Announcement

**MisterCookie** · 05-14-2007, 10:11 PM

Re: MAJOR Password Logging Scheme

...or just use Firefox/Opera/Konqueror/Safari/ANYTHING OTHER THAN IE to prevent these problems.

Anyways, thanks for the warning, you can never be too careful.

**Chveya** · 05-14-2007, 10:24 PM

Re: MAJOR Password Logging Scheme

This happened on Fairy server too, last week. At least a couple people I know of lost their accounts.
The tells were sent by a couple different names, and the website address ended with .zip.
There's a thread on KI :link

edit: I hope its ok to post the link there; I've never posted a link before. -_-;

second edit: fixed link

**Legal Fish** · 05-14-2007, 10:26 PM

Re: MAJOR Password Logging Scheme

Anyone who is honestly that stupid deserves to have their account hacked. It would teach them a valuable lesson about the internet, and maybe life in general.

**Murphie** · 05-14-2007, 10:49 PM

Re: MAJOR Password Logging Scheme

Originally posted by Legal Fish View Post

Anyone who is honestly that stupid deserves to have their account hacked. It would teach them a valuable lesson about the internet, and maybe life in general.

I agree. Not that warning people not to fall for this is a bad idea, but seriously, if they don't already know not to visit/download any links that some complete stranger suggests, then they are probably already beyond help.

**Feba** · 05-15-2007, 12:55 AM

Re: MAJOR Password Logging Scheme

third'd. If you're stupid enough to be using an insecure browser AND not run a good antivirus, it's your own damn fault.

Hell, you deserve it for using IE at all. It's just asking for problems.

And website address ending in .ZIP? Are you fsking joking? That means that, not only did they let their computer download something extremely obviously, but they also apparently opened it. Honestly, not only do I not have pity for them, but if this is as insanely obvious as you're claiming it, I actually find this hilarious. You wouldn't let some random guy on the street mess with your car, why would you let some random guy on the internet mess with your computer?!

**Alshandra** · 05-15-2007, 03:14 AM

Re: MAJOR Password Logging Scheme

I had a guy send me a tell the other night in Al Zhabi, saying he was quitting FFXI and to check out his website <insert obvious virus link here> and i sent a tell back telling him to **** the hell off and he was set to away so i got the auto reply lol.. This was just before beseiged, three of my friends in my party in Al Zhabi also got the same tell.

pshhh.

How rude.

**Olorin401** · 05-15-2007, 03:16 AM

Re: MAJOR Password Logging Scheme

Originally posted by Chveya View Post

This happened on Fairy server too, last week. At least a couple people I know of lost their accounts.
The tells were sent by a couple different names, and the website address ended with .zip.
There's a thread on KI here
edit: I hope its ok to post the link there; I've never posted a link before. -_-;

It's fine to post a link, though it wasn't posted right so I fixed it for you.

Reading that thread is a real heads-up. Seems like they caught the guy who was running the scheme too (if it's only one person that is)...

**Ameroth** · 05-15-2007, 05:11 AM

Re: MAJOR Password Logging Scheme

Originally posted by Feba View Post

And website address ending in .ZIP? Are you fsking joking? That means that, not only did they let their computer download something extremely obviously, but they also apparently opened it.

That's the part that gets no sympathy from me. You brought this all upon yourself when you went to an untrusted/unknown URL ending in .ZIP and then proceeded to download and open said file. I hope these people that actually went to these URLs learn something; they won't though. >.>

**InuTrunks** · 05-15-2007, 05:15 AM

Re: MAJOR Password Logging Scheme

Apperently the website ended in .zip.

How. In. Gods. Stupid. Name....

/wow

**InuTrunks** · 05-15-2007, 05:35 AM

Re: MAJOR Password Logging Scheme

Starving, to me, from studying keyloggers, it seems to be a self extracting zip, meaning, it extracts as soon as it's downloaded no matter what.

I don't even think the zip is a zip, I think it's got a hidden extension. I'll look into it when I get home, more updates comming later, but for now, I got class.

**Arctic Wolf** · 05-15-2007, 05:37 AM

Re: MAJOR Password Logging Scheme

A friend of me got hacked too lately. He never gives his password to anyone, and changes it every month. I don't remember him saying anything about having received a /tell though.

These are his 2 characters:
*Removed Link*
From FFXIAH: Bierzwerg & Icequeen

All his items got sold, and his password changed back to what it was before, it all took about 3 days before he could login again, with no equipment and no gil. He called PlayOnline, but after a long phone call, the only result was "We're sorry for the inconvenience but we can't help you."

**Olorin401** · 05-15-2007, 05:41 AM

Re: MAJOR Password Logging Scheme

Originally posted by StarvingArtist

Some people in my LS also got this message. "/sarcasm dl it and open it, because nothing bad ever comes from teh intarweb"
Seriously though, at what point does this Trojan actually install/activate?
-Just visiting the link? I would imagine you get prompted for a download, unless your browser is set to automatically dl/open .zip files (which would be a bad idea).
-If the file is downloaded, is it self installing? Not running a scan at this point is going further into bad internet habits.
-Is there an actual program inside the zip that has to be activated by the user? If that's the case, they have stumbled beyond faux pas.

Well I suppose that's the trick here.. You don't necessarily have to download the file yourself, nor do you have to unzip it yourself.

If the person/people running this scheme have any amount of talent, they probably wrote cookies, ActiveX controls and/or Javascript into the webpage itself that would automate all that action behind the scenes. Even if someone visited the website out of curiosity, and knew enough not to get the file on their own, you would still get compromised and not know until it was too late.

**Karinya** · 05-15-2007, 08:59 AM

Re: MAJOR Password Logging Scheme

Except that any well-designed web browser won't allow a website to do that kind of monkeying with your local machine without user approval. There are security restrictions placed on web content running on local machines for exactly that reason.

Which sort of brings us back to "don't use IE".

**InuTrunks** · 05-15-2007, 09:12 AM

Re: MAJOR Password Logging Scheme

Kar, Just because you don't use IE, dosn't automaticly make you safe, There are workarounds in old Firefox (1.5.x) as well which have been found and fixed in 2.0 (which you should upgrade to). Also, a simple setting turned on in Firefox (which can be programed to by a simple click of a button) makes it auto run scripts, <b>WITHOUT USER APPROVIAL</b> because you already have it.

Also, this keylogger isn't jsut targeting your POL ID (common misconception), it's infact logging everything you type, including windows, and what not. This is an old scam which can easilly be used to steal your idenity.

Announcement

MAJOR Password Logging Scheme

MAJOR Password Logging Scheme

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment