The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

EH-Net > Ethical Hacking Discussions and Related Certifications > Forensics (Moderator: don) > PST hacked

Pages: [1] Go Down

« previous next »

	Author	Topic: PST hacked (Read 6713 times)
0 Members and 3 Guests are viewing this topic.

Hack_80

Jr. Member

Offline

Posts: 59

Black buck

PST hacked

« on: December 29, 2010, 12:44:17 AM »

hi,
i am facing issue of hack in my network. one of the user's PST got hacked and Hacker is sending mails of same pst attached through GMail to his official ID . We blocked specific email ID but still the hacker is sending such mails.
we are unable to trace the hacker. Gone thru Event ID's but no any track been traced.
what is the way out to trace the hacker?

thanks in advance


	Logged

MaXe

Hero Member

Offline

Posts: 507

I've just upgraded myself to a cyborg muahahaa!!1

Re: PST hacked

« Reply #1 on: December 29, 2010, 04:08:32 AM »

Set up a network IDS like Snort and wait for the malicious / illegal traffic to occur.

When it occurs, save it and follow the "stream" to see what happens but also where it comes from.

That's probably the easiest way.


	Logged

I'm an InterN0T'er

Ketchup

Hero Member

Offline

Posts: 1006

Re: PST hacked

« Reply #2 on: January 03, 2011, 02:47:15 PM »

What do you mean by "user's PST got hacked?" PST files really don't have much in terms of security, all you have to do is open it. The password protection feature is very rudimentary and can easily be defeated. Are you sure these emails aren't coming from outside and aren't something like NDR bombs?


	Logged

~~~~~~~~~~~~~~
Ketchup

SephStorm

Sr. Member

Offline

Posts: 416

Re: PST hacked

« Reply #3 on: January 03, 2011, 04:42:53 PM »

While I have no idea what a NDR bomb is, I was going to ask the same question. I would assume the users computer was infected, possibly with a trojan horse... Now that I think about it, even that isnt required. A hacker could create a malicious file with the PST extension. That doesnt require any penetration of your network, just knowledge of valid usernames. Although I assume someone has opened the file win which case we are back to trojan.


	Logged

Support my hactivities.
http://www.cafepress.com/TRUEHacker

Empires89

Newbie

Offline

Posts: 6

Everybody wants to be a cat

Re: PST hacked

« Reply #4 on: January 05, 2011, 12:24:39 AM »

There's a million and one ways to spoof an email address to look like it's coming from one server or one user. I don't understand how a PST file can be "hacked" so that it's sending email. To my understanding the PST file is just a file that holds the user's email data, calendar, inbox, etc. When you speak of the "hacker" sending this PST file out I picture in my mind a large attachment, not spoofing.

It might not be coming from the user's computer but instead the email server. Or maybe it's just being spoofed.


	Logged

Pages: [1] Go Up

« previous next »

Jump to:

SANS Deals 4 EH-Netters

$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012

Recent Forum Topics