RMT putting keyloggers on specific Dynamis websites now?

[Purrrfect]

Judging by the amount of people hit even without actually keying in their passwords, one theory was that they found a way to decrypt the POL 'save password' function but im no computer wiz and couldnt actually confirm that myself.

That's how mine was taken. I haven't typed a pw in in 5 years. I read on here someone found that you can simply copy the file that has your pw "encrypted" in it to another machine and machine #2 can log straight in. Apparently there is no machine/windows/software id check in pol... WTG SE.

[aurik]

Judging by the amount of people hit even without actually keying in their passwords, one theory was that they found a way to decrypt the POL 'save password' function but im no computer wiz and couldnt actually confirm that myself.

That's how mine was taken. I haven't typed a pw in in 5 years. I read on here someone found that you can simply copy the file that has your pw "encrypted" in it to another machine and machine #2 can log straight in. Apparently there is no machine/windows/software id check in pol... WTG SE.

This is incorrect, the saved password file is encrypted and keyed to your specific hardware configuration. Your saved passwords will all be blanked if, for example, you change your ethernet card.

[Akucaen]

Judging by the amount of people hit even without actually keying in their passwords, one theory was that they found a way to decrypt the POL 'save password' function but im no computer wiz and couldnt actually confirm that myself.

That's how mine was taken. I haven't typed a pw in in 5 years. I read on here someone found that you can simply copy the file that has your pw "encrypted" in it to another machine and machine #2 can log straight in. Apparently there is no machine/windows/software id check in pol... WTG SE.

This is incorrect, the saved password file is encrypted and keyed to your specific hardware configuration. Your saved passwords will all be blanked if, for example, you change your ethernet card.

Then it's worth the question that how the fuck did they get the data out assuming these people aren't lying?

[Izzy]

Judging by the amount of people hit even without actually keying in their passwords, one theory was that they found a way to decrypt the POL 'save password' function but im no computer wiz and couldnt actually confirm that myself.

That's how mine was taken. I haven't typed a pw in in 5 years. I read on here someone found that you can simply copy the file that has your pw "encrypted" in it to another machine and machine #2 can log straight in. Apparently there is no machine/windows/software id check in pol... WTG SE.

This is incorrect, the saved password file is encrypted and keyed to your specific hardware configuration. Your saved passwords will all be blanked if, for example, you change your ethernet card.

Then it's worth the question that how the fuck did they get the data out assuming these people aren't lying?

Forum rules

Welcome to BG forums, stop giving out your account information, your gil/gear will get stolen.

^

[jimbobsonofgod]

My password hasnt been typed in 5 years as well, nor have I ever given out my account information. My theory is either something is sending information log in information directectly from POL or someone has found a way to decrypt the password file. Appears nothing is safe anymore.

[Izzy]

My password hasnt been typed in 5 years as well, nor have I ever given out my account information. My theory is either something is sending information log in information directectly from POL or someone has found a way to decrypt the password file. Appears nothing is safe anymore. Tune into Fox News at 5 tonight to find out how to protect yourself from DEATH!

Fixed. You sound like a new advertisement.

[fussel]

[quote=#686578]

[email protected][/email]
05972133110 fax: 05972133110
long yan nv ren jie 1 hao lou 6 0 3
xinluoqu FJ 364000
cn

Administrative Contact:
xin li [email protected]
05972133110 fax: 05972133110
long yan nv ren jie 1 hao lou 6 0 3
xinluoqu FJ 364000
cn

Technical Contact:
xin li [email protected]
05972133110 fax: 05972133110
long yan nv ren jie 1 hao lou 6 0 3
xinluoqu FJ 364000
cn

Billing Contact:
xin li [email protected]
05972133110 fax: 05972133110
long yan nv ren jie 1 hao lou 6 0 3
xinluoqu FJ 364000
cn

DNS:
ns1.myhostadmin.net
ns2.myhostadmin.net

Created: 2008-05-23
Expires: 2009-05-23

indeed. This was the domain registered for the latest somepage exploit.

[Arketa]

Re: the Somepage thing...

Actually, it's to an IP in Japan that's in a block registered to some SAKURA Internet whatevers. I had it saved in a text tile from TCPView, but overwrote it with a second save >.<

I can, however, ask the friend I sent it to on MSN to check his MSN logs for it, if anyone cares.


My account got taken last Friday, so I went and played on Somepage (y'know like what's the worst that can happen? my account gets taken?). The whatever was detected as the Win32/Kirasha.A worm (WL OneCare, so M$'s name for it, I guess) and popped up as orz.exe in my Temp folder attempting to connect & was blocked. NOD32 didn't complain in the slightest.

When I checked (with the windows up), there was no orz.exe in the folder, and I went ahead after that and told WL OneCare to "delete", tho I'm not sure what exactly it was deleting after the file went AWOL ?

Googling Kirasha with any combination of virus or worm added to the search terms is relatively useless, and Googling for orz.exe gets a number of hits, but... I only read English.

I'm extremely frustrated right now as well, no AV or ad/spyware scanner I've used has turned up anything on my machine (NOD32/AVG/Symantec/AdAware/SpyBot/Stinger), and I'm really tired of looking, but don't want to end up hijacked again, y'know?

So definitely if someone knows what software can detect this, please share?

I also autosave my password, had my husband's account on my machine (his is fine), and was getting the 'interface not supported' error mentioned in the list of hacked accounts thread (which, after Googling, I had accepted as a video card/driver related issue, which would make sense, given that I've been having video issues as of late).

[Kurgan]

Very deep inside, I am laughing at the domain contact e-mail addresses being at QQ.com

[ronin sparthos]

Very deep inside, I am laughing at the domain contact e-mail addresses being at QQ.com

Even i had to laugh at that.... even though my deep-seated hatred for all things RMT atm.

[Day]

Very deep inside, I am laughing at the domain contact e-mail addresses being at QQ.com

Even i had to laugh at that.... even though my deep-seated hatred for all things RMT atm.

And orz.exe ... lol.

[ronin sparthos]

Very deep inside, I am laughing at the domain contact e-mail addresses being at QQ.com

Even i had to laugh at that.... even though my deep-seated hatred for all things RMT atm.

And orz.exe ... lol.

fuckjp.exe was straight to the point.