Jump to content

Internet Attack


monitorlizard

Recommended Posts

I have been receiving messages from my firewall software that someone was trying to access my computer. The message reads somthing like "trojan attempt through back door".

I did a search and the web host is loxinfo. I have the node name and ip address.

I understand that each computr has a unique web address?

Apparently the attacks are coming from Thailand. Anyone know if there is a way to track this guy down? :o

Link to comment
Share on other sites

You can do a traceroute to find the internet route to the IP (it is likely that it will disappear after the first few hops if he is any good). Then do a whois on the last server that you can identify. This will give you the registration info of the ISP. There will be contact info contained in the Whois info....e-mail them and explain that you have had a malicious attack from the IP address. That is really all you can do.

Traceroute/Whois tools

Bear in mind that a Trojan is ON YOUR COMPUTER. You should disinfect your computer immediately using a virus killer (McAffee, Norton etc).

Trojans can be downloaded in many ways (HTML pages, FTP,emails). Once on YOUR COMPUTER they sit until you have an internet connection then call the hacker, tell him you are on-line. What happens next is dependent on the Trojan. and can be anything from downloading your hard-drive files to complete control of your computer. (The simplest is spying on your passwords when you type!)

If you can find out what type of trojan it is then you can assess the damage

Mcafee have listings of all known Virii and Trojans.

Mcafee Virus list

Link to comment
Share on other sites

Guest IT Manager

I use Sam Spade to trace route and it also has a system you can modify to access the abuse mail for the ISP. I also get the occasional whack from outside and its stopped by either or both Norton Personal Firewall or Zonealarm.

Same Spade and Zonealarm are both free. Nortons you pay for but in many ways, it can be easier to manage.

Link to comment
Share on other sites

I have now and then some "alert", and when I trace this, I very often find that the attack is coming from Thailand B)

under windows, I use Zone-Alarm and it's complement Visual-Zone, which can give

you quite a good report, allow you also to report it to your ISP, with details, so they can do something.(if they can) ...

it's less a worry with Linux, well setup, it's a lot more safe B)

but like any machine it has to be well configured !

anyway, try to keep a "log" of all atack, and sometime compare, time of attack and wich port they used to do so ... this can give you a good idea of where from this is coming. (and sometime for what purpose)

many times, it is an UDP attempt, from ISP ... loxinfo, is very used to it B)

since I changed ISP for Ji-Net, this does happen anymore B)

is loxinfo spying on customers? :o

probably yes! :D

but have to say, that their site as well as database are like an open-mill ...

not that secure B)

so, if you use loxinfo, you better have a good firewall B)

Link to comment
Share on other sites

Why trace you are going to end up in russia or in a internet cafe. And then you have to go to the THAI POLICE and what they REALLY like to do is bust you for VISA problems so they going to ask what you use the computer for and then you say work and they your buggered. Beucase you not use at the same place you have a permit for. Every time i gone to the thai police they just ask to see my passport and they sitt and play with it and ask me lots of questions not regarding the case to see if there is ANYTHING they can bust me for.

To trace the IP in Thailand u need the police report.

I think you got a trojan on the computer get SPYBOT from download.com

Link to comment
Share on other sites

I get a hit every once in awhile and it usually is LOX INFO and some others from Thailand but mostly they are from sunnyvale california or santa barbara california and a few from korea and some from russia, but the Norton Personal firewall stops em then I run tracking,get the ISP block of numbers and put a block on their whole block of numbers,that stops it ###### fast. I also do a system scan with antivirus at least once a week and also have webroot spyware which keeps the spys at bay.

Link to comment
Share on other sites

I have had a very similar problem, norton pops up and says it has detected a virus called trojan.byteverifyer.

10 seconds later a red screen appears and tells me my computer is under investigation and mentions something about the FBI and such, it wants me to click on link to "find out more"

It gives me my I.P. and some other info on this red screen.

It really annoys me as I am not too IT savy so I do not know what to do.

I have the latest Norton anti V and when a do a scan immediately afterwards it cannot find any viruses, this is after I disconnect from the net.

The red screen has a name, it is Azerin. I am in Azerbaijan right now so I presume it is local.

What damage if any can someone do to my pc? I have no info on any drive, just photos and DVD from my DVD movie camera.

What is this person doing? :o

Link to comment
Share on other sites

I have had a very similar problem, norton pops up and says it has detected a virus called trojan.byteverifyer.

10 seconds later a red screen appears and tells me my computer is under investigation and mentions something about the FBI and such, it wants me to click on link to "find out more"

It gives me my I.P. and some other info on this red screen.

It really annoys me as I am not too IT savy so I do not know what to do.

I have the latest Norton anti V and when a do a scan immediately afterwards it cannot find any viruses, this is after I disconnect from the net.

The red screen has a name, it is Azerin. I am in Azerbaijan right now so I presume it is local.

What damage if any can someone do to my pc? I have no info on any drive, just photos and DVD from my DVD movie camera.

What is this person doing?

very common behavior of nasty trojan :o

try to get some trojan remover ... and for sure make an update of your virus database, scan again ...

some quite new forms of trojan are muting once inside your com :D

write down any details of this red-skin screen of death.

and then once disconnected, search in the registry any key related to these infos.

you might find it yourself, if not a good software would do the job.

the purpose is not to scan or destroy your com , but rather to use it as a ghost machine, in order to launch some other attack somewhere else B)

you are just a relay ... get rid of it as fast as you can, this the best you can do.

good luck anyway

francois

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...