You've Been Hacked ! How to Know if You've Been Hacked !!

You can tell when you've been hacked if you're careful enough!  

Hackers have stooped to an all time low (it's actually an all time high for them of course) when it comes to infecting your systems. Present tools and techniques ensure they are always a step ahead of security measures trying to defend your systems. It's quite easy to know and learn when your system has been compromised. All it takes is a little more attention and observation on your part. 

Why Hackers Want the Use of Your Computer ?

Although we are familiar with the idea that hackers might be seeking our credit card numbers, bank accounts, and identity, some hackers are simply seeking the use of your computer. By infecting thousands, even millions, of computers around the world, they can create what is called a "botnet."
A botnet is simply a network of compromised computers controlled by a single command and control center. I estimate that 30 to 50% of all consumer-level computers are part of one botnet or another.
This botnet can be used for many seemingly innocuous activities and many more malicious ones. Botnets can be used to send spam, crack passwords, conduct distributed denial of service (DDoS) attacks, etc. In all cases, they are using system resources that are not available to you. You will likely detect your own system running sluggishly or erratically.
Let's take a look at how we can detect if such a security breach has taken place on YOUR system.

1. Fake antivirus messages

Among the surest signs that your system has been compromised, this ploy makes use of the fact that by the time people see the fake antivirus warning, considerable damage has already been done. A fake scan is in reality a malicious program's trick to lure people into buying their product. You will more often than not be directed to a professional-looking website on clicking a link provided by the scan where you will many a times give out your credit card number and billing information. In this way, the program will gain complete control over your system while also making full use of your personal financial information.

 

2. Check Task Manager

The first thing to check when you suspect that you have been hacked is your Windows Task Manager. You can access it by hitting Ctrl+Alt+Del on your keyboard and selecting Task Manager at the bottom of the menu that pops up, or just type Task Manager in the run line of your Start menu.

 

When you open the Task Manager and click on the "Processes" tab, you should get a window similar to the one below. Note at the bottom the CPU usage. In this infected machine, the system is sitting idle and CPU usage is spiking near 93%! Obviously, something is going on in this system.

 

 

Below, you will see the same Task Manager on an uninfected system. With the system idle, CPU usage is under 10%.

 

 3. Unwanted browser toolbars

 
Browser toolbars are supposed to help you, however, unless they are coming from a very well-known vendor, they are fake and could entail a hack in near future. 

4. Redirected Internet searches

 
Did you know that hackers are paid to get your clicks to appear on someone else's website. Many a times websites don't know that clicks to their website are in fact from malicious redirection. Adding to the plight is the fact that current redirected Internet searches are securely (pun intended!) hidden from the user through additional proxies. As a result the fake results are never returned that could alert the user for future references. Fake unwanted browser toolbars could also lead to redirection. 

5. Frequent random popups
 

Getting random browser pop-ups from websites that don't normally generate them can be very annoying, but that's only the tip of the ice berg. Frequent random popups is a sure shot sign that your system has been compromised. Bogus toolbars are also one of the primary reasons behind the same.

6. Your friends receive fake emails from your email account
 

Malware programs and hackers often pull out email addresses and contact lists from your social media sites such as Facebook, to send malicious emails to your email contacts. However, in taking the social media route, hackers get a very incomplete list of your contacts' email addresses. However, these bogus emails won't have your email address as the sender. If such a case arises, you're computer is safe. 

7.Your online passwords suddenly change
 

You might have responded to an authentic-looking phish email that purportedly claims to be from the service that ends up with the changed password. In this way, the hacker will gain your logon information, change the password and use the service to carry out his vested interests.

8. Unexpected software installs
 

Most current malware programs are Trojans and worms, and they typically install themselves like legitimate programs. It must be noted that the unwanted software is legally installed by other programs, so its highly advisable to read your license agreements carefully. 

9.Check System Integrity Checker in Windows

Now that we know something is awry on our system, let's delve a bit deeper to see if we can identify it. Very often, malware will embed itself into the system files which would explain why the AV software couldn't detect or remove it. Microsoft builds a system integrity checker into Windows called sfc.exe that should be able to test the integrity of these system files. From Microsoft's documentation, it describes this utility saying:

"System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files."

The idea here is that this tool or utility checks to see whether any changes have been made to the system files and attempts to repair them. Let's try it out. Open a command prompt by right-clicking and choose Run as Administrator. Then type the following command (make sure to press Enter afterward).

sfc /scannow

As you can see from the above screenshot, the malware remains hidden even from this tool.

10. Your mouse moves between programs and makes correct selections 

Mouse pointers moving randomly might usually be due to hardware problems. However, if the movements involve making the correct choices to run particular programs, take note that something is fishy.

11. Your bank account is missing money
 

Usually begins by your computer being compromised stemming from a response to some fake phish from your bank. The hacker logs on to your bank, changes your contact information, and transfers large sums of money.

12. Your antimalware software, Task Manager, or Registry Editor is disabled and can't be restarted
 

You didn't disable your antimalware software but find it disabled. Further, your start Task Manager or Registry Editor won't start, start and disappear, or start in a reduced state. All these are definite signs you've been compromised.

 

13.Check Network Connections with WireShark

If we can install a third-party software for analyzing the connections to our computer, we may be able to identify the communication to and from our computer by some malicious entity. The perfect piece of software for this task is called Wireshark

Wireshark is a free, GUI-based tool that will display all the packets traveling into and out of our computer. In this way, we might be able to identity that pesky malware that is using up all our CPU cycles and making our system so sluggish.

Since Wireshark is an application and not part of the Windows system, it is less likely to be controlled and manipulated by the malware.  Click on you active interface and you should see a screen open like that below.

Wireshark then can capture all the packets traveling to and from your system for later analysis.
The key here is to look for anomalous packets that are not part of your "normal" communication. Of course, it goes without saying that you first should have an idea of what is "normal."
If you haven't looked at your normal communication, you can then filter packets to only look at a subset of all your communication. As attackers often use high number ports to evade detection, you can filter for, say ports 1500-60000. If you have malicious communication taking place, it will likely appear in that port range. Furthermore, let's just look for traffic leaving our system to see whether the malware is "phoning home" on one of those ports.

We can create a filter in Wireshark by typing it into the Filter window beneath the main menu and icons. Filters in Wireshark are a separate discipline entirely and beyond the scope of this article, but I will walk you through a simple one for this purpose here.
In this case here, my IP address is 192.168.1.103, so I type:
ip.src ==192.168.1.103
This filter will only show me traffic FROM my system (ip.src). Since I also want to filter for ports above 1500 and below 60000, I can add:
and tcp.port > 1500 and tcp.port < 60000
The resulting filter will only show me traffic that meets all of these conditions, namely, it should be:

• Coming from my IP address (ip.src == 192.168.1.103)
• Coming from one of my TCP ports above 1500 (tcp.port > 1500)
• Coming from one of my TCP ports below 60000 (tcp.port < 60000)

When I type all of this into the filter window, it turns from pink to green indicating my syntax is correct like in the screenshot below.

 

Now click on the Apply button to the right of the filter window to apply this filter to all traffic. When you do so, you will begin to filter for only the traffic that meets these conditions.

 

Now the key is to look for unusual traffic here that is not associated with "normal" traffic from your system. This can be challenging. To identify the malicious traffic, you will need to type the unknown IP addresses that your machine is communicating with (see the IP addresses in the box) into your browser and check to see whether it is a legitimate website. If not, that traffic should be immediately viewed with some skepticism.
Detecting whether your computer is infected with malware is not necessarily a simple task. Of course, for most, simply relying on antivirus software is the best and simplest technique. Given that this software is imperfect, some of the techniques outlined here may be effective in determining whether you have really been hacked or not.