FFXI: JavaScript exploit on the loose(Repairs inside)

[Nyanoh]

haha, Oops ^^; Thanks!

[Olo401]

Check out this thread on FFXIOnline and its links to threads on Alla.. apparently there's some shenanigans involving this same exploit on FFXIAH.com as well.

[SephYuyX]

Are there really that many people that use realplayer these days? Has it been confirmed that having realplayer installed while using IE is the only way to get infected?

[Olo401]

I would think it doesn't matter.. there are ActiveX browser plugins for IE that will allow RP to work without actually having RP.

[SephYuyX]

I would think it doesn't matter.. there are ActiveX browser plugins for IE that will allow RP to work without actually having RP.

Yes, but this specific exploit says that the full RealPlayer must actually be installed, however, yes, that was my concern; RP files (as well as QT files) can be played without having the program installed if you were to download the activex needed.

Which is why I asked, from the look of it, it seems that you have to have the program installed, but I wanted to ask if that is that case or not.

[Koga]

yeah gm's are ignorant: http://windower.faservers.net/gmlum.txt

That's an interesting response....
I know for fact that when I was banned and decided to turn in my bots, hacks, links etc.. I went through POL and the GM took all the links, verified that they were working links (or so he said) and then thanked me very graciously.

Just like in a real call center, it all depends on the person you get.
Try again.

[Pikko]

I e-mailed Cuer to see if he could help sort out the page or shed some light on Somepage's situation since obviously a lot of community members will NOT hear about this.

[Bakthi]

They specifically made this game for PC, first, if I recall, which is open to all sorts of things, regardless of it being a 'third-party website.'

No, they didn't. It was a PS2 game first; PC support came later. In the U.S., however, the PC version was released slightly before the PS2 version.

And I guess you could say "PC" is "open to all sorts of things", but really what it boils down to is this: stop using a browser (especially in a wide open state) that's notorious for getting your computer owned for any site other than broken ones where you absolutely have to use it. Those security settings? Look into them. Honestly, I haven't run into an IE-only site in a really long time, even when they claim to be, but people might have something for work or whatever. If you're talking about a machine at work where you aren't allowed to install Firefox or Opera, well...I wouldn't trust that machine with a damn thing.

I'm not necessarily into victim blaming, but this sort of thing can be avoided, and it's not exactly a huge burden 99% of the time.

[Capo]

lol shit i was using somepages <3<3<3<3<3 search function when i saw this, luckily im on firefox

does this mean ffxiah is safe?

[recca84]

That explains why somepage hasnt been updated for ages ?

[Septimus]

yeah gm's are ignorant: http://windower.faservers.net/gmlum.txt

For some reason as I was reading this, I was imagining the plot of 90% of all of the movies on the Sci-Fi channel that are just rip-offs of Jaws.

Aikar: But Mayor, the virus is on the loose! If you don't stop the festival thousands of people will die!

Mayor Luminious: Why that's nonsense. In the 150 years that we have run this festival no one has died. Take your silly since and go elsewhere.

[Everlasting]

lol shit i was using somepages <3<3<3<3<3 search function when i saw this, luckily im on firefox

does this mean ffxiah is safe?

From what I understand using FireFox doesn't save you, only FireFox + NoScript would.

Can anyone confirm?

[kush]

thanks for sharing was really scared first. since i use ffxiah dialy and sometimes search on somepage. also changed main securty pw for firefox a week ago but forgot to note it so i forgot that one. my homepage is my ls forum and since i didnt have main pw started using ie cause was to lazy(to bizzy with ffxi ^^) to erase and reinstal. Geuss ima lucky cat

[DragonCloud64]

http://www.youtube.com/watch?v=k-GaRKDsz-Y

[Tajin]

From what I understand using FireFox doesn't save you, only FireFox + NoScript would.
Can anyone confirm?

I can confirm that my computer has some corporate symantec norton version, that I use firefox and that the files of the exploit are not in my computer.

Also, I visited somepage on Monday and I do NOT have any form of realplayer installed in this computer, not even quicktime, winamp or anything.

P.S. I'm clean.

[Fallso]

Jesus, thanks for the info

[fantasticdan]

For whatever it's worth, I used firefox to visit somepage quite frequently, not using any kind of script blocker plug-in, and have not used any anti-virus/spyware programs in a long time(they are not set to run automatically, of coarse I'll try running them now!), and I don't have any of those malicious files listed in the other thread.

:rocl:

[Khamsin]

if this started in october, would this explain why ]]DO NOT USE ]]DO NOT USE SOMEPAGE[[[[ is not being updated?

Given that the last update on the site was about Pankration... I guess that some people stopped caring of it.

PS: Recursivity in word filter is fun!

I like it for item lookups, especially with the advanced search option (if only bgwiki could do that), but its outlived its usefulness after not having updated for months.

I checked... that page... recently, but did not find anything mentioned in the other thread on my computer after searching.

Are we certain that this only installs rsbo, etc. and nothing else?

[Vandalhart]

I'll have to check this out when I get home, but I'm only concerned about my Wife's
laptop.

I did notice that whenever I goto somepage, I get a prompt to install some sort of
Active X control thing, which I always ignore. Is this something different than what you
are talking about?

I know my wife's laptop doesn't have Real Player installed. I know my desktop does, but
I never use FFXI on it, nor have I had to type my ID and Password in on that computer.

I do have a fully operational McAffee antivirus on both computers, but I'm getting the
impression that this isn't detected by it?

[Paegan]

lol shit i was using somepages <3<3<3<3<3 search function when i saw this, luckily im on firefox

does this mean ffxiah is safe?

From what I understand using FireFox doesn't save you, only FireFox + NoScript would.

Can anyone confirm?

Incorrect, it's an IE-only exploit. The first few lines of the de-obfuscated code below are checking for IE6 or 7.

Code:

function RealExploit() {
    var user = navigator.userAgent.toLowerCase();
    if (user.indexOf("msie 6") == -1 && user.indexOf("msie 7") == -1) return;
    if (user.indexOf("nt 5.") == -1) return;
    :
    Do hax
}