1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scammed. Do I have to worry about a potential key logger?

Discussion in 'BlackHat Lounge' started by flc735, Apr 8, 2013.

  1. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    I've been had. I will give it a few more days until I make a shitlist thread but for now, I want to know if I need to worry about any keyloggers or anything else in that ballpark.
    He set up a VPS that I was using for a few days that had a bunch of IM tools on it. He also had access to the VPS. I was moving files back and forth from my computer to the VPS via drop box folder. I am not sure if this is something to worry about but I also set it up so I could save files from the VPS. I am not sure if it worked the other way around.

    I have no reason to think he did anything like this. He knows I am broke. Just want to be sure. It was my first payday and he disappeared on me. Just a strange situation and a bit of my paranoia.
     
  2. tmark30

    tmark30 Registered Member

    Joined:
    Aug 6, 2012
    Messages:
    57
    Likes Received:
    3
    Occupation:
    internet enterpreneur
    Were you rendering some form of service to him or somthing?
     
  3. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    I was writing for him. I used The Best Spinner on his VPS to make spun articles as well. I also logged into my email on the VPS.
     
  4. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    Also, it was $300 so it is somewhat significant. It's more the time lost than anything, though. I could have made that money elsewhere during the time I was working with him.
     
  5. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    Did you install any software? Run a System Restore to a time prior to when you were working with him.
     
  6. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    I did. He gave me his password so I could install TBS on my PC (because I asked he didn't suggest it out of nowhere). Sent me the link. This was the link
    Code:
    http://TheBestSpinner.com/downloads/SetupTheBestSpinner.exe
    TBS domain name so that means that download was safe, right?
     
  7. seopencil

    seopencil Supreme Member

    Joined:
    Aug 3, 2011
    Messages:
    1,435
    Likes Received:
    519
    Location:
    BHW
    Just change password and every other details you think can be used to hack your accounts and you used it on that VPS.
     
  8. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    But once it's on, it's on. Changing passwords wouldn't do much after that point, right?
     
  9. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    Correct. But if downloaded and installed legit software from a legit source, based only on his recommendation, then you are in no more danger than if you did it on your own. There are varying levels of security. I use System Restore to make myself feel better about risk. It might break the functionality of some installed software/malware, but is no guarantee. The only guaranteed way is to wipe the drive and reinstall. That's not warranted here. So, I pick a spot on the spectrum that I think is appropriate, which is on the low end of the "risk scale", but at least it's SOMETHING to make you feel better, hence System Restore.

    Truthfully, the whole internet is just chock-full of bad people. The worst are the ones you aren't aware of. Changing passwords regularly is a good idea.

    Whose VPS was it? Did it require special software to connect? Did you give up control and/or share you machine when you were connected? Did you share your hard drive? Did you copy critical information (bank account, email passwords, etc...) to the VPS?

    Who is the Member? Don't mess around with this. If you have a legit complaint of a scam, post a shitlist thread and maybe save someone else from getting scammed.
    There is a difference between getting scammed by a bad actor that is capable of anything, and a "deal gone wrong" with someone who just got the better of you in a deal. If case "A", you need to start a SL thread and you have a legitimate security concern. If case "B", you got burned, lesson learned, don't let that happen again, and your computer is probably safe.
     
  10. BottingWorks

    BottingWorks Regular Member

    Joined:
    Jul 16, 2012
    Messages:
    249
    Likes Received:
    73
    Location:
    Australia
    Home Page:
    1. Find the logger
    2. Run a traceroute
    3. Brute force and install RAT
    4. ??????
    5. Profit.
     
  11. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    Thank you for your advice. I am not exactly up to speed with how a VPS works. I had to Google it quickly when he sent the details over :)
    I connected using the remote desktop connection which is a default windows program as I understand it.
    I changed some settings so I could transfer files from the VPS to my PC directly onto the main C drive. I went to youtube to find how to do that.
    Doubt this means anything but the TBS output zip files were all corrupt. Originally, I thought that meant there was an issue with the VPS file transferring, but it turned out to be TBS on the VPS.

    I am not sure what you mean by "Whose VPS was it?" The persons name or what? It was a Russian IP and had Xrummer, Scrapebox, etc... pretty much the works installed on it.
    He locked me out of the VPS today.

    I do have a lot of info on him, which is why I find this entire situation strange. I have his full name, age, the contact info for a client he does a lot of work for, websites, city, emails, he uses the same user name across most accounts, his number and even his girlfriends number. I'd probably be able to cross reference his information and gather even more.

    Since we began talking on Wednesday, we have 51 pages (copied and pasted on word) of IM's on Skype. Most of it is him talking about what he wants out of me, telling me about his business plan and bouncing around some ideas. Up until Friday, he went out of his way to accommodation me. Friday, he apologized for not being able to send payment on time. He called me on his own to see if we could figure out a solution. He suggested western union and we planned to exchange info Saturday morning. I never heard from him since.

    Nigel, I pm'd you his info. It is pretty obvious what happened but I want to at least give him a business day to get a hold of me before I blast his name on the web.

    I definitely got screwed here, though I don't think it was planned. I think he got the money from his client and decided to pocket it and disappear.
     
  12. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    Could you explain 1,2 and 3?
     
  13. zachlepwner

    zachlepwner Registered Member

    Joined:
    Feb 22, 2011
    Messages:
    52
    Likes Received:
    5
    Ever heard of google? Its a search engine that lets you look things up.

    Some things you can do if you think you've been infected with a logger:
    1. Get keyscrambler
    2. Download malwarebytes, run a complete scan
    3. Run a deep scan with your regular multivirus.
    4. Repackage rsp

    Really only 1 and 4 will do anything, but the scans are worth a shot.
     
  14. Nigel Farage

    Nigel Farage BANNED BANNED

    Joined:
    Feb 8, 2012
    Messages:
    563
    Likes Received:
    1,495
    Given that he's so well-known & documented, it all implies to me that he's legit and may have a personal and/or financial issue going on. These things happen. Except for the locking out of Skype part, which is significantly suspicious.

    In any case, he posted a thread on BHW asking for work, which means other BHW members may be at risk and for this reason I think a ShitList thread is justified. You can apologise, withdraw his identifying information, have the thread closed/deleted/etc... if he shows up and makes things right. I've seen several SL threads where someone in your situations fails to create one, then months later someone else gets scammed and then we find out there was a history that might have been documented early. So do the SL thread. $300 is significant I've seen SL threads for $15.00, and Members getting banned for that low of an amount.
     
  15. flc735

    flc735 Regular Member

    Joined:
    Apr 30, 2011
    Messages:
    284
    Likes Received:
    82
    Occupation:
    Writer
    Location:
    Los Angeles, CA
    Will do. Thanks for your help.