Jump to content


Photo

Help! I think I'm being keylogged!


  • Please log in to reply
15 replies to this topic

#11 Jesse

Jesse
  • Staff
  • 531 posts

Posted 29 November 2008 - 12:50 PM

I have a G4 myself, 512 RAM, and mine's doing the burp thing. I think your computers just going out.

Can I hurt you?


#12 Mac Addict

Mac Addict
  • Members
  • 8 posts

Posted 29 November 2008 - 12:52 PM

QUOTE (Fire @ Nov 28 2008, 10:23 PM) <{POST_SNAPBACK}>
Your symptoms don't exactly sound like a keylogger.
I would recommend looking into the probable case that it is a bad stick of RAM or another hardware issue.

If you really think it's a keylogger:
follow Oktane's logical steps to success, and, if you want, do the following:

1. Hang out in Activity Monitor located in /Applications/Utilities. Look for any suspicious activity.

2. Check the following directories for anything suspicious, sorting by most recently created or modified:
/Library/StartupItems/
/Library/Extensions/
/System/Library/Extensions/

3. Check ~/Library/Preferences/com.apple.SystemLoginItems.plist


If you can't find anything and you are *really* paranoid, you can try evaluating a list of all the most recently edited files either by searching via the Finder, or using ls | grep in terminal.

For example, this would dump a file on your Desktop containing all files on your computer edited on Nov 29 (using that format, set 'Nov 29' to whatever the current date is):
CODE
ls -alR / | grep 'Nov 29' >> ~/Desktop/recent.txt


If you have a bajillion files edited today, try avoiding modifying many documents or running many applications for a day and run it tomorrow. You also may want to type a lot just in case the keylogger file activity is triggered by keyboard activity.

It is likely that a keylogger will be active every day, saving files on your computer, etc.

Also, try installing Little Snitch. This will alert you when applications are connecting and communicating to other hosts (i.e. a potential spy)


Hey, thanks for your post...I found it to be really helpful. I downloaded MacScan and Little Snitch, both of which are currently running. I did see some interesting activity on the Little Snitch activity panel...I started a conversation with someone on Yahoo, and I was asked to approve outgoing data to a non-Yahoo server whose IP address appeared to be mostly numbers. I denied the request, and haven't been prompted since.

I wonder though, if someone WAS keylogging me, they'd have to A) know I have a Mac, B) also have a Mac, and C) have a reason to want to know what I was talking about. I'm wondering if certain phrases or word combinations are automatically monitored/captured by Yahoo...otherwise, someone would have to go to great lengths to spy.

#13 Mac Addict

Mac Addict
  • Members
  • 8 posts

Posted 29 November 2008 - 12:54 PM

QUOTE (Mac Addict @ Nov 29 2008, 12:52 PM) <{POST_SNAPBACK}>
Hey, thanks for your post...I found it to be really helpful. I downloaded MacScan and Little Snitch, both of which are currently running. I did see some interesting activity on the Little Snitch activity panel...I started a conversation with someone on Yahoo, and I was asked to approve outgoing data to a non-Yahoo server whose IP address appeared to be mostly numbers. I denied the request, and haven't been prompted since.

I wonder though, if someone WAS keylogging me, they'd have to A) know I have a Mac, B) also have a Mac, and C) have a reason to want to know what I was talking about. I'm wondering if certain phrases or word combinations are automatically monitored/captured by Yahoo...otherwise, someone would have to go to great lengths to spy.


...or, you know, total paranoia on my part, ha.

#14 Fire

Fire

    Admin

  • Staff
  • 663 posts

Posted 29 November 2008 - 01:42 PM

QUOTE (Mac Addict @ Nov 29 2008, 12:52 PM) <{POST_SNAPBACK}>
Hey, thanks for your post...I found it to be really helpful. I downloaded MacScan and Little Snitch, both of which are currently running. I did see some interesting activity on the Little Snitch activity panel...I started a conversation with someone on Yahoo, and I was asked to approve outgoing data to a non-Yahoo server whose IP address appeared to be mostly numbers. I denied the request, and haven't been prompted since.

Be sure you don't block intended network activity. You can set rules per-application or per-protocol to allow expected network connections. You may want to read the Lil' Snitch documentation.


QUOTE (Mac Addict @ Nov 29 2008, 12:52 PM) <{POST_SNAPBACK}>
I wonder though, if someone WAS keylogging me, they'd have to A) know I have a Mac, B) also have a Mac, and C) have a reason to want to know what I was talking about.

Incorrect. The spy does not require a mac computer. Also, there are ways to detect the OS of the target computer (i.e. with nmap), so such information is often easy to acquire. Finally, their interest in your communications could be as simple and impersonal as stealing your identity or credit card info. They may have chosen your computer solely based on its level of vulnerability.


#15 Mac Addict

Mac Addict
  • Members
  • 8 posts

Posted 29 November 2008 - 09:13 PM

QUOTE (Fire @ Nov 29 2008, 01:42 PM) <{POST_SNAPBACK}>
Be sure you don't block intended network activity. You can set rules per-application or per-protocol to allow expected network connections. You may want to read the Lil' Snitch documentation.



Incorrect. The spy does not require a mac computer. Also, there are ways to detect the OS of the target computer (i.e. with nmap), so such information is often easy to acquire. Finally, their interest in your communications could be as simple and impersonal as stealing your identity or credit card info. They may have chosen your computer solely based on its level of vulnerability.


It is an open wireless network I'm on...

#16 pipo

pipo
  • Members
  • 78 posts

Posted 29 November 2008 - 10:27 PM

QUOTE (Mac Addict @ Nov 29 2008, 09:13 PM) <{POST_SNAPBACK}>
It is an open wireless network I'm on...

thats why even one more reason to be vulnerable.....
BACK THE F:\ UP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users