| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Aya
The Illuminati.
Triumvirate.
   |
Posted - 2008.03.28 23:56:00 -
[1]
Edited by: Aya on 28/03/2008 23:59:45
Edited by: Aya on 28/03/2008 23:59:23
Edited by: Aya on 28/03/2008 23:57:34
Not sure how much this applies to Eve, but in other games RMT have switched strategies from farming for isk/gold/whatever to actually hacking accounts. They seems to have bought very popular sites of the games and loaded them with keyloggers. In FFXI alone hundreds of accounts have been hacked. To be safe I've posted a list of suspect keyloggers that might be on your computer.
 Quote:
A couple of days ago my account was hacked by a keylogger. Normally I'm a very secure person but I found out the issue and where it occurred. I have a few computer systems and one of my systems was using Trend Micro and it failed to notice the keylogger trojan injection. Here is the following information folks should be concerned about regarding this:
Trojan Type:
Agent.GDA type
Files:
C:\Windows\System32\rsbo.exe
C:\Windows\System32\kb1ss1p.dll
C:\Windows\System32\kb1ss1p.sys
Registry Key:
{ED0ACB58-556F-21DA-DDFE-6D20F3F611BB}
The file rsbo.exe automatically creates the .sys and .dll files each time you login. They are stored in the windows\system32 directory. They inject themselves into the windows processes and remain hidden from "most" antivirus protection. Norton, McAfee, and Trend Micro did not find this trojan. The only software that found it was AVG Pro.
The method of injection occurred through Internet Explorer, even though I had all windows updates on that particular machine.
Again, this was not my main system but a secondary system that was affected. My main character Drabin (level 70 mage) was stripped of all gold, many items, and the incident reported. I'm waiting for (hopefully) reimbursement to come.
I am posting this as a helpful post so that others do not have this occur to them. Originally I had thought I retrieved the keylogger from WAU (Wow Ace Updater) but was sorely mistaken. Even though it is a third party software, the method of injection was not from this app.
Recommendations for other players so they don't get a keylogger:
# Don't use Internet Explorer (use Mozilla Firefox as it is a much safer and secure browser)
Use a solid Anti-virus package (do not use multiple)
Implement a Firewall
Use Hijackthis to check issues on your system
Use Spywareblaster to block and protect your browsers from known spyware/malware
Use Rootkit Unhooker (to find rootkit injections in your processes)
Use RegistryBooster or similar (to clean your registry of unwanted or susceptible rootkit hacks)
More information can be found at
http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&st=0&sk=t&sd=a
|
Roxanna Kell
FinFleet
Band of Brothers
|
Posted - 2008.03.28 23:57:00 -
[2]
EPIC
Quote:
You are what you are, fool
|
Karanth
Eve's Brothers of Destiny
Free Trade Zone.
|
Posted - 2008.03.28 23:57:00 -
[3]
Shocking news!
"Current Earth-Destruction Status" |
Jinx Barker
GFB Scientific
Interstellar Corporate Alliance
|
Posted - 2008.03.28 23:57:00 -
[4]
Edited by: Jinx Barker on 29/03/2008 00:07:44
Originally by: Aya
Edited by: Aya on 29/03/2008 00:03:14
gosh gimme a chance to load it up :(
Would also like to add this
Quote:
When this first broke, I tried to keep up with it, but after a while it became to much. So excuse me if this has been pointed out before. I was reading the news on CNN.com, and came across this article. Here's a quote that really caught my eye:
Quote:
:
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at CA Inc.
If this is true, how many of those hacked around Christmas bought and setup one of these digital picture frames?
You see, I am being nice, and edited my post flaming your formerly empty space. 
|
Aya
The Illuminati.
Triumvirate.
|
Posted - 2008.03.28 23:58:00 -
[5]
Edited by: Aya on 29/03/2008 00:03:14
gosh gimme a chance to load it up :(
Would also like to add this
Quote:
When this first broke, I tried to keep up with it, but after a while it became to much. So excuse me if this has been pointed out before. I was reading the news on CNN.com, and came across this article. Here's a quote that really caught my eye:
Quote:
:
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at CA Inc.
If this is true, how many of those hacked around Christmas bought and setup one of these digital picture frames?
|
Marthai
Moonvine Industrial Corporation
|
Posted - 2008.03.29 00:05:00 -
[6]
Thanks for the information, Aya! :)
Actually, I haven't done a virus scan in a while, good time to do it now.
Marthanna
Former SWG Player, Corbantis server
Down with the NGE...a year (and more) later, and I"m still bitter... |
Rabbitgod
Veto. Academy
Veto Corp
|
Posted - 2008.03.29 01:10:00 -
[7]
All the best eve sites are owned and run by eve players, use them. If your using eve.allakhazam.com or other such sites and using you same username / password on their site or downloading tools from their servers even known good ones like evemon you have earned an account hacking.
Get your tools from the original devs site.
Don't use your eve user/pw on other sites.
Install Spy Bot Search and Destroy.
|
Aya
The Illuminati.
Triumvirate.
|
Posted - 2008.03.29 01:19:00 -
[8]
Edited by: Aya on 29/03/2008 01:30:12
The problem came from a player owned site and it came from a popup made to look like an actual PC information bar popup that even if you closed it would still give you the trojan. Even player owned sites are vunerable and this plauge has outsorced to many games battling RMT.
|
Aurix Lexico
Repo Industries
R.E.P.O.
|
Posted - 2008.03.29 01:28:00 -
[9]
linux/free bsd anyone? 
|
Frug
Repo Industries
R.E.P.O.
|
Posted - 2008.03.29 01:43:00 -
[10]
quick, stop using ie!
- - - - - - - - - Do not use dotted lines - - - - - - -
If you think I'm awesome, say BOOO
BOOO!! - Ductoris
Neat look what I found - Kreul
Hey, my marbles |
N1fty
Galactic Shipyards Inc
HUZZAH FEDERATION
|
Posted - 2008.03.29 02:19:00 -
[11]
This is BRAND NEW information!
Originally by: CCP Eris Discordia
I usually close my eyes and just beg, out loud added with a lot of squealing.
I swear it helps.
|
Andargor theWise
The Fated
Odyssey.
|
Posted - 2008.03.29 04:20:00 -
[12]
FF + adblock + flashblock + noscript = no problem
-
Stop the Feature Glut: Take the API to the Next Level
|
Kyusoath Orillian
UK Corp
Brutally Clever Empire
|
Posted - 2008.03.29 09:58:00 -
[13]
the safest antiviral package is COMMON SENSE.
_________________________________________________
|
Inconstant Moon
|
Posted - 2008.03.29 10:31:00 -
[14]
It's a big industry now, lots of money in it. Inevitably the criminal element will want a slice of the pie.
Quote:
Globally the business is huge. Edward Castronova, an academic studying the economics of online gaming at the University of Indiana, estimates that the real money trade - people paying real cash for virtual items - is worth around $300-$400m.
BBC News article
--
CONCORD provides neither consequences nor safety. |
Malcanis
|
Posted - 2008.03.29 10:33:00 -
[15]
Originally by: N1fty
This is BRAND NEW information!
A reminder now and then is not a bad thing.
CONCORD provide consequences, not safety; only you can do that. |
Sirion Fujiwara
|
Posted - 2008.03.29 10:47:00 -
[16]
This is incredible. I had no idea. Surely manufacturers can be held legally accountable!?
Of course - that won't help the guy who's lost all his passwords for.... everything. (Including EVE) 
First they macro our roids to death and now this! 
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |