[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Intrusion spyware malware key stroke detection



I wrote an agent that watches current google search queries in realtime 
(not quite realtime, but quite close)
This is not hard to do, either.  I suspect this is what's going on.

Log into your machine as root and do a ps aux and show us the output.  I 
highly doubt there is a piece of malware
running, but it's worth checking for.

Tim

Don Raboud <don.raboud@xxxxxxxxxxx> wrote on 02/22/2006 10:00:22 AM:

> On Wednesday 22 February 2006 2:53 am, Martin wrote:
> > I use suse 9.3 pro on home network. Boxed retail DVD set.   Suse 
firewall.
> > Security updates are current.   KDE  Konqueror and / or Firefox. 
Comcast
> > cable internet service provider.   No alias.
> >
> >  Everyday I am seeing spam email which is a reflection of complex
> > sensitive key word phrases I had typed into google just  a few days
> > previously.
> >
> > What are the security implications of this?  How do I configure what I 
have
> > to stop this?  What additional measures might be appropriate?  Is this
> > spying for  commercial purposes or could it be US Government spying? 
The
> > linux network worm?
> >
> > Aliasing?  Fire wall configuration?  Stop always connected cable 
internet
> > and go back to using on demand dialup.?
> >
> > My first reactions are to look into aliasing. Or go back to on demand
> > dialup.
> >
> > But if keystrokes are being detected then there is no security.  Very
> > alarming.
> >
> > Thanks to any who can help
> > Martin
> 
> This may be completely unrelated, but do the subject lines for the spam 
you 
> refer to start with "Amazing, "?
> 
> -- 
> Don
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here