Hacker

[Shelly]

Hi,
A friend of mine just purchased a new computer with
Windows XP about 60 days ago - last night, he was
checking his email (hotmail), when everything went black
on the screen, then he had dialog come up - Hello, etc....
Basically, it is a hacker, trying to extort him for
$400.00 to leave his computer alone, or he would destroy
the hard drive. My friend first offered $100.00 to have
the person go away and leave him alone, but when that
didn't work and he threatened to take the computer to the
cops, the hacker did what he had threatened and destroyed
the hard drive. My friend can't access any of his files,
etc, on the computer now.
What is the procedure to handle this kind of thing? He
has a current anti-virus program, it never suspected
anything. My friend will now have to purchase a new hard
drive and reload his programs, etc, but what can he do to
prevent this from happening again? I suspect the hacker
found him by his email address, and will attempt to mess
with him again. He thinks the hacker has had his fun
with him and will not bother him any longer for fear of
being discovered somehow. I am also worried that this
kind of thing can and will happen to my home computer and
my other friends! Is there a specific place to go,
Federal or otherwise, to handle this kind of thing? What
are the chances of it happening to him again? Or to me
on my computer? Any advise would be appreciated!

 

[Carey Frisch [MVP]]

Windows XP Security Checklist
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

How can I harden my computer or server to secure it from hackers?
http://securityadmin.info/faq4.asp#harden

To secure your computer and prevent future security breeches,
consider installing a first-rate internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------


| Hi,
| A friend of mine just purchased a new computer with
| Windows XP about 60 days ago - last night, he was
| checking his email (hotmail), when everything went black
| on the screen, then he had dialog come up - Hello, etc....
| Basically, it is a hacker, trying to extort him for
| $400.00 to leave his computer alone, or he would destroy
| the hard drive. My friend first offered $100.00 to have
| the person go away and leave him alone, but when that
| didn't work and he threatened to take the computer to the
| cops, the hacker did what he had threatened and destroyed
| the hard drive. My friend can't access any of his files,
| etc, on the computer now.
| What is the procedure to handle this kind of thing? He
| has a current anti-virus program, it never suspected
| anything. My friend will now have to purchase a new hard
| drive and reload his programs, etc, but what can he do to
| prevent this from happening again? I suspect the hacker
| found him by his email address, and will attempt to mess
| with him again. He thinks the hacker has had his fun
| with him and will not bother him any longer for fear of
| being discovered somehow. I am also worried that this
| kind of thing can and will happen to my home computer and
| my other friends! Is there a specific place to go,
| Federal or otherwise, to handle this kind of thing? What
| are the chances of it happening to him again? Or to me
| on my computer? Any advise would be appreciated!

 

[Shenan Stanley]

A friend of mine just purchased a new computer with
Windows XP about 60 days ago - last night, he was
checking his email (hotmail), when everything went black
on the screen, then he had dialog come up - Hello, etc....
Basically, it is a hacker, trying to extort him for
$400.00 to leave his computer alone, or he would destroy
the hard drive. My friend first offered $100.00 to have
the person go away and leave him alone, but when that
didn't work and he threatened to take the computer to the
cops, the hacker did what he had threatened and destroyed
the hard drive. My friend can't access any of his files,
etc, on the computer now.
What is the procedure to handle this kind of thing? He
has a current anti-virus program, it never suspected
anything. My friend will now have to purchase a new hard
drive and reload his programs, etc, but what can he do to
prevent this from happening again? I suspect the hacker
found him by his email address, and will attempt to mess
with him again. He thinks the hacker has had his fun
with him and will not bother him any longer for fear of
being discovered somehow. I am also worried that this
kind of thing can and will happen to my home computer and
my other friends! Is there a specific place to go,
Federal or otherwise, to handle this kind of thing? What
are the chances of it happening to him again? Or to me
on my computer? Any advise would be appreciated!

Your friend is being played the fool.
Do a repair installation on the computer:
http://www.microsoft.com/windowsxp/expertzone/tips/dougknox/doug92.asp
or
http://www3.telus.net/dandemar/repaxp.htm
or
http://support.microsoft.com/?kbid=315341

Know that antivirus software does not protect you from everything. You need
a firewall, you need antispyware software, you need to do more than think
putting a dog in your unfenced yard protects your home belongings,
essentially.

You may have spyware/adware infesting your machine, follow the
appropriate section for that, making sure you use at least
THREE of the tools I list to scan and clean your machine AFTER
updating them. Cleaning up spyware/adware/malware usually
solves home page hijackers as well.

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem.


Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp
(It has been reported that it now works with AOL 9.0+)


Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)


Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well. SpywareBlaster is a FANTASTIC free product, I suggest
getting this after you cleanup and keeping it updated as well....

And Assortment of Others:
http://spywareinfo.com/


After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php


Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section,
do the following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the
"Amount of disk space to use:" to something between 80MB
and 120MB. (Betting it is MUCH larger right now.)
- Click OK.
- Click on "Delete Files" and select to
"Delete all offline contents" (the checkbox) and click
OK. (If you had a LOT, this could take 2-10 minutes or
more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.


Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.


Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/


Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.


Better control your email and lessen the amount of time you spend dealing
with SPAM:
SpamBayes
http://sourceforge.net/projects/spambayes/
or
Spamihilator.
http://www.spamihilator.com

 

[Lanwench [MVP - Exchange]]

Shenan Stanley wrote:

you need to do
more than think putting a dog in your unfenced yard protects your
home belongings, essentially.

Nicely put...I think I'll crib this from you!

 

[Trafton]

Hi Shelly,

This is an odd way to extort money, and this is probably an amateur,
although it may be more serious. The first thing he should have done was
turn off his Internet connection. Then, he should have gone to a different
computer and download this program:

http://www.spychecker.com/program/hijackthis.html

He should then haven taken that program and run it on the afflicted computer
IN SAFE MODE (the exact area in the program is accessable via the following
instructions: press the CONFIG button and go to MISC TOOLS and then click
GENERATE STARTUPLOG). Then, he should have posted that here, and we could
have isolated what program was the malicious one, stopped it from starting
when Windows starts, and then disinfect his machine from there.

The best way to prevent this is to run a good, updated antivirus program, a
firewall, and download all of the latest Windows patches.

The FBI does take hacking reports, but rarely acts on them. Perhaps the
extortion attempt would make them focus, but still it is unlikely that a
prompt investigation would occur.

Sincerely,
Benjamin Johnstone-Anderson
Microsoft MVP - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/

 

[Sadie]

Hello,

What a terrible,distressing story.Well done for posting
it here,I hope it gets plenty of attention.
I don't know enough about Hackers to comment,but,I
suspect,your friends computer MAY have been compromised
prior to the incident.

Frighteningly,Polymorphic Agobots are now open source.As
Hackers go,this guy sounds small-time.A low-life crook.
A bot,once planted on a computer,will transmit data-
location for example-back to its creator.I'm inclined to
think this the most likely explanation-partly because I
find the thought of a bona-fide Hacker going to the
expert lengths needed to breach a system without having
compromised it first-for the sake of $400 too mindblowing
to contemplate.
Virus scanning for Polymorphic Agobots is woefully
lacking.Firstly,because there is no file.The thing is
somekind of memory-resident which encrypts and decrypts
itself eachtime it is run-in other words-morphs.

Makes me furious to think your friend's harddrive was
destroyed by this evil so and so.I'd have imagined,in
America you'd have a special electronic crimes squad or
something.Definately report it.Shout it from the
rooftops.Pity your friend did not submit his harddrive to
the Feds!I am certain every move on the net leaves a
trace,and he could have been busted.

Sadie

 

[Bruce Chambers]

Greetings --

There is absolutely _NO_ way a hacker could possibly have
physically damaged, much less destroyed, a hard drive. Granted, some
files may have been deleted, corrupted, or damaged, but this is a very
different thing, and easily remedied.

To start off, your friend should learn to use his computer safely.
To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/

Secondly, your friend (and you, as well, I fear) needs to acquaint
himself with the concepts of reality and common sense. Whatever made
him think that giving in to an extortionist was a viable course of
action? Whatever made the pair of you so gullible as to believe a
hard drive could be physically destroyed without someone's taking a
hammer to it? Just because you and/or he are new to computing,
there's no reason to suspend normal common sense and a healthy
skepticism.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

There is know way your hard drive is completely destroyed, so forget about going and buying a new one. Some files may have been deleted and that can be fixed. Scan your system for a virus, it sounds as if it was infected with a trojan horse virus. Take all of the advice in the previous postings as well.

 

[Guest]

Your friend is obviously no Einstein......did he/she give ANY thought to unplugging the internet connection!?!?!?!?!