I got H4x0r3d! Seriously I got "hacked."

Post Reply New Topic

My Windows 7 computer got hacked. They enabled the tech support backdoor into the system by planting a trojan through Java and used the back door to gain complete access and control of my computer. Luckily I didn't have any credit card transactions or bank information or any of the crap the hackers usually look for. So really they didn't get much of anything. They had my e-mail address and tried to take control of my Facebook page and through it steal my email account. But I managed to prevent that from happening. Why the hell would they target my computer? It was unsettling but also kind of sad; because they wasted their time. I am working on restoring my computer but I lost EVERYTHING I had on my HD which is slightly irritating. But oh well. I guess it could have been worse. Stupid Script Kiddies.

I'm a security specialist, and that doesn't even make SENSE. Tech support backdoor? Unless it's something YOU installed or it came with your computer from your manufacturer, there's no such thing. Enabled through Java? Yeah right. Nor does it make sense that you'd lose everything on your hard drive. *facepalm*

I also was recently "hacked". my own fault in hindsight. I opened an E-mail that looked real, they even had a wellknown trademark (UPS)to make it look real. Said they had a delivery. hehe

They had full control ! ! I know some IT professionals and they were amazed and dumbfounded.

Funny thing is I got a pop up that said "THANKS"

Remote Assistance? It's built right into Windows 7. And I lost everything because I had no back-ups and I formatted the Hard Drive, genius. Ergo the "Lost everything." And yes Java aka Javascript. The Trojan was implanted through IE via an ActiveX Javascript Event exploit that had not yet been addressed by a Killbits security update. If you are an expert then I am the Flying Spaghetti Monster.

java != javascript

ActiveX != javascript

remote assistance != 'back door'

He is a network security admin. :p

Sorry. I've just had a lot of people saying that they didn't believe me recently so I kind of took it out on Warden when he too said he didn't believe me. My apologies.

I was going to say 'remote assistance' but Naz already stated that.

The usage of terms by user and specialists is very different and yes users or PCworld minimum wage drones tend to see the only solution to every problem being to wipe the hard drive and start again...

As for the enabled through Java bit, erm, let that be your little secret, meanwhile back in the real world, Java exploits are very in fashion at the moment.

http://www.kaspersky.com/about/news/vir ... ts_in_2011

The Java exploits referenced in that article are payload exploits. They're designed as a vehicle to download further malicious code that actually does what you want. That's done because Java applications run inside a JVM, which by design limits all access to the underlying system, forcing access to go through the control of the JVM. The JVM can't change system properties, including enabling Remote Assistance.

Also, any Java Applets running inside of a browser run in a sandbox which specifically prevents access to the underlying system at all unless specifically authorized (and signed with a valid Code Signing certificate - which no malicious user would do). Even then they're subject to the same security restraints as normal Java applications.

One last thing, trojans aren't "planted" anywhere - they wait for the gullible idiot to click on them. If you're the flying spaghetti monster, I'm Superman!

if you use IE what do you expect... face. palm.

Actually it is funny one of you should mention security certificates; because I appeared to have a bogus one on my computer.

I am familiar with the whole iffy website predisposition toward malicious code. File hosting sites have been known to have bogus 'download buttons'. Some sites that offer alleged Freeware applications have been known to host malware in the guise of legit shareware or freeware applications. Bonzai Buddy comes to mind from a decade ago. So to be fair it may have been something I DLed. My analysis of how the hacker did what he did was based on things I've read on tech sites about IE being the typical exploit, specifically through ActiveX Javascript. Some of the tech sites mentioned viruses POSING as legit ActiveX system processes combined with the fact that somehow the hacker got a hold of my Router address and the hacker tried to put java crap on my folks' computers through the router. I was kinda convinced that Java was the culprit. I'm no expert so sue me; I never claimed to be. We had to get our ISP to change the router's address and access codes.

So yeah, it was a pretty big problem. Don't respond if all you are going to do is pick apart my post. It was a GUESS that it was Java. One I felt very confident was in fact an accurate guess; being that it was how the hacker tried to infect my mom and pop's computer. So whatever. After spending hours trying to root out everything the hacker had done to my computer I made the mistake of responding to a YouTube email stating that my sister had posted photos on my page. I was tired at the time so I didn't notice the Suffix line attached to the end of the legit address. I had enough wits to realize I had been had before I logged out of gmail which was linked to my Facebook page. So while still logged in I changed the password in my gmail account and used my newly secured email to get my face book page back through facebook's recovery system to get an email sent to me with a temporary password but of course the email was also mailed to the hacker via some hack I am unfamiliar with; But I managed to beat the hacker to finishing the process on YouTube. I think the system sending the bogus mail was automated which would explain why the hacker was unable to beat me to the punch. But yeah. Not very fun.

Long story short; my registry was corrupted the Windows Back-up save states were corrupt my system was riddled with exploits and I was just about fed up with trying to root everything out. So yeah. I reformatted, what of it? It wasn't my first choice, but there you go.

I post on here to vent and the FIRST reply I get is a condescending dissection of my post. Whatever folks. So if you are all done making assumptions about my intelligence and my vocational aptitude and how I came to be infected; please withhold any further dissection of my post. Maybe you could try posting something that doesn't smack of arrogant ridicule. Goodnight.

Yes I posted one article showing that java exploit kits were very popular.

Try this one.

http://www-01.ibm.com/support/docview.w ... wg21225628

You can start off in a browser sandbox, inside of the JVM but still write files to the local machine and execute them with the user's privilege level, which on a home windows install is probably admin.

JVM busted.
Browser sandox busted.

[quote="Namazu"
I post on here to vent and the FIRST reply I get is a condescending dissection of my post. Whatever folks. So if you are all done making assumptions about my intelligence and my vocational aptitude and how I came to be infected; please withhold any further dissection of my post. Maybe you could try posting something that doesn't smack of arrogant ridicule. Goodnight.[/quote]

Welcome to Wrongplanet.

I am an aspiring student who wants to get into Cyber Security:

I would highly recommend you go into your Internet settings and disable ALL JavaScript. I would only let websites you commonly use and absolutely trust to be allowed to use JavaScript. It is called "Whitelisting", and it helps prevent malicious code from being installed while visiting unknown, shady websites via JavaScript.

You could also use Firefox and install the NoScript plug-in.

I would also look up each software program before downloading it. I hope this doesn't happen again.