.

PST hacked

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Wed Dec 29, 2010 1:44 am

PST hacked

hi,
i am facing issue of hack in my network. one of the user's PST got hacked and Hacker is sending mails of same pst attached through GMail to his official ID . We blocked specific email ID but still the hacker is sending such mails.
we are unable to trace the hacker. Gone thru Event ID's but no any track been traced.
what is the way out to trace the hacker?

thanks in advance
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Dec 29, 2010 5:08 am

Re: PST hacked

Set up a network IDS like Snort and wait for the malicious / illegal traffic to occur.

When it occurs, save it and follow the "stream" to see what happens but also where it comes from.

That's probably the easiest way.
I'm an InterN0T'er
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jan 03, 2011 3:47 pm

Re: PST hacked

What do you mean by "user's PST got hacked?"  PST files really don't have much in terms of security, all you have to do is open it.  The password protection feature is very rudimentary and can easily be defeated.  Are you sure these emails aren't coming from outside and aren't something like NDR bombs?
~~~~~~~~~~~~~~
Ketchup
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Jan 03, 2011 5:42 pm

Re: PST hacked

While I have no idea what a NDR bomb is, I was going to ask the same question. I would assume the users computer was infected, possibly with a trojan horse... Now that I think about it, even that isnt required. A hacker could create a malicious file with the PST extension. That doesnt require any penetration of your network, just knowledge of valid usernames. Although I assume someone has opened the file win which case we are back to trojan.
sectestanalysis.blogspot.com/‎
<<

Empires89

User avatar

Newbie
Newbie

Posts: 6

Joined: Mon Jan 03, 2011 12:30 pm

Location: Seattle

Post Wed Jan 05, 2011 1:24 am

Re: PST hacked

There's a million and one ways to spoof an email address to look like it's coming from one server or one user. I don't understand how a PST file can be "hacked" so that it's sending email. To my understanding the PST file is just a file that holds the user's email data, calendar, inbox, etc. When you speak of the "hacker" sending this PST file out I picture in my mind a large attachment, not spoofing.

It might not be coming from the user's computer but instead the email server. Or maybe it's just being spoofed.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software