Toon Hacking/Account Stealing/Keylogging Consolidated Thread

[nhdjoseywales]

the best virus infection i have seen was a box a co-worker was going to fix for a neighbor. he brought it in to our office and had just booted it up stand alone (ie not on the network) and asked if he could borrow my thumb drive full of cleanup tools to clean it. he put it in and we both watched with mouths agape as the thumb drive opened up and all the antivirus installers were deleted off it. it left other files and some data i had on it, but it deleted installers for AVG, Sophos, Panda, and a couple others off the thumb drive while not on any type of network.

[Oswaldor]

Quote:

Originally Posted by Karmalina

Just a little anecdotal evidence.

It would seem that a keylogger is the most likely culprit. Our guild member who had his account hijacked (while he was out of town for 3 weeks) had his count reinstated yesterday. Today while many of us were logged on eq2/ventrilo he got booted out of game. A few minutes later his account was logged in again but he was unable to login and his password had been changed yet again.

Our guildmate is definately not technically savvy, but we are doing our best to help him to resecure his computer and hopefully get some more solid evidence of exactly what has compromised his system.

And just to clarify, no he has not bought plat/power levelling services (hell he is a brokeass mofo and I don't know why they would bother with his account again!).

If we are able to walk him through collecting some information via screenshots I will post them here.

For anybody that hasn't yet done a complete and thorough virus/spyware scan with reputable software, be sure to do so, and after verifying your system is clean it wouldn't be unwise to change any and all passwords you use online.

**Edited to add: Whomever the culprit they also changed the email address which corresponds to his user account, making it impossible to regain control of his account without SOE intervention.

If they changed the email address then it is something more than a keylogger or the keylogging vector is a bit different than previously descibed. To change the email, you need to know the secret answer as Axuis has been yabbing about.
Either the keylogging actually goes after the SOE websites and logs the secret answer or they have somehow circumvented the secret answer logic.

I seem to remember when I first subscribed to EQ2 back in 2004 that there was no 'secret answer', just plain and simple password / username. It was only later when I changed some subscription information that I was forced to supply a secret answer.


Karmalina: Did your guildmate clean his computer with anti-virus or other software and what did these programs find? (If you could post some information it would be great).
Has he recently accessed his account information on SOE's website and fiddled with the 'secret answer' stuff?

[Petgroup]

Quote:

Originally Posted by nhdjoseywales

the best virus infection i have seen was a box a co-worker was going to fix for a neighbor. he brought it in to our office and had just booted it up stand alone (ie not on the network) and asked if he could borrow my thumb drive full of cleanup tools to clean it. he put it in and we both watched with mouths agape as the thumb drive opened up and all the antivirus installers were deleted off it. it left other files and some data i had on it, but it deleted installers for AVG, Sophos, Panda, and a couple others off the thumb drive while not on any type of network.

Always turn off auto run.

I also laughed when you I saw you typed out Panda. If you wanna dig the hole deeper you should post what the other couple are

[feldon30]

I'm glad that the misfortune of so many people provides Petgroup with so much satisfaction and merriment. It is truly a sight to behold.

[Petgroup]

Quote:

Originally Posted by feldon30

I'm glad that the misfortune of so many people provides Petgroup with so much satisfaction and merriment. It is truly a sight to behold.

Till someone posts a single shred of fucking evidence, I will continue to laugh my ass off.

Surprisingly everyone who gets "hacked" has zero evidence it wasn't there fault.

I posted the Webroot link to scan your computer for free. Not a single "hacked" player has posted there results YET, I have a bunch of PM's from non "hacked" players thanking me because it found a bunch of viruses.

[nhdjoseywales]

Quote:

Originally Posted by Petgroup

Always turn off auto run.

I also laughed when you I saw you typed out Panda. If you wanna dig the hole deeper you should post what the other couple are

did win 2k have autorun for usb drives?

at the time i wasnt well versed in the use of the sysinternals tools to clean up infected machines and sometimes the normally shitty antivirus programs are the ones that find the last few problem files. Hell, i know for a fact Hilton hotels beverly hills office was shut down for a week back in 05 or 06 from a virus that none of the major vendors had defs for but we were able to clean the machines with some no name av program that used a decent scheme for detecting suspicious behavior in files. sorry not everyone can be a security guru

[Petgroup]

Quote:

Originally Posted by nhdjoseywales

did win 2k have autorun for usb drives?

Yes but using regedit to disable it takes 5 seconds

If I left autorun on when connecting customers drives to my Macbook, I'd be just asking for unwanted troubles. Its easy to turn it off though for XP & Vista though.

[Karmalina]

Quote:

Originally Posted by Oswaldor

Karmalina: Did your guildmate clean his computer with anti-virus or other software and what did these programs find? (If you could post some information it would be great).
Has he recently accessed his account information on SOE's website and fiddled with the 'secret answer' stuff?

I asked him to screenshot the results from his AVG scan for me, but I'm not sure if he has or not, he hasn't logged into vent today. Anything I get I will post.

Its funny that I *almost* wish that it had happened to me so that I could supply those more PC savvy than I with useful information in narrowing down the source of all this nonsense.

[axuis]

from what i understand of it the people told me they been hacked try to log in and says error password change so they go through live chat or get a second account (if you got 1) and petiton sony that way

they give you a new pass word log in and you naked out side a mail box usally in ts

so i cant see how any one can provide evidence of the hack from this point if you know how to then please let us know so we can provide evidence to soe at least

[Petgroup]

Quote:

Originally Posted by axuis

from what i understand of it the people told me they been hacked try to log in and says error password change so they go through live chat or get a second account (if you got 1) and petiton sony that way

they give you a new pass word log in and you naked out side a mail box usally in ts

so i cant see how any one can provide evidence of the hack from this point if you know how to then please let us know so we can provide evidence to soe at least

Captain Clueless.

They didn't magically get hacked outta thin air. Something happened that allowed someone to gain access to a password. There is only 3 fucking ways thats possible.

1. Virus/Keylogger
2. They gave the info willingly or someone they know guessed. (Ie bought,sold,friend,guildy)
3. SoE themselves are compromised.

I'm gonna say it would be a shit ton of accounts if SoE got compromised , so 1 or 2 are the more logical explanations.

If its 1 and they get there account back from Sony, IT WILL FUCKING HAPPEN AGAIN DIPSHIT since the virus/keylogger is still on there computer, thats what the fuck the evidence is because a good Anti-Virus program will pick it up or a trace of it transmitting data to the 3rd party. Post a screen shot here of whatever it is and this debate could be over.

Since nobody has an IQ over 7 thats posted they got hacked and can't provide evidence for number one, then number 2 is the clear choice by a mile.

I'm so sick of repeating this bullshit for so many clueless fucks. Its fine not to be tech smart, whatever your job is, like flying a plane, you can do better than me. I can't but for fucks sakes don't post random, incorrect information that you pull outta your ass.