[j0eblow]

This story sort of relates to BO and/or possibly other backdoors. If anyone can help me understand the mystery of what happened to me back around 2001 I would be forever grateful:

I believe I was in 4th or 5th grade and one night, I was playing Diablo 2 online with my cousin. My family was still using dial-up at the time so I was using one line to play and the other line to talk to my cousin on the phone. It was getting late and I was getting tired so I told my cousin I was going to call it a night. I exited Diablo 2 and continued talking to him on the phone. All of a sudden, I noticed a window pop up on my screen and it read:

"MASTER: what are you doing?"

I immediately asked my cousin if it he was messing with me. He proclaimed to not know what I was talking about and for a little bit I didn't believe him. I clicked in the chat box and asked:

"SLAVE: who is this?"

Anytime I messaged back it labeled me as "SLAVE." Anyways, the chat continued and the person told me to "look behind me." Mind you I'm in the basement and there was nothing behind me besides my dad's computer desk. This is where it got spooky:

"MASTER: who are you talking to on the phone?"

At this point, my cousin swore it wasn't him and I believed him. I looked up at my monitor and chills were sent down my spine. My mom had just given me a webcam for Christmas (I guess they had just become popular) and it was at this point I realized this person had been watching me this entire time. I panicked and immediately pulled the phone cable from the back of my Dell. It was hard to sleep soundly that night.

Believe it or not, I'd like to think this person gets partial credit for sparking my interest in computer security. From that point on, a chain reaction started and I began to immerse myself in security and became fascinated with learning about its history. Today, I happily have a career in the field :), but I still think back to this story from time to time and wonder what exactly happened.

Could it have been a Diablo 2 exploit? Maybe I joined someone's hosted game, they were somehow able to get my IP address, and then possibly exploited Windows XP? The chat window mechanism seemed pretty unique to me (maybe I'm wrong) like this person created it themselves. I'd be curious to read other people's theories. Maybe the person that executed the attack reads this post and can explain it all... :)

[adriancr]

There were a lot of trojans with chat like that. An even nicer chat was with The Matrix green letters behind it or just plain black/green.

The most common way to get infected is running infected applications.

As for your webcam, did it not have a light when on?

Also, very likely it was your cousin or someone you know.

[j0eblow]

I don't recall mine having a light. It definitely wasn't my cousin. It may have been something malicious I installed without knowing. Maybe I downloaded and installed something from Kazaa or whatever the current P2P file sharing network at the time. I thought it was weird that it happened right after I exited Diablo 2 though.

[adriancr]

> I thought it was weird that it happened right after I exited Diablo 2 though.

I'd suspect you were playing with someone you know Diablo 2 and they just decided to mess with you a bit.

[grioghar]

Hundred to one, it was NetBus or BO. You could view active windows and get window freeze frame.

The message dialogue would have looked like Windows 95/98, with a reply option. BO was more extensible; ButtTrumpet would run and announce to the person who installed it that you had come online. Another BO plug-in allowed you to change how the message interface worked. My guess is someone saw your IP, and someone checked out your IP to find you open.

I’ll tell you, when I found someone who had open BO/NetBus, I would assign a password to their configuration so they weren’t open to anyone other than me. I have to imagine that hash was was easy to crack, but at the time, I thought it was a solid way to keep people from getting messed with by anyone other than me.

[j0eblow]

Are you saying it could take a snapshot of the webcam view? The message dialog was an un-closable window and it was very plain from what I remember.

What do you mean someone checked my IP to find me open? I had a certain port open?