They sent me a tell ASKING me to sell them my gil...
They are THAT desperate.
The English in their in-game tell is improving compared to last week's batch of tells.
A member of my Dynamis LS got one that had a properly formatted GM name, and a slightly more believable message. Still suffers from 'accusations of gold trading' and asking you to login to a random webpage, which GMs of course never do.
The weird thing was he was kicked offline a minute after getting the message, so he freaked out for a little bit and ran and changed his password on his PS2 just to be safe (was using a brand new PC and don't think he'd installed any protective measures yet). Even in his panic/worry about why he got booted he retained enough common sense not to visit the site at least. And he got antivirus and such installed.
Site leads to a download of "complaint.exe" which probably contains a keylogger/account stealer. The binary is compressed, didn't look into it much further.
Common tactic of buying cheap and reselling for a higher price. RMT used to do this long ago, if I remember correctly. Going back to their roots, I guess.
I'm uninstalling if I see 20 RMT camping Simurgh, though.
Has anyone intentionally downloaded and picked apart complaint.exe to see exactly what it is and how it functions? Just wondering.
Its like all those "buy your gold" things going on now. They buy it from you for a low price hoping you dont know its real worth, then resell it for profit. I guess it could also be observed in the bazaar farms here in FF, where some characters buy out other just to make up the price if they feel it will sell at that rate.
If you look at the binary you can download there, this is what you find at the end of it:
Seems it's rather new according to this:<1 4 � � x
B I N @ 44 V S _ V E R S I O N _ I N F O ��� ? � S t r i n g F i l e I n f o p 0 0 0 0 0 4 b 0 C o m m e n t s 2 C o m p a n y N a m e D i s k S a f e : F i l e D e s c r i p t i o n D i s k S a f e 6 F i l e V e r s i o n 1 , 0 , 0 , 1 2 I n t e r n a l N a m e D i s k S a f e F L e g a l C o p y r i g h t C o p y r i g h t ? 2 0 0 9 ( L e g a l T r a d e m a r k s B
O r i g i n a l F i l e n a m e D i s k S a f e . e x e P r i v a t e B u i l d 2 P r o d u c t N a m e D i s k S a f e : P r o d u c t V e r s i o n 1 , 0 , 0 , 1 S p e c i a l B u i l d D V a r F i l e I n f o $ T r a n s l a t i o n � �4 �4 �4 �4 �4 �4 5 5 5 .5 85 KERNEL32.DLL GDI32.dll MSVCRT.dll LoadLibraryA GetProcAddress ExitProcess DeleteDC exit b7
DISKSAFE.EXE, Prevx
They're trying entirely too hard tbh. The naming scheme seems to vary. The ones on Bismarck try stupid shit like "Admin" and "Manager". Got hit by one of these the other day.
Incredibly obvious. I feel sorry for any of the newer people that actually fell for this shit.
Same thing happened to me last night, called GM and I described the situation and got a generic help desk response saying thank you for reporting the player we will look into the situation. Thing is when I wrote the summary of why I was calling the GM, I didn't include the player's name, yet they thank me for reporting the player.... GG SE GG.
Also this guy was a 75 war sending me tells from Upper Jeuno, named Tanosuke on the Unicorn server. Same stupid message that looked like
Tanosuke !
GM> Your account blah blah blah
I lol'd a bit.
I think some people (including the gilsellers) aren't getting how they're doing this trick. This isn't any kind of hack really. If you just do an input into your Windower console, you can type \r to move down to the next line. All they're doing is putting in several "\r"s to make blank lines, then starting a line directly after with GM>>. I agree with an above poster who said that they should just throw a random name and the correct format for a GM message to make it look 100X more legitimate, lol.
I've actually used this trick for a long time to make it look like my friends are coming out of the closet in LS chat... "input /l Hey guys, what's up? \r <Drewpy> I've been lying to myself for too long... I love men and I'm not afraid to admit it!"
Good times...
I am not sure if anyone else has got this tell recently before, but while I was doing campaign with a friend of mine after sky, I get this /tell from someone named Arnoldd stating
Arnoldd>>Hi this is GM Arnold (note that they did not spell their name the same way in the /tell and no GM tag anyway attached to name) you are suspected of theft/stealing another characters account.
I received this twice in a row. Apparently when I tried to respond with a not so nice reply, they were on away status. So just be on the look out for yet another stupid attempt to lure people who may not be paying attention to get at your account(s)
This also happened right after a friend of mine got hacked into at sky at Ulli camp. They d/c, we thought it was a standard d/c, they came back, ran into the main statue area, died, HP, dropped pearl and would not respond to any tells. No they did not have the security token but thankfully they reached out to a few people on msn to have a GM call placed and have their account locked in time.
got a
"Please visit Playonline-euix to authenticate your account. Otherwise we will take strict measures to cease the account"
they still trying yo
I haven't got anything from them yet. Wondering if they're targeting only a select few.
me niether. I wonder if it has to do with the fact my characters name starts with a "V" and maybe they start on "A" and work their way down the list till they get kicked/banned probably never making it to the V's.
Why isn't Chatmon picking these up?