Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
DemolisherII
|
Posted - 2009.08.06 21:31:00 -
[1]
When do you get the keylogger? Is it: 1. Clicking the forum link 2. Leaving the CCP website to view the keyloggers' website 3. Clicking through links on the keyloggers website 4. Downloading and running the .exe file that pretends to be Flash Player
I am not sure whether I am at risk or not... could those who know they got keyloggers or had their accounts hacked say what stage they got to? Or anyone else offer an opinion? Because I am sure I am not alone in worrying whether I should transfer all my assets to a friend in EVE just in case.
|
Messoroz
|
Posted - 2009.08.06 21:33:00 -
[2]
Number 2 to 4, varies based on spammer and site.
|
Cat o'Ninetails
Rancer Defence League
|
Posted - 2009.08.06 21:35:00 -
[3]
Some sites are able to infect systems just by you visiting the link. (generally Internet Explorer, though all browsers have vunerabilities)
x
Yay! Six months of defending! \o/ <3 to Abrazzar! |
James Vayne
|
Posted - 2009.08.06 21:36:00 -
[4]
when you click on the link?
If they could grab your key from this forum alone they wouldn't require the extra links for people to click. I believe it works on the principle of the cookie from visiting the website rather than the .exe
Why. Did you click the link?
|
Demolishar
|
Posted - 2009.08.06 21:38:00 -
[5]
Edited by: Demolishar on 06/08/2009 21:39:33 Edited by: Demolishar on 06/08/2009 21:39:22 I visited a link, I removed a process using a certain security software: Details of the process:
Name: 5CAAAFDANALJRR... (not exact) (basically just a long string of numbers and letters, randomly) Type: Internet Description: <Invalid Registry Entry> (Browser Extension)
That sound like the keylogger?
EDIT: Sorry, posted with an alt
|
Demolishar
|
Posted - 2009.08.06 21:56:00 -
[6]
Also, I hear that if I use the on-screen keyboard, it (the keylogger) can't detect keystrokes. Truth or lie?
|
Sniper Wolf18
Gallente A Pretty Pony Princess General Tso's Alliance
|
Posted - 2009.08.06 21:59:00 -
[7]
Originally by: Demolishar Edited by: Demolishar on 06/08/2009 21:39:33 Edited by: Demolishar on 06/08/2009 21:39:22 I visited a link, I removed a process using a certain security software: Details of the process:
Name: 5CAAAFDANALJRR... (not exact) (basically just a long string of numbers and letters, randomly) Type: Internet Description: <Invalid Registry Entry> (Browser Extension)
That sound like the keylogger?
EDIT: Sorry, posted with an alt
Most likely, disconect network from your current PC, switch to another one, change your eve password on the other one, download up to date anti virus and anti spyware, install on infected PC and run it. If it doesn't find any keyloggers, either reformat or put it to chance and hope for the best.
Also: You could try deleting system32, i hear it makes your PC run faster And to finish, thank you for reading my sig -------------------------------------------------- If you are still reading i would probably hav posted by now |
randomname4me
|
Posted - 2009.08.06 22:01:00 -
[8]
Originally by: Demolishar Also, I hear that if I use the on-screen keyboard, it (the keylogger) can't detect keystrokes. Truth or lie?
the on screen keyboard uses the same DLL file as a key press from the board so no.
EVE Online: Rated RRR- For Explicit Breakfast Piercing Bullets. |
Lifelongnoob
Caldari Final Conflict UK
|
Posted - 2009.08.06 22:11:00 -
[9]
firefox with "no script" & "world of trust" addons helps block alot of those key logger websites
|
Barakkus
Caelestis Iudicium
|
Posted - 2009.08.06 22:23:00 -
[10]
Generally for IE if you have the "Internet" zone set to "Medium-High" and have the pop-up blocker enabled you won't have to worry about a lot of stuff...almost everything that will try to install itself will prompt you...but doesn't mean you're 100%, if you're an IE user and want to be paranoid, you can set the security to "High" but be prepared to have it break most websites, and you're still not 100% safe, just like 98% safe.
Also be aware if you have JRE installed you are leaving yourself open to possibly getting exploited just by visiting suspect pages (not in the case of the keyloggers spammed recently).
If you have AVG, Norton Antivirus or McAfee installed, it will usually catch their keylogger before it finishes downloading if you happen to agree to download it. Just be forewarned, AVG has been nuking OSes again with false positives...I think they patched it pretty quickly this time though.
If you're worried, you can transfer all your stuff to me
p.s. never visit websites that are a mess of nonsense letters and numbers for a domain name :P
|
|
Demolishar
|
Posted - 2009.08.06 22:37:00 -
[11]
I use Firefox and I have AVG. Both are up to date, but I don't have any script stopping addons for firefox or anything like that.
|
Barakkus
Caelestis Iudicium
|
Posted - 2009.08.06 22:51:00 -
[12]
Originally by: Demolishar I use Firefox and I have AVG. Both are up to date, but I don't have any script stopping addons for firefox or anything like that.
I would really recommend getting NoScript if you are going to use Firefox, it's pretty important to only let what you want to run...it doesn't give you complete immunity, but it's going to insure you don't have something exploiting a flaw in Firefox most of the time.
|
Demolishar
|
Posted - 2009.08.06 23:01:00 -
[13]
I got the noscript. So is IE actually safer than firefox these days?
|
Barakkus
Caelestis Iudicium
|
Posted - 2009.08.06 23:04:00 -
[14]
Originally by: Demolishar I got the noscript. So is IE actually safer than firefox these days?
Nah, not really, you're only as safe as the person in the chair. You'll probably find more IE exploits, but most of which happen when the security settings for the zone are not very tight.
|
Demolishar
|
Posted - 2009.08.06 23:28:00 -
[15]
Just a thought, if the keylogger code is when you open the website, what is the point of the .exe you can download?
|
Akita T
Caldari Navy Volunteer Task Force
|
Posted - 2009.08.07 01:19:00 -
[16]
Originally by: Demolishar Just a thought, if the keylogger code is when you open the website, what is the point of the .exe you can download?
If your browser is vulnerable/unpatched/whatever, it could work when you open the page, on some pages (not necessarily the one the spammers of today link to, but in general). For those with patched or not-so-vulnerable browsers, you still try to fool them into running junk, maybe you're lucky there.
EVE issues|Mining revamp|Build stuff|Make ISK |
Sky Marshal
IMpAct Corp Tau Ceti Federation
|
Posted - 2009.08.07 01:22:00 -
[17]
Edited by: Sky Marshal on 07/08/2009 01:21:57
½ When do you become at risk ? +
When you use a Apple computer with a flashable keyboard who can receive a keyloggued-ready firmware _______ Local is fine, period.
|
mooN 4PIE
|
Posted - 2009.08.07 05:28:00 -
[18]
Edited by: mooN 4PIE on 07/08/2009 05:32:42 Keyloggers are trojans that lie within an .exe file or other less known extensions that i can't remember right now. To get infected with a keylogger you/someone else/a script needs to execute the infected file. The most common way to get infected is to receive a file whos functions extend beyond its stated ones (process obtained by using Binding software) or if it just appears not to do anything. Some trojans (keyloggers) do not appear as a process in the task manager because they re-write the base code of another process (usually a Windows process that cannot be stopped) hiding within it. Another way is to access an unsafe link using an old, vulnerable browser, like IE 5.0 or even 6.0 (as they have more exploits) . Accesing an infected link with an old browser will start a script, that will automatically download a keylogger in the background without your knowledge and execute it. Also another, less common, more professional way to infect someone is by using a Usb flashdrive that when plugged in, will automatically start the keylogger.
If you are uncertain whether you are infected or not, i suggest to format your hard-drive immediately. Do not save any .exe files from your current hard-drive if you want to be sure (better safe then sorry). This is because, at the other end of the keylogger, someone maybe monitoring every action of yours and make ration decisions based on your intentions (infecting the .exe files that you may save) Before you do anything be sure to change all your passwords from another safe, firewalled PC. These are all the hacking processes that I'm aware of.
Good luck !
|
Mara Rinn
|
Posted - 2009.08.07 07:06:00 -
[19]
Originally by: Sky Marshal When you use a Apple computer with a flashable keyboard who can receive a keyloggued-ready firmware
Flashing the keyboard requires user intervention. Then the user has to open the application that will send the password to the attacker, and correctly trigger the keylogger dumping out the keylog from memory.
