Security Incidents mailing list archives
RE: I think I've been hacked...please help!
From: H C <keydet89 () yahoo com>
Date: Tue, 9 Apr 2002 11:04:59 -0700 (PDT)
I would suggest this is a custom made trojan that is connecting to an irc server when a RAS connection is detected.
What are you basing this on? The information provided so far by the OP has been vague and sketchy at best...hardly what one would call even moderately effective incident response.
Try using MSConfig to see if anything unusual is working, also try installing zone alarm for a check at what is accessing the network from that machine - available from www.zonelabs.com If someone is using a trojan it will be picked up using zone alarm even if it is custome made. Hope my info helps...
There are other, perhaps even more effective methods for gathering the same information. For example, running fport (and piping the output through netcat) doesn't require a full software installation (ZoneAlarm does)...which will contaminate any potential evidence. There are other tools...which I've listed and sent to the OP...that can be run similarly. BTW, I checked out your site...cool graphics. Aside from rampant misspellings, it's not half bad. __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- I think I've been hacked...please help! Joe Warner (Mar 31)
- Re: I think I've been hacked...please help! Ryan Russell (Apr 01)
- Re: I think I've been hacked...please help! Crist J. Clark (Apr 01)
- Re: I think I've been hacked...please help! Hugo van der Kooij (Apr 01)
- Message not available
- Re: I think I've been hacked...please help! Joe Warner (Apr 01)
- <Possible follow-ups>
- RE: I think I've been hacked...please help! Arnold, Jamie (Apr 08)
- RE: I think I've been hacked...please help! H C (Apr 09)
- RE: I think I've been hacked...please help! Pepijn Vissers (Apr 09)
- RE: I think I've been hacked...please help! KoRe MeLtDoWn (Apr 09)
- RE: I think I've been hacked...please help! H C (Apr 09)
- RE: I think I've been hacked...please help! Arnold, Jamie (Apr 09)
- RE: I think I've been hacked...please help! H C (Apr 09)