|
What to do if you have been hacked
If you think you may have been a victim of an intrusion then you need to remain calm. You need to ascertain first off if you have really been hacked or if your computer is just a bit buggy.
Generally, if you have been hacked you will notice that your computer is a little slower and if you use a dial up connection you will see, the modem lights go solid green for long periods when you are not browsing the web. Trojan hackers like to play silly games and will often make your screen flip upside down and open up your cd rom drive. Another common trick is to take control of the mouse and take control of the victim's keyboard, typing obscenities to the victim's friends on any chat or messenger program the victim may be using.
Another sign that your computer has been compromised, and this applies especially to people with high speed broad band accounts is if you are getting warnings from your isp for attacking other computers or for port scanning. Hackers love to use a victim's computer to do the dirty work for them, your computer could be port scanning government ip ranges and you wouldn't know about it until you received an email from the FBI. It can be very scary to be falsely accused, and if you have been falsely accused then you have probably been a victim of a hacker.
The only way a hacker can get into your computer is through an open port. Ports are like little doors; you need them on your computer to be able to communicate with other computers and with webservers on the internet. If you have been infected with a backdoor trojan or the hackers know how to exploit other open ports then they can easy walk right into your pc the same way as you could walk into someone's house if they left the door open.
There is an easy way to secure your ports, and that is to use a good firewall. Firewalls can have numerous functions. Some firewalls will block cookies and adverts as well as hackers, while other firewalls act as honey pots or baits to trick the hacker into thinking that your computer is vulnerable, when the hacker attacks the firewall will immediately block the port and log the hacker's details. I personally recommend the virusMD.com firewall as it offers good protection plus has the advantage of having a set of good internet tools built in to track the hacker down.
Below is a step-by-step guide that will help you in the event that your home pc has been hacked:
1) If you feel that you have a hacker inside your pc then you may be able to find out for sure by doing a simple dos command. Close all open programs, but stay connected to the internet, close your web browser, and any other program that uses the net and then do the following:
Go to start, then to run, and type command, then hit ok. You will notice a black window will pop up; this is your MS DOS prompt. Type directly into this window the following command: netstat -a
You will notice a list of open ports on your computer, and next to the ports, you may see a strange address and next to that, you will see the word listening or connected.
The connected ones are the ones we will be looking at first, these are all the other computers who are currently connected to you. Using the copy and paste function, copy and paste the whole lot onto a windows note pad page (a txt file). After you have done that immediately, disconnect from the internet.
2) Install a good firewall and then go back online you will often find firewalls on computer magazine cover cd's. Block any unknown accessing computers when asked. Using the txt file you previously created look for any open ports, you can find this info under the heading local address. The numbers to the right hand side are the open ports and these can indicate either a trojan infection or a vulnerable port that is opened by a legitimate program. The best way to tell what port is what is to use a good port list, I suggest downloading the VirusMD firewall and using the port list that comes with the TDAT program, this is a pretty good trojan port list. You can also find port lists on the internet by doing a search in google etc.
3) If you find that you have a trojan port open then the best idea would be to get a good virus scanner and use that to remove it. If you do not have a trojan port open but still where hacked, then it may possibly be a backdoored program you are using. Some programs have backdoors built into them, and some are just buggy and will allow a hacker to send bad data to them over the internet, crashing the program and allowing the hacker to issue commands to the remote computer. The easiest way to stop these types of attacks is to use a good firewall and remove any known backdoored or buggy software
4) If you did find a trojan port open then you will want to nail the hacker. Using the text file you made earlier, look for the addresses next to the open trojan ports. Using either an internet toolkit or a website that has whois enabled, paste the address into the whois lookup and then do a query. You will be given information on that address, this info will not be the hacker's details, it will be the ISP details of the hacker. You now have enough info to lay a formal complaint to the hackers ISP. If you do not see an abuse@ address on the whois details, then simply look for the domain name information and put abuse@ in front of it e.g. if the domain name said aol.com you would write abuse@aol.com
Be courteous when you write the email, but let them know what exactly happened, and ask for a human reply or you may deal with auto responders.
5) Change all your passwords. Hackers can easily steal your passwords from your computers cache and also by using keylogging technology (most trojans have this). If you do not change your password, your internet account may be used or you may find that the hacker will email your friends from your email account and send them trojans pretending to be you. If you do use computer banking or credit card transactions online then it is recommended to cancel your card as the hacker could use your credit card number and details to buy goods and services.
6) If important documents have been stolen especially work related ones, or other data has been stolen, you are well within your rights to contact the FBI, and if the hacker is in their jurisdiction then they will be able to enforce the law.
|
|
