Hello, before I go on I must point out that my knowledge of computers is minimal.

I am a little worried that my computer has been hacked into. My reasons for this revolves around some info on my computer getting out; this could just be a coincidence but I don't know.

The most likely way this info may have gone out is over Yahoo messenger. I have an old friend who moved abroard about a year ago and keeping in touch via messenger works well. How easy is it to eves drop on ones conversation over this medium? I believe that the intruder would have to know passwords, ID's and secret questions, but if they gained access to my computer then surely all this would follow as this all happens automatically for me. Again, this is all theory and I can not back it up. If this has happened then how long would it take and could it be done by knowing only my hotmail address??

I suppose that at the end of the day someone has to really want to eves drop on you and go to quite a bit of trouble to do this.

Any advice much appreciated,

LE.

lone eagle

So you think someone has managed to eavesdrop on conversations you've had using Yahoo messenger?

First of all this is rather unlikely but not impossible. It certainly wouldn't be easy for the average PC user. Does anyone else have physical access to your PC - i.e. can they sit down and install software on it?

The easiest method I can think of would be to install a piece of software that records all your keystrokes after startup. Installing something like this remotely is not easy - doing it if you have physical access to the PC is easy.

I don't see how knowing your hotmail address would be all that much help. If someone wanted to hack into your PC in particular they'd need to know your IP address which would change every time you establish a dial-up connection (assuming you're using a modem).

Hi. Sorry to hear about your concerns. There is a chance that a hacker has been in your pc and had a little look around. Its getting quite popular now is hacking If a hacker has entered your pc then there is a good chance that he/she has left you a nice little present lurking around on your hard drive. This present can be a virus or some dodgy pictures or something like that. Hackers just dont hack in to just look at your hard drive or folders, unless they are after something from you. If you are high up in a big corporate company or something like that, then maybe you would be a target for someone, but if your just an ordinary pc user like most of us here then i wouldn't really worry too much. Your Yahoo messenger is open to abuse, the best one is the microsoft one as this has been revamped recently and has some good security added into it. Keep well away from ICQ. That's just the worst for hackers getting access to your pc. I recommend a nice bit of software called Zone alarm pro. Have a look at the website and download it. It tells you everytime someone attempts to hack into your pc. You will be amazed how often someone attempts to hack you.

Thanks for the reply's. Knowone has access to my computer except me, therefore I am concerned only with someone entering from outside.

I will give you a little more background to my situation: I checked my hotmail last wednesday night and found two Emails from an old friend who was going to help me with a problem that I have. I then (one of these mails still selected) receive a yahoo message from another friend who lives abroard. I then start chatting to him about the Email I have just received, and it is here that I suspect that infomation changed hands.

I know the chances are small but I am concerned that someone has violated my privacy.

LE.

<lots snipped>

I recommend a nice bit of software called Zone alarm pro. Have a look at the website and download it. It tells you everytime someone attempts to hack into your pc. You will be amazed how often someone attempts to hack you.



Zone alarm is good, but tone down the language BRL - you sound like the Daily Mail ;)

Zone alarm is not picking up people trying to 'hack into your pc' - what it is picking up are port scans aimed at a range of IP addresses, one of which corresponds to your computer. Roughly equivalent to ringing a range of phone numbers and seeing if someone answers - or if the line is engaged, or the number is unobtainable.

Any answer indicates a computer is present at that IP address, and that address may be logged for further investigation. All that Zone Alarm is telling you is that someone tried to port scan you - and it may not spot them all, because there are a number of port scans that intentionally mangle the TCP packets to make a scan harder to spot. I'd almost say that anything that a home firewall does detect doesn't represent a serious attack, just a kiddie playing with nmap, because anyone knowledgeable will be more careful.

Most commonly these scans are looking for active ports used by trojans - SubSeven being the one that my firewall is picking up most at the moment. This is software that you have installed yourself, thinking that it was something else. Remember that 'Brittney Spears Screensaver' e-mail that didn't seem to do anything when you ran it... ;) Some of these trojans do allow access to your PC - they are not nice. However, that's as sophisticated as most of these 'hacks' are. No active port on your PC, no further interest.

Assuming for a moment that the scan is the precursor to a real hack attempt, rather than some kiddie playing with SubSeven, then anyone interested in your computer will then start scanning every port on your computer. Your firewall should go ape at this point - assuming that it is smarter than the hacker, which for a home user may not be true. They will be looking for ports opened by clasically-hackable servers like netbios, telnet, ftp, http and the like, which can - with some skill - be hacked through. However, very few home users should be running these services - for example, try typing 'telnet 127.0.0.1' in a dos prompt. Try ftp. Unless you're running something like NT server, then they are only there if you've set them up yourself. In that case you should know the risks... :)

Most common reason to hack a DSL'd home user at the moment is not to put dodgy pictures on your hard disk, but to install a program that, when activated remotely, will blast TCP crap at a given address (However, like the remote-access code installed by SubSeven et al., this is more easily done via trojan, rather than directly). One computer doing this isn't significant, but get hundreds and you have the makings of a Distributed Denial-of-Service (DDoS) attack - take a look at grc.com for more on this game.

To finish this essay :), the best protection is just to make things difficult - because most people do not do this. Why take time and effort to hack Mr. BRL's ZoneAlarmed PC, when Joe Sixpack on the next IP address is wide open and leaking netbios information to the world...?

So lets get this clear - you think that the person who sent the email messages to your Hotmail address somehow eavesdropped on your Yahoo messenger conversation with someone else???

Well, the most likely scenario is that the person you were not chatting with the person you thought you were chatting with on Yahoo messenger.

If I knew someone's Yahoo messenger (or MSN messenger) password I could log onto the system from anywhere in the world and pretend to be them in order to get information from a third-party. Alternatively, I could simply create a new screen name that was very similar to someone that this third-party trusted and hope that they don't notice!

Hi,
I am running the most up to date version of ZAPro, in its configuration it has an option to notify me of all port scans attempted or only those that it deems as serious attempts to hack, (about ten a day+).

How would it know the difference please?

(slight edit for clarity)

A 'serious' attempt to hack will scan a range of ports on your machine to determine which ports are open and therefore what the attack options are (and to try and gain information about the software listening on these ports - e.g. the software version), whereas a sweep across a range of IP addresses will generally focus on a single port on each machine just to see if something is active - this is not a what I'd call a 'serious' attempt.

A firewall should therefore always go into overdrive if a range of ports are scanned from the same IP address - for example, one of mine (on a moderately sensitive machine) is set up to dump the internet connection if this happens. Receiving a number of 'broken' TCP packets in a short time (which could correspond a stealthed scan) can also trigger this response - even if the IP address is different on each packet, as the IP address can easily be spoofed.

A firewall will normally log any port scan (unless told not to), and will also issue an alert if it corresponds to a known danger. For example, a scan on port 7215 corresponds to a port number that SubSeven is known to listen on, and this will probably trigger an alert - I suspect that ZoneAlarm is referring to this kind of activity as a 'serious' attempt, as even if you are running a server there is no innocent reason for trying to connect to this port (whereas an attempt to connect on ports 23 or 80 could be perfectly innocent). It's very unlikely that you are getting 10+ of what I'm calling a 'serious' attack each day.

If you're interested, go and get nmap (http://www.insecure.org/nmap/) and set it up on your home network. Try scanning your firewalled machine yourself (pointing nmap at the IP address 127.0.0.1 will work fine), and have a play with some of the stealth-scan options (turning the firewall off is also useful, as it tells you what services your computer is offering to the outside world) - this is by far the best way of finding out what your firewall can really do. BTW, this is a similar, but much more thorough, version of what GRC.COM offer.

Well, I could just be over-reacting but I have installed Zone Alarm Pro on my PC just incase.

Stagger- the yahoo messenger is just one avenue I am exploring at the moment, but it seems strange that infomation that I posted there (in a private chat room) got out. In addition, I am certain that I was speaking to my old friend and not an imposter.

Is there any link between a secure conection on Hotmail and yahoo messenger? I presume that if someone wanted to gain access to my messenger they would 1. have to know I have it and 2. have it themselves.

As strange as this may sound, is there any chance that the yahoo messenger could have posted it'self (or my chat at the time) to someone in my hotmail address book. As I said before, I received two Emails from an old friend (who was in my address book) and while one of these messages was still selected ie. still connected to my Hotmail account. I then get paged on messenger and have a conversation. Could the two systems somehow interact?

Stupid questions I know, but I am a little nervous about the whole situation.

LE.

Well, I could just be over-reacting but I have installed Zone Alarm Pro on my PC just incase.


Not at all - everyone should run a firewall. Just keep it up to date :)

Can't help with the IM query - never use it.

It's also worth trying to understand a little about what we are dealing with when I'm talking about port scans and stealthed port scans - anyone interested should take a look Here (http://www.insecure.org/nmap/nmap_doc.html).

Don't try this at home, folks... :)

Afternoon All,

I stumbled across this thread and couldn't help noticing how similar it was to some of the stuff that I come across in my work life.

It's very possible that a virus called W32.Klez has infected your system. What this virus does is send mail from your machine to people in your address book. It does this without you knowing and picks a file from your PC to send. It sends the message out to someone in your address book and tells them that it has come from somebody else (also someone from your address book) This could account for how someone else got hold of a copy of your information.

Its unlikely to be Yahoo instant messenger related as whilst those systems are never the most secure things in the world i've never actually come across an incident like you describe. The only link is probably that of your friends email address being in your address book.

Its just a thought.

Ok, I have had a look for that virus on my computer and can find no trace of it. If it is here, and hidden, then what would it do if there was only one name in the address book?

Thanks Evo, will download and watch!
Cheers, Ghengis.

lone eagle...one question, are you using the genuine messenger program or are you by any chance using Trillian....

Yes, I have been using the genuine messenger program, is this significant?