MattW

Mate of mine has been hacked, hotmail account password changed and poker account emptied. Following ips possibly responsible, can anyone trace and provide more info than standard whois search.

86.137.180.26
86.137.179.24

JackClark

I'm pretty sure those are BT addresses. Have you contacted the police?

Scooby-Doo

www.showmyip.com shows it as a BT IP address which is kind of good that its not columbia or such like.

Contact the police and let them take it up with BT.

BlkKnight

TBH I think it's very unlikely that the source of the attack was actually the owner of the PC located at that IP at the times located in your logs.

It's extremely likely that the attacker was relaying off that PC (or indeed through several PC's) to launch the attack making it very difficult (of not impossible) to trace.

Hopefully your friend didn't lose too much money and his e-mails being taken over wasn't too much of an inconvienience.

You could report it to the police but TBH I wouldn't hold your breath.

Buy a new hard drive, remove the old one (incase the old bill need it), reinstall, Patch, anti-virus, firewall and away you go.

Sorry to be the bringer of bad news, but chalk it up to experience and move on.

/edit

If it were me who was hacked, I'd also:

Cancle any credit / debit card used online

Advise my bank(s) and suspend any on-line activity.

(on the new PC) change all passwords on any websites where I've registered that I care about.

MattW

Cheers Guys, friend has read replies and i'm round there tonight to install Hardware Firewall, update Virus protection etc.

FYI Betfair is where most of the money was taken, they have used a CC without matching the 3 digit security code and basically told him to go swivel.

swaussie

That really sucks but I wonder if he was hacked or has had his traffic monitored? Was their any obvious signs of a break in (logs etc). I would highly advise him (and anyone else for that matter) to use secure login (https) where ever possible and if you are going to give out credit card info on the net make sure you are using a secure connection before you send any data. It may have happened that someone was scanning his traffic and if it wasnt being sent encrypted, then its a very easy crime to commit.

Oh and just to stay on my high horse I would also advise everyone to have a seperate password for internet usage to what you have as your logon password

BlkKnight

This is not good enough i'm afraid

You need to FORMAT & REINSTALL from scratch.

You have no idea what obsucre backdoors & trojans the attacker has put on (bespoke stuff that A/V software won't pick up).

I'm sure everyone else will agree with me to.

I know it's a PITA - but it's the best long term option.

stevencotton

I'd chuck the disk personally.

Alan C

Not all hackers are relayers who can manipualte your pc as a Zombie. Might just be simple smash & grab.

I know it's a longshot, but I feel it's still worthwhile letting the Police know the IP's at least. If other people have done the same then BT logs could show the same user ID to other similar activity.

Throwing the Hard drive is, for me, OTT for 'normal' users, so a reformat will remove all OS / App rootkits if one is installed.

Once done, add one or all these prevention & detection measures to your Security layers..

• AntiHook - prevention
• RootkitRevealer from Sysinternals - detection
• BlackLight from F-Secure - detection

Just three free RKD options to use. They're not 100% (nothing is) but it's one more step to keeping the bad guys out..

Iain Young

Very true. But there are also exceedingly talented hackers out there who can do this sort of damage. Unless you know the hacker personally, you cannot know which which category they belong in, and so I'd err on the side of caution and at the very minimum do a format and reinstall. Like Steve, I'd be tempted to bin the disc as well.

Alan C

Iain, I couldn't agree more. Plus, as I'm paid to be paranoid and cautious, I'd also err on that side and re-format as a minimum..

MattW

Hi Guys, I had to do a format anyway, so much crap on it I thought it safer.

Iain Young

It's for the best