Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked via RDP


  • Please log in to reply
5 replies to this topic

#1 Chas19377

Chas19377

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 19 July 2016 - 07:20 PM

I have a pretty serious issue that is calling my integrity into question. An email was sent from one of my accounts that I did not send. It could have only happened one of two ways either someone physically did it from my computer or from my computer via RDP. Upon finding out about the situation I immediately started investigating possibilities as actual access to my computer physically would be rather difficult but not entirely impossible. What I found was that someone could have accessed my computer via RPD and that is highly likely as I started digging into my computer and found that I indeed had permissions on for this and there was at least two applications that could accomplish this running or open whatever you call it. I immediately disabled all of this and turned the permissions off but kind of like closing the barn door after the horse is out. My computer is usually up and running and logged in to everything, including my email accounts 24 hours a day 5 days a week as well. If someone used rdp to access my computer and acted maliciously sending emails and using other programs on my computer is there anyway to tell that it was them who sent them or would it simply look as if I did it. This could even result in some minor criminal charges if I can't prove this happened. One IT expert told me that they would be able to detect through the email that someone was using my computer remotely when those emails were sent. I'm not buying it. I feel they are just trying to make their job easier and scare me into saying I did something when I did not. Answers asap would be much appreciated before this escalates or just plead the 5th as it were.



BC AdBot (Login to Remove)

 


#2 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:07:51 AM

Posted 19 July 2016 - 07:49 PM

Why do you think RDP has anything to do with the issue? Just because the service was enabled? I think it is enabled by default, but that doesn't mean it's being used. Isn't it more likely someone got access to the password to one of your email account and sent it via web or SMTP? Was it tracked to your IP? Need more data.


Edited by Trikein, 19 July 2016 - 07:50 PM.


#3 Chas19377

Chas19377
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 19 July 2016 - 08:30 PM

Hi Trikein ok the computer is in my home office which is 10 feet from my bedroom. I am a day trader which means I am at the computer probably 18 hours a day off and on. I am not a tech guy so I have no clue that was just my best guess from my search to see how this could be done but yes they are saying it was tracked to my IP that's what makes this so urgent even if nothing comes from it which it most likely won't it is still my reputation. I keep really weird hours for Asian, London and New York market sessions as well so I have to be and at the computer quite a bit and again it is only tenn feet from my bedroom which is where I am generally at when not on but of course I do shower and run out to the store etc. No need to have my email password as I said I normally have everything wide open but I am also near it 90% of the time though their is a small window for someone to get access daily without my knowledge. I have no idea sending it via web or what smtp is so I have no idea which is why I am here. My main question is if someone did use remote access would I be able to find out and would it show in the email that it was done that way and how do I check?



#4 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:07:51 AM

Posted 19 July 2016 - 08:40 PM

"My main question is if someone did use remote access would I be able to find out and would it show in the email that it was done that way and how do I check?"

No, it wouldn't. If someone is logged into your PC via remote desktop, as far as the email program is concerned, it's you. 

 

It's probably more likly to be malware. Was this email someone pretending to be you? Advertisement? 

 

One thing you can check is your sent mail folder on any email client you use. Another thing is check access to your account. Who is your email provider?



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:51 PM

Posted 19 July 2016 - 08:46 PM

Due to the seriousness of this I would highly recommend starting a post in the malware removal logs forum by following this guide.

 

Please explain the situation clearly to the helper so they can help you preserve any evidence of infection, if it exists.



#6 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:07:51 AM

Posted 19 July 2016 - 08:48 PM

"Due to the seriousness of this I would highly recommend starting a post in the malware removal logs forum"

 

I agree 100%.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users