Quote:
Originally Posted by krazykat
I've been talking at length with my customer...she is definitely doing virus/trojan scans on a regular basis and nothing like that has come up. Which makes this all the more perplexing! Unfortunately, this seems to be a much deeper issue...
Hopefully, the abuse/security will be able to help us. I also use FTP uploads, just as the rest of my customers do...and so this is naturally quite worrisome to me.
|
I have to agree that this does smell of a keylogger/trojan more than anything else. The link to Trend Micro that DewKnight posted is possibly the best online scanner available and it is free. Another one to look at is
Free antivirus - Avira AntiVir I know you said your client is doing virus/trojan scans on a regular basis, however if he/she is using the same program it may just not be able to detect the intrusion. That is why it is good to use alternate programs regularly especially in situations like this where there is reason to suspect a trojan or keylogger.
Packet sniffing is a possibility, but a much more remote one. The "hacker" would need access to one of the networks that the packets transverse. This could be done through a keylogger/trojan from a user on one of those networks, so it is possible. If the keylogger situation can be ruled out, I would recommend that your client make another ftp account in Cpanel and give that account limited access. Change the password for the main FTP account and do not login to that main account for a week or so. Then use the newly created ftp account to upload a few changes here and see if this so called "hacker" logins into the main account or the newly created one.
