attachments) for them to work and send info to their users. I've read the info on packet sniffers (thanks btw) and it seems to be a local network spy concept. I can assure you that this person found out this information about me before I started using a wireless router, and even so he/she was never connected to my network...since a promiscuous sniffer as you know can only sniff the data traffic being shared on its local network segment...the offending person does not live in my house.. About keyloggers via email attachements; I mentioned earlier that I only sent one email to this person, they only sent one back. It was to my Yahoo account and the only thing that they would have recieved from that is an IP address...I only used that email address a few times and the communication with this person was to an unknown person and the original conversation was solicited by me... Ok then, If keyloggers need the host computer to have the Keylogger running on it, and would have had to been executed by me (which I know it wasn't)then a Keylogger is out of the question, and if packet sniffers only work on local networks then that too is out of the question??? Am I wrong?? |
Go here first and read:
http://www.betaone.net/forum/article.php?a=3 If you have not always been using a firewall that rerports which apps are trying to connect to the internet, then you may have had a keylogger and trojan combination for quite sometime and never knew it. At the same time you need to have been scanning your system for such nasties as those all along. Just scanning with a virus scanner is not enough anymore as new ones are made daily just to get around someones security programs. All that you can do now since that all mail is back to normal is clean all computers of all bad things there. This is what I would do....... 1 Format all computers there by writing 1's and 0's to the drive, check the drive makers direction as to the correct way for each type of drive. 2 Get a firewall that will tell you when an app is connecting out. 3 Get a trojan scanner that will have constant updates 4 A scanner for malware, example...AdAware and there are others Now that you have a machine with all of the above plus other protection that others here can name, connect the computer to the internet just long enough to get all the things installed from GOOD sources and updated. Then disconnect from the internet. Then spend several hours scanning your previous backups as well as ALL programs you may have burnt to cd or dvd as a backup....be sure to scan these for problems. When all cd's are scanned you can then install to the other computers. Watch the firewall and when a program ask for a connection be sure you know what the program is first before allowing it. If you have a router there is a log file in there that will tell about incoming and out going connections. Thanks Dudelive |
| All times are GMT +1. The time now is 05:19 AM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.