| Pages: 1 2 [3] 4 5 6 :: one page |
| Author |
Thread Statistics | Show CCP posts - 12 post(s) |
Tachy
   |
Posted - 2006.06.26 19:30:00 -
[61]
Rule #1 in IT security: A compromised computer is a compromised computer. Start with a lowlevel format or exchange of the harddrive. Apply a mallet to the harddrive if you don't dare reinstalling software.
Wanna bet that a lot of wannabe pilots knocked their network access out by disabling svchost.exe?
Heuristic malware detection programs are useless when they're trying to find handmade stuff that isn't widespread.
--*=*=*--
Even with nougat, you can have a perfect moment. |
|
Sharkbait
|
Posted - 2006.06.26 19:30:00 -
[62]
 Originally by: Arcadia1701
i just ment how can i tell what ones are legit and what if any arent.
basically if you didn't download the program and didn't try to cheat, then you are kinda safe from it.
i noticed i had a svchost file that used about 1.4meg and was very cpu hungry. it was maxing out 1 of the amd cores in my machine. but however, i am not 100% sure about this, so if you have tried it and can't find the file i speak of, it does not mean you are safe from it.
Originally by: Dexter Grim
Well CCP can trace where all the transferred isk is going.
Are they going to ban those accounts receiving it? A word of caution on banning though, the key loggers might transfer isk to innocent people, hoping to cover their tracks and/or get innocent people banned.
If a large sum of isk appears in your wallets petition it if it's unexpected. Dont spend it or transfer it on.
yes it is being looked into and it is not being taken lightly
|
|
End Yourself
|
Posted - 2006.06.26 19:31:00 -
[63]
Originally by: Arcadia1701
i just ment how can i tell what ones are legit and what if any arent.
sadly you cant tell for sure. it's all about a chain of trust. your computer "could" have been compromised the day you bought it with preinstalled OS allready. or if you installed it yourself the CD might contain the malware allready. highly unlikely but it is possible. no sane decision maker in a company with increased security necessity would buy(and use) preinstalled clients for example. starting at this point of trust only trustworthy software is added....
for home users its alot about tradeoffs tho, sadly.
svchost is used to run alot of system services, single instances run multiple services.... so one of those instances might be legit and not at the same time
tasklist /svc shows which services were started by which svchost instance.
BUT on a compromised system even that output might be fake. ALL output might be fake.
that's the reason why in my opinion if you feel that your system is wonky, if you dont trust it anymore.... then you will have to reinstall it and start again at a point you fully trust. which is the CD.
---
Fighting for peace is like screwing for virginity.
|
|
Sharkbait
|
Posted - 2006.06.26 19:32:00 -
[64]
Originally by: Tachy
Rule #1 in IT security: A compromised computer is a compromised computer. Start with a lowlevel format or exchange of the harddrive. Apply a mallet to the harddrive if you don't dare reinstalling software.
Wanna bet that a lot of wannabe pilots knocked their network access out by disabling svchost.exe?
Heuristic malware detection programs are useless when they're trying to find handmade stuff that isn't widespread.
rule 1 is don't download crappy programs that allow you to cheat or state they help you cheat.
|
|
End Yourself
|
Posted - 2006.06.26 19:33:00 -
[65]
Originally by: Tachy
Rule #1 in IT security: A compromised computer is a compromised computer. Start with a lowlevel format or exchange of the harddrive. Apply a mallet to the harddrive if you don't dare reinstalling software.
Wanna bet that a lot of wannabe pilots knocked their network access out by disabling svchost.exe?
Heuristic malware detection programs are useless when they're trying to find handmade stuff that isn't widespread.
QFT!
---
Fighting for peace is like screwing for virginity.
|
Arcadia1701
|
Posted - 2006.06.26 19:42:00 -
[66]
lol this reminds me of somthing that happend on another less heard of MMO i used to play, it was setup my players though. They basicly shouted around ingame * go here to dl this cheat it will double ur items / money * or whatever, then some noobs would fall for it, DL it, get keylogged, and login again with no items lol. There items got given away. it was like a player ran * catch the gullable cheater* ploy.
|
BadIronTree
|
Posted - 2006.06.26 19:45:00 -
[67]
Originally by: Valar
We have found out that this keylogger adds itself to the registry and automatically runs on startup with the name "svchost.exe" after you run it the first time.
NOTE THAT THERE ARE ALSO A FEW SYSTEM PROCESSES IN WINDOWS CALLED SVCHOST.EXE
If you have installed this keylogger, we recommend getting professional help to remove it.
CCP support staff does not provide support for removing this program.
send this file to
[email protected]
if it it unic the trojan/keyloger will be named as a new :)
cool to see W32 eve-trojan downloader or something :)
+ will protect noobs
+ less petisions
http://www.kaspersky.com/ just rule in all protection... I Use KIS 6
3 months now :)
_________
Elite Frigate pilot :)
Assault, Interceptors, Stealth bombers, Interdictors, covert ops
the sig is stolen like
your corpes :) |
End Yourself
|
Posted - 2006.06.26 19:45:00 -
[68]
Originally by: Sharkbait
Originally by: Tachy
Rule #1 in IT security: A compromised computer is a compromised computer. Start with a lowlevel format or exchange of the harddrive. Apply a mallet to the harddrive if you don't dare reinstalling software.
Wanna bet that a lot of wannabe pilots knocked their network access out by disabling svchost.exe?
Heuristic malware detection programs are useless when they're trying to find handmade stuff that isn't widespread.
rule 1 is don't download crappy programs that allow you to cheat or state they help you cheat.
one of the few good posts in here and what does he get as answer from a dev?!?
FUD isn't the right response to macroers and other scum, sorry 
---
Fighting for peace is like screwing for virginity.
|
Tachy
|
Posted - 2006.06.26 19:47:00 -
[69]
Originally by: Sharkbait
Originally by: Tachy
[...]
rule 1 is don't download crappy programs that allow you to cheat or state they help you cheat.
You sound pretty sure the keylogger is only coming from that one source.
'Don't download anything taylored for your favorite passtime' is DaRule for me. At least on the comp I use for playing.
With the last couple of patches in Acrobat Reader they fixed a couple of ugly holes. I have seen a couple of nifty production and pos planers, trade guides and whatnot coming as .pdf. There are enough of taylored downloads available all over the net for EVE that are well within the EULA and TOS - but are still dangerous.
A couple of programs like RealPlayer and WinAmp had a couple of recently patched holes that could have been used by hijacked videos.
I know of a couple other ways to that ain't fixed yet and that I wont list.
--*=*=*--
Even with nougat, you can have a perfect moment. |
End Yourself
|
Posted - 2006.06.26 19:53:00 -
[70]
Edited by: End Yourself on 26/06/2006 19:55:22
Originally by: Tachy
Originally by: Sharkbait
Originally by: Tachy
[...]
rule 1 is don't download crappy programs that allow you to cheat or state they help you cheat.
You sound pretty sure the keylogger is only coming from that one source.
'Don't download anything taylored for your favorite passtime' is DaRule for me. At least on the comp I use for playing.
With the last couple of patches in Acrobat Reader they fixed a couple of ugly holes. I have seen a couple of nifty production and pos planers, trade guides and whatnot coming as .pdf. There are enough of taylored downloads available all over the net for EVE that are well within the EULA and TOS - but are still dangerous.
A couple of programs like RealPlayer and WinAmp had a couple of recently patched holes that could have been used by hijacked videos.
I know of a couple other ways to that ain't fixed yet and that I wont list.
or eve videos or excel sheets for production or or or or.... lots of bugs in all kind of programs.
this case(double your isk cheat) just clearly shows that brain > virusscanner
dunno how often i have to repeat myself regarding this but another VERY important rule is: do NOT work with admin rights. that should solve most of the bugs in winamp, mplayer, acrobat, excel.... crap
---
Fighting for peace is like screwing for virginity.
|
Miranda Duvall
|
Posted - 2006.06.26 20:00:00 -
[71]
Simple truths for the non-securityexperts among us:
1. yes there are people out to get you! *Any* completely unsecured system will be hyjacked within MINUTES if fully exposed to the internet. (I've seen several occurences where the system was overtaken before being able to finish windows updates after a fresh install)
2. If your system has a virus/trojan whatever, it may very well not be your system anymore. It could very possibly be under the control of a hacker/botnetadmin, who may or may not decide to let you play on it, as long as you don't reinstall windows.
3. The only way to be sure to get rid of a hacker is to "flatten and rebuild". a virusscanner may not catch everything, a hacker can lie/hide/cheat/do anything to make you believe he's gone, but the only way to be 100% sure: "format c:" (wipe your system clean and start from the bootable CD)
How to avoid 99% of these hostile takeover attempts?
a: Use windows updates! Set it to autoupdate, and never ignore the sign that says: New updates are available. Install them as soon as you can. (A couple of days is mostly OK, but never wait more then a week)
b: Use the onboard firewall that comes with windows XP: there is a checkbox that should read: "yes, please protect me from evil pirates". Check it! (wording may be different  ). If you have any other legit firewall software, you can use that instead (ZoneAlarm etc are very good firewalls with more goodies than the onboard firewall).
c: use a virus scanner and keep it up to date. (virus definitions that are 2 months old are almost no better than having no virus scanner). In addition to this, MS has a "malicious software removal tool" that comes with windows updates: use that too.
d: dont use easy to guess passwords: "mypassword" and "password98" qualify as lame. It's not neccessary to use passwords like "#%4fThS%l*QarT", but try to get in between... (Most passwords allow for spaces, so why not use a full sentence instead of 1 word)
e: this is the tough one: Try not to do anything with admin privileges. In XP this is easy: Create a normal user account, and play EVE/surf/check mail/MSN using that account (only log in as admin if you need to install something). Most of the evil stuff needs you to be the admin to be able to install.
For the record: I work for a big ISP and I'm the operational security guy, and im a complete microsofty. Linux/Unix/FireFox will never find its way into my home.
Security in Microsoft is easy, but if ignored: yes it is unsafe, but no more/less so then a linux box would be if you ignore security.
|
Kylania
|
Posted - 2006.06.26 20:12:00 -
[72]
Originally by: Miranda Duvall
Simple truths for the non-securityexperts among us:
1. Don't try to cheat.
That's all you need to say. All the PC security safety tips and paranoia in the world isn't gonna change the fact that these players lost their accounts because they tried to cheat.
--
Lil Miner
Newbie Skills Roadmap | Visual Building Guide (Both work in game too!) |
|
kieron
|
Posted - 2006.06.26 20:16:00 -
[73]
The news item has been updated again with additional information. If you value your computer security, personal identity, financial information, etc., do NOT use any third-party programs that seem too good to be true. If it is a cheat or a hack, chances are that you, the wanna-be cheater, are going to be the one suffering in the long run.
It's just a shame that common sense isn't so common any more.
kieron
Community Manager,
EVE Online |
|
End Yourself
|
Posted - 2006.06.26 20:19:00 -
[74]
Originally by: Kylania
Originally by: Miranda Duvall
Simple truths for the non-securityexperts among us:
1. Don't try to cheat.
That's all you need to say. All the PC security safety tips and paranoia in the world isn't gonna change the fact that these players lost their accounts because they tried to cheat.
 dyslexia 4tw?
noone lost his account. and IT security is not about some virtual items in a mmorpg, it's about a few thousand bucks on my bank account, the credit line on my CCs.......
---
Fighting for peace is like screwing for virginity.
|
Sodhammer
|
Posted - 2006.06.26 20:44:00 -
[75]
For those not familiar with PC security and hacking in general, here are a few items to keep in mind.
Keyloggers are programs that record every key you press. This information is then forwarded out onto the web for people to use. So if you open your web browser and type:
www.mybank.com
joeblow
mypassword
Its not too hard to figure out you have an account at a certain bank, and your username/password. This particular keylogger was aimed at EVE, but it ran at startup, so all keystrokes were probably copied and sent to the originator.
Rootkits are programs that gain you root access. This means they get you adminstrative (total) rights to a machine. The idea comes from being able to log onto a machine with limited rights, then boosting your self to administrator (noticed that a few people said "dont sign in as admin", thats what root kits are for).
Social engineering is a way to say SCAM. All machines have some security, and social engineering is a way to get the user to bypass that security and allow the machine to be compromised. The program mentioned here is a perfect example. An offer to get a user free isk convinces them its a good idea to install some program on their machine. This gets the program past their firewall and probably past the anti virus software. Social Engineering is the most common form of attack being done by thousands of different people. Have you noticed the huge amounts of spam e-mail you get? Most of that is social engineering type attacks. They are either asking you to install software on your PC, or send private information to them (name and credit card). The most common example of a non PC Social engineering attack is the letter saying "I am the son of an oil minister in Sudan. I need to move some money to the US. Please give me your account number to do this, and I will give you 5% of 500 million dollars".
From a personal security point of view, if you are not PC literate I would recommend the following things:
If you have an always on connection (DSL, Cablemodem), get a hardware firewall. My DSL came with one from the phone company. My cablemodem did not. Hardware firewalls are better for keeping people out, software firewalls have the special ability of warning you when an application is doing something bad, using both gives the advantages of both.
If you do any type of financial work on your PC, get another PC. That means if you do online banking, E-Bay, TurboTax or anything that involves you typing a credit card number into your browser, dedicate a machine to it. These sites and applications are not that processor/graphic intensive, a low to midrange pc will drive them just fine. If you have kids that use the computer, or like to download all those free internet games, its just a matter of time before your machine is compromised. And by time, I mean a few days to a few weeks. Remember, someone scamming your Eve account and taking all of your isk will annoy you. Someone getting your bank info and stealing your real life money/credit rating will be much worse.
This is not an Eve thing, these problems have existed ong before, and will exist when we are flying spaceships in real life.
|
End Yourself
|
Posted - 2006.06.26 21:02:00 -
[76]
Originally by: Sodhammer
Rootkits are programs that gain you root access. This means they get you adminstrative (total) rights to a machine. The idea comes from being able to log onto a machine with limited rights, then boosting your self to administrator (noticed that a few people said "dont sign in as admin", thats what root kits are for).
pls educate yourself before informing others.
---
Fighting for peace is like screwing for virginity.
|
Bunny Wunny
|
Posted - 2006.06.26 21:04:00 -
[77]
I'd reccomend people check out Hijackthis and some of the progs on the CPU-z site, they both have tools that tell you what is starting up with your PC, and you SHOULD (could maybe if you know a bit about these things) be able to tell what is and is not supposed to be running.
just my 2p
|
Mikal Drey
|
Posted - 2006.06.26 21:10:00 -
[78]
hey hey
im sure it was said that not all 3rd party progs are ebil etc. . but CCP state with all Vehemence DO NOT USE 3rd party apps or GIVE OUT LOGIN details.
Will CCP remove all stickies with 3rd party apps such as QuickFit, EveMON etc. . I used QuickFit and yes its a good app i have ECM installed and use regularly and their "safe connect" mode still may or may not be safe EveMON actually ASKS for the login details and regardless of the multiple posts regarding the safety of the tool people STILL enter the details.
I love this community and the plethora or apps/spreadsheets that are available but buyer beware 100% of the time here. DO NOT give out your login details !
Spreadsheets contain macros as much as 3rd party apps contain Viruses and hacs etc . imho its your risk when u disable warnings and DL and use theses things.
Well done CCP for constant vigilance and care for its community. I hope the guilty party gets caught and not only permabanned but arrested.
|
Tas Devil
|
Posted - 2006.06.26 21:13:00 -
[79]
Originally by: kieron
The news item has been updated again with additional information. If you value your computer security, personal identity, financial information, etc., do NOT use any third-party programs that seem too good to be true. If it is a cheat or a hack, chances are that you, the wanna-be cheater, are going to be the one suffering in the long run.
It's just a shame that common sense isn't so common any more.
It's also a shame that common sense is not always applied by CCP or its representatives when communicating such warnings... 
The best Laugh ever ...
Credit goes to Killer8 for this !
Oh and apparently the mods tell me there is bad language on his site so beware kids :) |
phillip duncan
|
Posted - 2006.06.26 21:19:00 -
[80]
I assume that you are trying to track all the stolen ISK?
It is ether going to end up on in the player who created the keylogger or a isk buyer. I assume that they will both get the same basic treatment* a visit from the ban hammer?
Our you going to try and track the source of the isk and ban them as well or let the loss of there money be a warning?
*The player/auther I assume will also be reported to the police as a matter of course for hacking.
|
Air'iana
|
Posted - 2006.06.26 21:38:00 -
[81]
Jeez, between the keyloggers, macrominers, escrowbots, macromission runners, and the normal petitions its no wonder people think that CCP isnt doing anything about these people, the job is becoming (has been for a while?) overwhelming.
sigh.....
|
Hoshi
|
Posted - 2006.06.26 21:40:00 -
[82]
Originally by: FingerThief
Originally by: Arcadia1701
i just ment how can i tell what ones are legit and what if any arent.
Please note that the following is only to show you were to look.
START -> RUN -> REGEDIT <enter>
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Services are generally not started from there and if you see the file launched there ... you got it.
Do not blindly delete anything that you THINK shouldn't be there. Pretty please.
An easier way (and less error thrown as you can undo any changes) are to go to start->run and type "msconfig", then go to the startup tab and uncheck anything you don't want.
--------------------------------------------------------------------------------
|
Miranda Duvall
|
Posted - 2006.06.26 21:45:00 -
[83]
Originally by: End Yourself
Edited by: End Yourself on 26/06/2006 21:09:17
Originally by: Sodhammer
Rootkits are programs that gain you root access. This means they get you adminstrative (total) rights to a machine. The idea comes from being able to log onto a machine with limited rights, then boosting your self to administrator (noticed that a few people said "dont sign in as admin", thats what root kits are for).
pls educate yourself before informing others.
what you are describing is a local priviledge escalation exploit. those are very uncommon for the ms windows os, simply because 90+% are working as admin anyway. they are not less likely to exist than for other OS tho.
when you leave your house do you leave the door open because that is what the housebreakers bring tools for anyway?!?
Give the man some credit for advocating for good security practise, even if he does get his terms mixed up:
A rootkit doesnt give you "root" access, what it does is hide stuff from you (and your virusscanner), the "better" rootkits are even giving Mark Russinovich (of sysinternals, the guy that discovered Sony was using root-kit technology) a headache, because they hook low into the OS, making sure they (the rootkits) and the software they come with (the actual trojan/virus) are invisible to explorer, taskmanager, your virusscanner etc.
For a read on Sony and the rootkit business: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html (copy/paste the link: direct link to non-eve site is not allowed in the forum)
Rootkits are EVIL because they can render all your scans useless. This is why, when infected, your only sure way to get rid of it is to erase the system (you can never be sure you got all the rootkits out).
"Fortunatly" most root kits need admin privileges to install themselves because they live deep in the system where only the OS itself and the admin may do stuff.
|
MysticNZ
|
Posted - 2006.06.26 22:17:00 -
[84]
Which program installed this keylogger... that might help?
-=====-
|
End Yourself
|
Posted - 2006.06.26 22:25:00 -
[85]
Originally by: Miranda Duvall
Originally by: End Yourself
Originally by: Sodhammer
(noticed that a few people said "dont sign in as admin", thats what root kits are for).
when you leave your house do you leave the door open because that is what the housebreakers bring tools for anyway?!?
Give the man some credit for advocating for good security practise, even if he does get his terms mixed up
wont get any credit for disencouraging peeps to get rid of their admin priviledges
---
Fighting for peace is like screwing for virginity.
|
Major Death
|
Posted - 2006.06.26 23:33:00 -
[86]
Edited by: Major Death on 26/06/2006 23:38:01
Edited by: Major Death on 26/06/2006 23:34:45
The majority of the Macro Mining programs sold on E-Bay contain some form of Root-Kit/Trojan/Key-Logger. This has been reported several times before and yet idiots continue to pay for and use these programs. Granted a few 3rd Party tools are suspect, but the primary source of the problem is game breaking programs like Macro miners. Of course panic is overtaking logic at this point. Right now someone who downloaded an excel sheet of game info is formating their harddrive in misguided panic 
As for who gets the stolen ISK, I would suspect its being sold on to, or perhaps through, the many ISK sites being advertised over the in game mail system.
|
Nikolai Nuvolari
|
Posted - 2006.06.26 23:55:00 -
[87]
CCP should distribute software like this that reports back to CCP to tell them every account the player has so they can all be banned.
