| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Aya
The Illuminati.
Triumvirate.
   |
Posted - 2008.03.28 23:56:00 -
[1]
Edited by: Aya on 28/03/2008 23:59:45
Edited by: Aya on 28/03/2008 23:59:23
Edited by: Aya on 28/03/2008 23:57:34
Not sure how much this applies to Eve, but in other games RMT have switched strategies from farming for isk/gold/whatever to actually hacking accounts. They seems to have bought very popular sites of the games and loaded them with keyloggers. In FFXI alone hundreds of accounts have been hacked. To be safe I've posted a list of suspect keyloggers that might be on your computer.
 Quote:
A couple of days ago my account was hacked by a keylogger. Normally I'm a very secure person but I found out the issue and where it occurred. I have a few computer systems and one of my systems was using Trend Micro and it failed to notice the keylogger trojan injection. Here is the following information folks should be concerned about regarding this:
Trojan Type:
Agent.GDA type
Files:
C:\Windows\System32\rsbo.exe
C:\Windows\System32\kb1ss1p.dll
C:\Windows\System32\kb1ss1p.sys
Registry Key:
{ED0ACB58-556F-21DA-DDFE-6D20F3F611BB}
The file rsbo.exe automatically creates the .sys and .dll files each time you login. They are stored in the windows\system32 directory. They inject themselves into the windows processes and remain hidden from "most" antivirus protection. Norton, McAfee, and Trend Micro did not find this trojan. The only software that found it was AVG Pro.
The method of injection occurred through Internet Explorer, even though I had all windows updates on that particular machine.
Again, this was not my main system but a secondary system that was affected. My main character Drabin (level 70 mage) was stripped of all gold, many items, and the incident reported. I'm waiting for (hopefully) reimbursement to come.
I am posting this as a helpful post so that others do not have this occur to them. Originally I had thought I retrieved the keylogger from WAU (Wow Ace Updater) but was sorely mistaken. Even though it is a third party software, the method of injection was not from this app.
Recommendations for other players so they don't get a keylogger:
# Don't use Internet Explorer (use Mozilla Firefox as it is a much safer and secure browser)
Use a solid Anti-virus package (do not use multiple)
Implement a Firewall
Use Hijackthis to check issues on your system
Use Spywareblaster to block and protect your browsers from known spyware/malware
Use Rootkit Unhooker (to find rootkit injections in your processes)
Use RegistryBooster or similar (to clean your registry of unwanted or susceptible rootkit hacks)
More information can be found at
http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&st=0&sk=t&sd=a
|
Aya
The Illuminati.
Triumvirate.
|
Posted - 2008.03.28 23:58:00 -
[2]
Edited by: Aya on 29/03/2008 00:03:14
gosh gimme a chance to load it up :(
Would also like to add this
Quote:
When this first broke, I tried to keep up with it, but after a while it became to much. So excuse me if this has been pointed out before. I was reading the news on CNN.com, and came across this article. Here's a quote that really caught my eye:
Quote:
:
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at CA Inc.
If this is true, how many of those hacked around Christmas bought and setup one of these digital picture frames?
|
Aya
The Illuminati.
Triumvirate.
|
Posted - 2008.03.29 01:19:00 -
[3]
Edited by: Aya on 29/03/2008 01:30:12
The problem came from a player owned site and it came from a popup made to look like an actual PC information bar popup that even if you closed it would still give you the trojan. Even player owned sites are vunerable and this plauge has outsorced to many games battling RMT.
|
| |
|