free geoip Scam Update -- I Got Keyloggered - Jayson's Blog - jaysonKnight.com
jaysonKnight.com
A conduit to the voices inside my head.
Scam Update -- I Got Keyloggered

I’m barely even coherent at this late of an hour due to lack of sleep over the past week (stressed to the max due to all this bullshit), but I have finally figured out what happened.  A keylogger was installed on my machine, specifically this one (that link is safe to click on).  For a very humorous read, have a look at their “remote installation guide” (again, safe to click on) which explains in detail how to remotely install this software.  The wording is unreal…this was obviously a package written for hackers.

Long story short, if the scammer/hacker is careful enough and can get you to click on a rogue link, the software can be installed without you knowing, which in hindsight has to be what happened.  Who knows how it got on my machine, but after running several keylogger removal tools I finally tracked it down to this exact program.

I wouldn’t have even thought to start searching for a keylogger on my machine…I met a buddy of mine Sunday evening for a drink and mentioned everything that was going on; his first response was “did you get keyloggered?”  Of course my reply was “no way, I have a/v software, am behind a firewall (2 actually, one software and one hardware), and I run anti-spyware scans on a weekly basis, etc.”  But he got me to thinking, so I figured what the hell, I’ll check it out.  And as I stated above that’s when I found this very nasty package.

So here are the facts:

  • It was installed about a month ago, which is right around the time I did my last eBay auction (coincidence?…perhaps, but who knows).
  • It has the potential to log everything I did on my machine for the last month depending on how it was configured (I have of course zapped it and reformatted all of the machines on my network, and have changed all of my passwords…too little too late though).
  • Whoever was monitoring it has A) my social security number (it’s my login ID to my online banking site…when I signed up years ago that was the only option they offered for an ID, and I have since learned that they’ve changed this requirement but didn’t fucking enforce it, i.e. I was never notified that I could change it) B) all of my bank account numbers as I use them to pay some of my bills online C) numerous credit card/check card numbers as again I use these to pay various other bills/order stuff/etc D) drivers license number E) account numbers/passwords to all of my utility companies…in other words, everything.
  • Who knows what else…I’m deliriously tired and will post more later.

Norton A/V missed it.  Spybot missed it.  It’s that f’ing stealthy.  According to what I’ve read, the installation program can detect these programs and bypass them, which is completely ridiculous IMO, but apparently it worked.  What’s funny (if you can even say that) is that I did indeed take screenshots of the detection process, but being the brilliant person I am stored them on my drive…before formatting my machine.  Great job J.

You always think that it can’t/won’t happen to you.  It’s surreal, and I’m still reeling…not even beginning to think that I am now an identity theft statistic, along with how much time it will take to get this all sorted out.  Hell, it might not even be related to eBay.  I’m starting to think about attachments I clicked on in emails from friends (email addresses are easily spoofed, and given the amount of info that is available about people on the internet, wouldn’t be too hard to figure out email addresses that would be familiar to the “victim” and then spoof them).  Who knows.

Updates to come as they present themselves.  All of the involved parties are being less than useful at this point though.  Imagine that.  This absolutely sucks.

Sidenote:  Sorry for all of the negativity as of late.  I hope to get back to regular posting soon.


Posted Wed, Aug 9 2006 3:37 AM by Jayson Knight
Filed under: ,
comments powered by Disqus

Comments

Keyvan Nayyeri wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 1:42 AM

Ah, Damn!

I'm glad to see you figured it out ;-)

Jayson Knight wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 1:46 AM

Figuring it out is the easy part...it will take weeks (maybe months) to get everything fixed. But thanks for your comment ;-).

Keyvan Nayyeri wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 2:14 AM

But it was the most important part. Without it next steps are impossible ;-)

Jaxon Rice wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 2:40 AM

Man, that sucks so much.  I really hope you can recover some of your losses.

Dan Hounshell wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 7:05 AM

What keylogger removal tools did you use (do you recommend)?

Wizz wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 9:26 AM

Not to mention all your internet passwords too!   Are you sure it wasn't an inside job?  jk :-)

Ken Robertson wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 10:05 AM

That is crazy!  If you can, should post some more about the removal... as that is just absurd.  I can't believe how they are marketing that program.

You should definitely be looking into identity theft.  I think there are some agencies and what not that specialize in helping people with identity theft.  Probably run a credit report and see about freezing your credit.  I had a friend who had her identity stolen and it took her a long time to get everything sorted out.  Best of luck!

Haacked wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 12:20 PM

Sorry to hear it. Happens to the best of us (such as my yahoo phish).

You should put a fraud alert on your credit reports.  You can also put a freeze to be really really safe.

Also, this is exactly why I am running as a LUA. I assume you had to be logged in as an admin to install that keylogger.

http://haacked.com/archive/2006/04/28/YouveBeenHaacked1KTimes.aspx

Jayson Knight wrote re: Scam Update -- I Got Keyloggered
on Wed, Aug 9 2006 5:10 PM

Hey guys, thanks so much for your comments. This has been a complete nightmare to say the least and I will definitely be posting more information as it presents itself.

@Dan, I tried several "free" utilities, and then finally broke down and purchased SpyCop: http://spycop.com/. That was the only app that picked it up (and there are probably other apps that would have picked it up as well, but none of the free ones did). Given the severity of this situation, I didn't trust the removal process and ended up formatting all machines/drives on my local network and am still a bit wary even after doing that.

@Ken, more posts to come for sure. As I stated above SpyCop picked it up but paranoia set in so I formatted everything. I've already gotten the process rolling for identity theft and have cancelled/frozen everything. It's going to be a long process though, and I've been in contact with all of the credit agencies.

@Haacked, yeah I was running as admin (though not anymore of course), at least at the time that it was installed. Too much false sense of security given all the measures I had in place to prevent something like this.

It's always the culmination of numerous small little things that can lead up to something like this. More to come...

vern wrote re: Scam Update -- I Got Keyloggered
on Sun, Aug 13 2006 4:42 PM

Jayson, can you give any details about the klogger? I suspect my father might have it but I don't want to spend the money on spamcop if I don't have to.

protected virtual void jaysonBlog { wrote Scam Update -- Tools And Removal
on Mon, Aug 14 2006 11:01 PM

I just wanted to follow up on my previous post about the keylogger scam to address some of the comments

Jon Galloway wrote re: Scam Update -- I Got Keyloggered
on Mon, Aug 21 2006 3:55 PM

Really sorry to hear that, Jayson. Hope things work out okay.

I looked into the Perfect Keylogger information a bit to see if I had it. It's launched by an entry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run which points to bpk.exe; you can also look for it by running MSCONFIG.

I think Norton and Symantec are pretty much worthless. I'm using either OneCare or Avast! on my computers. I looked around and found an opensourece keylogger detection called xpy on SourceForge, although I don't know if it would have detected it.

Here's hoping we can one day get a cryptographically secure identity system in place in our lifetime so we can stop typing usernames and passwords into web pages.

Ken.Robertson.Blog wrote A hard lesson learned
on Tue, Oct 17 2006 12:43 PM

The other day, I mentioned that I'd decided to do a fresh install of Vista RC2 to give it a try. Part

Preston Bullard wrote re: Scam Update -- I Got Keyloggered
on Sat, Feb 27 2010 1:01 PM

Just so you know, spybot S&D has been updated to search and seek out PerfectKeyLogger. How I know? The name caught my eye as S&D was running through it's extensively buttfuck huge list, so I googled it and found this. Hope everything has been duly sorted out since this unfortunate occurrence

Hope this helps in the future!

Copyright © :: JaysonKnight.com
External Content © :: Respective Authors

Terms of Service/Privacy Policy