Then it should corrupt all of their disks just for good measure.
--------
Tom Thumb > for a nut case you rawk
[04:21:15] Mebrithiel Ju'wien > Nik's bio 4tw btw
[07:38:53] Graelyn > Nikolai for Dev 108!
|
Infinity Ziona
|
Posted - 2006.06.26 23:59:00 -
[88]
Originally by: Tachy
Rule #1 in IT security: A compromised computer is a compromised computer. Start with a lowlevel format or exchange of the harddrive. Apply a mallet to the harddrive if you don't dare reinstalling software.
Thats going overboard.
A clean reinstallation is fine if you must you can create a completely new partition. I dont believe there is any software capable of installing itself on a partition before the partition is in existence. Removing or breaking your hard drive is plainly nuts unless your in the military or some other high security organization (even then its nuts but what can you do).
And if you are in one of the aforementioned organizations, why the hell are you playing Eve on the systems in the first place.
|
Maya Rkell
|
Posted - 2006.06.27 00:49:00 -
[89]
Originally by: Dark Shikari
Edited by: Dark Shikari on 26/06/2006 17:52:33
Originally by: End Yourself
those were rethorical questions and just for you the answer to all of them was NO
just read the latest dev reply and you will see how right i was, kthx!
and can everyone who does NOT have the faintest idea about IT security pls shut the **** up and stop confusing those who are affected by this. judging by the kind of tool(doubles your isk on the client, lol) they installed they are dumb enough to follow your advices as well
thx
I know exactly what you're going on about (I know IT security) but what you are saying simply isn't practical for a home user.
First of all, they're using Windows, a massively insecure operating system to begin with. If they cared about security enough to reformat upon the slightest security breach, they would have installed Linux instead.
Yes, and of course you're goint to pay to port all the programs I use over, a numebr of which are known incompatible with WINE, etc etc etc.
Linux is also simply not a suitable home OS for the non-technical.
Contrast with a project like Open Office...
Tachy, again, unless offering to pay for peoples hard drives, giving that kind of asvice on a forum is simply unwise.
But yea, pleased this got caught (glad to be of service, etc), and no I didn't as much as download it..
|
Dark Shikari
|
Posted - 2006.06.27 00:51:00 -
[90]
Originally by: Maya Rkell
Originally by: Dark Shikari
Originally by: End Yourself
those were rethorical questions and just for you the answer to all of them was NO
just read the latest dev reply and you will see how right i was, kthx!
and can everyone who does NOT have the faintest idea about IT security pls shut the **** up and stop confusing those who are affected by this. judging by the kind of tool(doubles your isk on the client, lol) they installed they are dumb enough to follow your advices as well
thx
I know exactly what you're going on about (I know IT security) but what you are saying simply isn't practical for a home user.
First of all, they're using Windows, a massively insecure operating system to begin with. If they cared about security enough to reformat upon the slightest security breach, they would have installed Linux instead.
Yes, and of course you're goint to pay to port all the programs I use over, a numebr of which are known incompatible with WINE, etc etc etc.
Linux is also simply not a suitable home OS for the non-technical.
Contrast with a project like Open Office...
Not really. Windows is hell to install, and you need all sorts of help getting drivers to work: I installed Ubuntu the other day and it worked perfectly out of the box, and took under 10 minutes to install. But I wasn't referring to Linux as a home OS: I was referring to the fact that if the user was security-obsessed enough to run a low-level format due to a keylogger, they wouldn't use a sieve like Windows to begin with.
--Proud member of the [23]--
-WTB Platinum Technite, WTS Nanotransistors, Heavy Electron II, 100mn AB II- |
| |
|
| Pages: 1 2 [3] 4 5 6 :: one page |
| First page | Previous page | Next page | Last page |