Key logger on my AA1

Hi,

Today I got some notifications from paypal that money was being sent from my account.
I haven't bought anything, and when I checked I found that someone had used my account to buy web services etc.
We are talking hundreds of dollars.
When I checked with the companies from which the orders had been made they told me that the IP of the log in originated in the Philipines.
I am located in Europe myself.
Could this be a case of a key logger ?
How would this be possible on an AA1 ?
What can I do to get rid of this infection ?

 

Why would you expect a keylogger as the cause of your problem? PayPal accounts are accessible by simply supplying an email address and a password. Do you use a STRONG password with your PayPal account? Is the password you use for your PayPal account different than passwords you might leave around the Net, in various forums for example or pop mail servers? A breach anywhere could expose your password if it isn't unique and STRONG. The likelihood that some infection is doing it on your Linux system is very very remote.

Cheers.

 

in the past i've received emails from "paypal" asking me to re-enter and confirm personal information due to a "security breach" of my paypal account. the link provided in the email wasn't to paypal but another site, so it was an obvious scam. do you remember any recent emails from "paypal" similar to this?

 

Hi,
Thanks for your replies!
I admit that my password has not been strong. I have of course changed it now.
The reason why I suspect a key logger is, in addition to the fact that I haven't shared my login information with anyone, that my machine is acting strange. I just need to rule out one possibility at a time, and a key logger is the worst scenario, so I'm addressing that first. Here are a few things that makes me wonder: On a regular basis (1 out of 5) when after having written an email, I press "Send" and then the email program is suddenly shut down. When I check the sent folder - the email is gone and has not been sent. There are other strange behavior as well: The screen sometimes flashes briefly as if it was turned off and back on very quickly. My pointer suddenly jumps to another location etc. (No, I'm not touching the mouse pad). I'm not trying to seem paranoid, but it sometimes feels like I don't have complete control over my own computer. About one week ago my whole Bookmarks folder was suddenly wiped. All the files were gone. I swear I haven't done that myself.

I am aware of the "paypal" spam that sometimes occur, and I have not opened any of those emails at all.

I understand that an infection is very unlikely, but is it impossible ?

 

Are you using Windows or Linpus? If Linpus I'm worried.

 

The OP could consider installing the program "snort", which is an intrusion detection system. Whether that will work properly with Linpus, I don't know? But it is the defacto standard for intrusion detection on Linux boxes.

Cheers.

 

I am using Linpus yes. I suppose there are other ways to steal someones password than by actually scanning the keyboard (which we are convinced is impossible within Linux...Right?). They might have got it using some sort of password cracker maybe. But I just don't get it. I only use this Linux machine for my paypal purchases. Maybe someone with deeper insight would care to give us a little Linux vs. virus primer ?

 

It will work for intrusion detection on Linpus. However, without the netfilter (iptables) modules, one cannot do real time blocking with flex-response, guardian.pl or blockit.pl.