Front Office Football Central  

Go Back   Front Office Football Central > Archives > FOFC Archive
Register FAQ Members List Calendar Mark Forums Read Statistics

Reply
 
Thread Tools
Old 09-19-2008, 10:25 PM   #1
Vince
Pro Starter
 
Join Date: Aug 2001
Location: Willow Glen, CA
Keylogger

So I have good reason to believe that I've been the subject of a keylogger. I am typically pretty anal about what I do and don't download, and I have NoScript installed on my Firefox to make sure that only the things that I want to see are allowed on my computer. Is there any way you guys can think of to trace where I might have picked this thing up from, so I can avoid it happening in the future?
__________________
Every time a Dodger scores a run, an angel has its wings ripped off by a demon, and is forced to tearfully beg the demon to cauterize the wounds.The demon will refuse, and the sobbing angel will lie in a puddle of angel blood and feathers for eternity, wondering why the Dodgers are allowed to score runs.That’s not me talking: that’s science. McCoveyChronicles.com.

Vince is offline   Reply With Quote
Old 09-19-2008, 10:31 PM   #2
wahoomac
Mascot
 
Join Date: Dec 2001
Location: Gainesville
If you found the keylogger, see when it was created. Then try and find other things created around the same time. I had a keylogger once, and I traced it back to a downloaded file (based on timestamps), and I avoided that site from then on. That's about the only thing I can think.
__________________
John "Wahoo" McDaniel
UF Gator FB Fan / UK Wildcat BB Fan
wahoomac is offline   Reply With Quote
Old 09-20-2008, 01:55 AM   #3
Deattribution
College Benchwarmer
 
Join Date: Oct 2003
Yeah, it can be difficult to trace those kind of things. You can look at the folder it was located in for clues, and as wahoomac suggested figure out the date on it. Also sometimes you can google the specific name of it and find out where other people picked it up if it's common.

You want to make sure it's not a false positive if you aren't already sure too. AVG had a false positive on a keylogger a couple weeks back and it was fixed the following day. There are a few sites you can upload the file and have it analyzed by several different scans if you're not sure. (virustotal.com and virusscan.jotti.org are two I can think of).
Deattribution is offline   Reply With Quote
Old 09-20-2008, 04:59 AM   #4
CraigSca
Pro Starter
 
Join Date: Jul 2001
Location: Not Delaware - hurray!
Just for my own edification, what leads you to believe you're the victim of a keylogger? Was it a virus check or something else?
__________________
She loves you, yeah, yeah, yeah, yeah!
She loves you, yeah!
how do you know?
how do you know?

CraigSca is offline   Reply With Quote
Old 09-21-2008, 07:41 PM   #5
Vince
Pro Starter
 
Join Date: Aug 2001
Location: Willow Glen, CA
My World of Warcraft account was hacked. I have no other evidence (I bank online and such, and none of that has been affected), so I think the whole thing was specifically targeted to get my Warcraft account, not anything else.

I have had very little time this week to be online, so I haven't been able to spend much time looking for the source (still haven't found the keylogging program). Thanks for the advice on ways to find out about it though - I'll be searching for programs/files created on or around the same time as this thing.
__________________
Every time a Dodger scores a run, an angel has its wings ripped off by a demon, and is forced to tearfully beg the demon to cauterize the wounds.The demon will refuse, and the sobbing angel will lie in a puddle of angel blood and feathers for eternity, wondering why the Dodgers are allowed to score runs.That’s not me talking: that’s science. McCoveyChronicles.com.
Vince is offline   Reply With Quote
Old 09-22-2008, 06:20 AM   #6
LionsFan10
High School Varsity
 
Join Date: Dec 2000
Location: Detroit, MI, U.S.A
Quote:
Originally Posted by Vince View Post
My World of Warcraft account was hacked. I have no other evidence (I bank online and such, and none of that has been affected), so I think the whole thing was specifically targeted to get my Warcraft account, not anything else.

I have had very little time this week to be online, so I haven't been able to spend much time looking for the source (still haven't found the keylogging program). Thanks for the advice on ways to find out about it though - I'll be searching for programs/files created on or around the same time as this thing.

If it was World of Warcraft that was hacked, it's almost 99% positive that you picked up the keylogger from a downloaded mod. Unless of course, you don't use mods in WoW (though I've never seen a person who doesn't).

Check out which mods you've downloaded/installed recently, and you'll probably find your culprit.
__________________
It's true, it's true.
LionsFan10 is offline   Reply With Quote
Old 09-22-2008, 07:19 AM   #7
Alan T
Hall Of Famer
 
Join Date: Dec 2002
Location: Mass.
Quote:
Originally Posted by Vince View Post
My World of Warcraft account was hacked. I have no other evidence (I bank online and such, and none of that has been affected), so I think the whole thing was specifically targeted to get my Warcraft account, not anything else.

I have had very little time this week to be online, so I haven't been able to spend much time looking for the source (still haven't found the keylogging program). Thanks for the advice on ways to find out about it though - I'll be searching for programs/files created on or around the same time as this thing.


Vince,

If your WoW account was hacked, you probably were the victim of an Iframe vulnerability that currently is out on over 200,000 websites as of the last count. I'm not a WoW player, but I work for a anti-virus software company that had had plenty of internal memos about this.

You should have been protected from this type of attack if you were using firefox with no-script. Go into your no-script options and click on the Plugins tab. About 5 lines down there should be one that says "Forbid IFRAME", see if that is checked or not. I think at one point no-script came default with that unchecked, where it really should be checked.

Most of the online games (WoW, EQ, etc) have been having horrible times with people hacking a popular website, inserting a rogue iframe into the page that shows up as invisible or not-noticable, but that iframe pulls information from another site that then can infect your system if you don't have the latest security patches installed.

Anyhows, I could go on more about this if you want me to, but for now based on what you have said, check that to see if that is what happened to you.
__________________
Couch to ??k - From the couch to a Marathon in roughly 18 months.


Alan T is offline   Reply With Quote
Old 09-27-2008, 01:21 PM   #8
Vince
Pro Starter
 
Join Date: Aug 2001
Location: Willow Glen, CA
Thanks for the heads-up Alan, the Forbid IFrame was indeed unchecked. Now I just have to find the stupid thing that's on my machine. Anyone have any recommendations for anti-virus software, or even a free scan that would do the trick?
__________________
Every time a Dodger scores a run, an angel has its wings ripped off by a demon, and is forced to tearfully beg the demon to cauterize the wounds.The demon will refuse, and the sobbing angel will lie in a puddle of angel blood and feathers for eternity, wondering why the Dodgers are allowed to score runs.That’s not me talking: that’s science. McCoveyChronicles.com.
Vince is offline   Reply With Quote
Old 09-27-2008, 01:54 PM   #9
Alan T
Hall Of Famer
 
Join Date: Dec 2002
Location: Mass.
Quote:
Originally Posted by Vince View Post
Thanks for the heads-up Alan, the Forbid IFrame was indeed unchecked. Now I just have to find the stupid thing that's on my machine. Anyone have any recommendations for anti-virus software, or even a free scan that would do the trick?


If you aren't running anti-virus, you should at least go get one of the free ones that are pretty decent. Some people swear that they hate using anti-virus because it slows down their system, but they stop swearing that the first time they get hit. I think alot of people seem to be happy with free version of AVG (Not the anti-virus company I work for..)

HERE is the Cert warning regarding this issue.. as for fixing it after the fact, I'd have to look into more information on this virus.. I don't personally deal with viruses as part of my job, and I'm not really a computer guy. (I am a network engineer/network security architect) Generally speaking though, you'll want to identify what you were hit with, and follow published procedures to remove the said trojan. A more general approach is to do a full system scan with anti-virus software, as well as getting anti-spyware software to do a full system scan as well and start from there.
__________________
Couch to ??k - From the couch to a Marathon in roughly 18 months.


Alan T is offline   Reply With Quote
Old 09-27-2008, 03:07 PM   #10
Vince
Pro Starter
 
Join Date: Aug 2001
Location: Willow Glen, CA
I actually have no problem purchasing an anti-virus software - I fall under those "stop swearing that the first time they get hit" heading. I just want to make sure it's gone, so I don't have to worry about opening new accounts or using other passwords and such anymore.
__________________
Every time a Dodger scores a run, an angel has its wings ripped off by a demon, and is forced to tearfully beg the demon to cauterize the wounds.The demon will refuse, and the sobbing angel will lie in a puddle of angel blood and feathers for eternity, wondering why the Dodgers are allowed to score runs.That’s not me talking: that’s science. McCoveyChronicles.com.
Vince is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump


All times are GMT -5. The time now is 04:21 AM.



Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.