Visiting a site and getting pwned by a corrupted JPEG only requires you to be running Internet Explorer.
|
Tiny Tove
|
Posted - 2009.08.07 08:29:00 -
[20]
Edited by: Tiny Tove on 07/08/2009 08:29:51 No wait, far too "Radio 4", for Eve readers.
|
|
Exile Devaltos
Ministry of Destruction SCUM.
|
Posted - 2009.08.07 11:09:00 -
[21]
You have to be pretty inept to get a keylogger in the first place. But I guess that encompasses most of the people in the world anyway
Originally by: Wrangler Thats odd, I always drink after dealing with you people..
|
Sky Marshal
IMpAct Corp Tau Ceti Federation
|
Posted - 2009.08.07 11:21:00 -
[22]
Edited by: Sky Marshal on 07/08/2009 11:22:12
Originally by: Mara Rinn Flashing the keyboard requires user intervention. Then the user has to open the application that will send the password to the attacker, and correctly trigger the keylogger dumping out the keylog from memory.
Visiting a site and getting pwned by a corrupted JPEG only requires you to be running Internet Explorer.
Indeed, but generally, a beginner don't disable automatic updates so normaly using Internet Explorer is dangerous but I suppose that this kind of big hole is corrected.
But we still have the user, and he is the reason of 90% of all problems on a computer. Spam, malwares, etc... still work good despite counter-measures, because there is still a good amount of users who are not warned and click anyway.
Concerning Apple, they seems have a curious security policy, but this is a personal opinion after reading some news : As long that it is not public, there is no problem. _______ Local is fine, period.
|
Yarinor
|
Posted - 2009.08.07 14:24:00 -
[23]
If you use a proper operating system you wont have to worry since most loggers are written for windows because that's what most people use, not to mention BSD/Unix/Linux are generelly more secure in their architecture.
|
Demolishar
|
Posted - 2009.08.07 14:41:00 -
[24]
So... I should format my PC then? And change my account password (again) on a diffrent PC? It's been 2 days since I allegedly got the keylogger and I havent been hacked yet. I HAVE logged into eve in that time.
|
Mashie Saldana
BFG Tech
|
Posted - 2009.08.07 15:10:00 -
[25]
Originally by: Demolishar So... I should format my PC then? And change my account password (again) on a diffrent PC? It's been 2 days since I allegedly got the keylogger and I havent been hacked yet. I HAVE logged into eve in that time.
Better safe than sorry tbh.
|
Barakkus
Caelestis Iudicium
|
Posted - 2009.08.07 16:44:00 -
[26]
Edited by: Barakkus on 07/08/2009 16:45:25
Originally by: Yarinor BSD/Unix/Linux are generelly more secure in their architecture.
Notrly. They're actually just as easy to hack as other OSs, in some cases, easier.
|
Barakkus
Caelestis Iudicium
|
Posted - 2009.08.08 02:05:00 -
[27]
Edited by: Barakkus on 08/08/2009 02:05:27
Originally by: Mara Rinn
Visiting a site and getting pwned by a corrupted JPEG only requires you to be running Internet Explorer.
Unless something has changed recently, this is not entirely true. The method of jpeg infection as far as I know up to this point is either
1. an executable that places it's virus code in jpegs on the infected system in order to hide it and/or reinfect/execute if need be. 2. an infected jpeg of a different worm must be downloaded and the jpeg must be saved into a local folder, then the mouse pointer must be moved over the jpeg file's icon 3. you would have to be using IE6, Windows XP Service Pack 1 (or before - which everything comes with sp2 or later now), and Windows Server 2003
As far as I'm aware, the buffer overrun explotation does not only affect IE but windows explorer and could potentially happen with other software like photoshop...in the above mentioned builds...it has been patched for a very long time now, and did not affect windows 98, me, nt4 or 2k. Unless you are running the above mentioned versions of windows you don't really have to worry about it at this point. I have not heard of a new version of this type of virus hitting the internet, but if someone has, I'd like to see the info (cuz this stuff interests me and it's my job sorta).
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |