Announcement

**Callisto** · 12-11-2007, 08:06 AM

Re: Interesting Alla thread on accout hijacking

They might have used both formats then, unless they now make Trojans that can hack your 360 account from your PC. If a console account gets stolen, 99.9% of the time it's because they shared their account info and don't admit it.

**CroweMidgard** · 12-11-2007, 08:07 AM

Re: Interesting Alla thread on accout hijacking

The "safest" way I found to not get these viruses is to just get a completely worthless laptop that pretty much can only do Webpages. Pick one up for 100-200 bucks from budget bin in a local computer show or garage sale. Expect to reformat it every so often (may want to even ghost it to make the process fast)

While I have never seen a FFXI targeted virus I have run into probably a few hundred WOW ones, which may also apply to FFXI. Generally they are very basic, Crash game, run key sniffer for a time period and send the results. I have gotten them all from banners of pretty popular WOW websites too, which is sort of scary.

**Lunaryn** · 12-11-2007, 08:20 AM

Re: Interesting Alla thread on accout hijacking

Originally posted by Callisto View Post

They might have used both formats then, unless they now make Trojans that can hack your 360 account from your PC. If a console account gets stolen, 99.9% of the time it's because they shared their account info and don't admit it.

While there's certainly a lack of hard evidence, which most people do take as an invitation to apply their own worldview and personal biases as obvious explanations, most of what I have read suggests to me that there are probably at least 3 different ways in which accounts are being compromised here, with the keylogger suspect being merely one. There hasn't been more than an off-hand reference to one suspected source of Xbox360 compromise so I'd consider that one up in the air, but the majority of the BG accounts have cast their suspicion on the Linkshell Community site, with a few going so far as to suggest that characters are being targeted directly by way of endgame LS affiliation and equipment owned. Again, no proof of anything, but more than enough attention is directed this way to raise concerns.

**Neomage** · 12-11-2007, 02:25 PM

Re: Interesting Alla thread on accout hijacking

Well, we have Xbox 360 and PS2 users getting hijacked, People who never use FFXIAH, LS Community, etc. I know people who regularly use computer and FFXI AH and stuff like, that, and as of now, have O.K. accounts.

Only logical explanation I think, is the good old-fasioned guess-and-check. Sure, it isn't efficent with a standard person getting 3 tries every minute, but if someone runs a script to test a password on every account on said server, exevtually one or two account will match up with that password.

Example: Script checks every person on Ashura for the password AAAAAAAAAAAAA. Then it checks for AAAAAAAAAAAAB. Then it checks for AAAAAAAAAAAAC. 15 minutes later, it repeats with AAAAAAAAAAAAD.

Eventually, something will turn up.

Either that or I don't know shit and am talking out of my arse, I'm not sure which. If someone will inform me, that will be apprieciated.

**Akashimo** · 12-11-2007, 02:30 PM

Re: Interesting Alla thread on accout hijacking

Only one solution I see we take.
Find some mercs and place hits on all RMT locations and players.
Problem solved.

**Lunaryn** · 12-11-2007, 02:53 PM

Re: Interesting Alla thread on accout hijacking

The idea of someone methodically brute-forcing passwords across every account like you suggest is absurdly unlikely. I think there are already two much less far-fetched explanations:

1) Multiple compromise vectors: While the effort to steal accounts is clearly concerted, this does not mean that they all must be accomplished the same way. If a massive effort is being made to turn accounts, it only makes sense that those involved would try multiple methods at their disposal to try to obtain account access. People may well be falling victim to several different methods of obtaining account credentials.

2) Central security failure: If there is no connection between the way people access FFXI among all compromised accounts, it is possible that the exploit in use takes advantage of a failure in server-side security, possibly allowing attackers their pick of accounts without any concern over the methods players use to access them, or even whether they do at all. While this strikes me as less likely than the previous suggestion, it can't be ruled out.

**Aksannyi** · 12-11-2007, 03:01 PM

Re: Interesting Alla thread on accout hijacking

FFXIAH.com asked me to run an add-on when I went there, but I refused and navigated away from the site. I have good virus protetion and all that, but I'm still not going to run something off a site that used to not require me to. I have been back and the add-on hasn't come back up (that little banner underneat the menu bar that asks me to download stuff for certain sites) so I don't know whether or not it's fixed. Regardless, I still have my account. People need to be more cautious. If you've been going to FFXIAH.com for 6 months and you never needed to install anything before, why should today be any different?

**Ellipses** · 12-12-2007, 05:45 AM

Re: Interesting Alla thread on accout hijacking

As found in another Alla thread, avoid Somepage if you have RealPlayer installed, and patch RealPlayer if you do.

**Akashimo** · 12-12-2007, 08:06 AM

Re: Interesting Alla thread on accout hijacking

Makes me glad i didn't install realplayer.

Announcement

Interesting Alla thread on accout hijacking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment