open All Channels
seplocked EVE General Discussion
blankseplocked Tom H DONT CLICK HIS LINK YOU WILL BE HACKED
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2] 3 4

Author Topic

Elgar1
Lightfoot Industries
Posted - 2006.10.14 13:49:00 - [31]
 

Edited by: Elgar1 on 14/10/2006 13:51:17

If you clicked the link....

Go straight to your Windows folder and delete the 'CRSS.EXE' program.

Then scan your machine for '~.exe'
That is the trojan installer.


Azerrad InExile
Posted - 2006.10.14 13:50:00 - [32]
 

Edited by: Azerrad InExile on 14/10/2006 13:51:11
Make sure you have a virus scanner (Avast!, AVG, and Antivir are some free ones if you don't want to pay for a commercial version). Also make sure that you are up-to-date on your security patches (visit http://windowsupdate.microsoft.com if you run windows). If you do it will be harder to get hit with this type of crap.

However, antivirus programs aren't perfect and stuff can still slip through, so use some common sense and don't download and run random programs from untrusted sources.

Duke Kell
Imperial Academy
Posted - 2006.10.14 13:52:00 - [33]
 

Edited by: Duke Kell on 14/10/2006 13:52:15
This is a Good Time For CCP or every one To jsut change their passwords. especially if you clicked on that link

keepiru
Omega Fleet Enterprises
Executive Outcomes
Posted - 2006.10.14 13:52:00 - [34]
 

Originally by: Abdalion
We are on it.

H4xx0rs, ye shall be *click*'d, you have no chance to survive make your time!

Jim McGregor
Posted - 2006.10.14 13:54:00 - [35]
 


So.... hows it going with that posts/minute limit? :)

Elgar1
Lightfoot Industries
Posted - 2006.10.14 13:54:00 - [36]
 

Do NOT change your password if you just clicked on that link. You'll be handing him your new and old password.

Dont do anything where you need to type ANY password until you are 100% sure you are clean.

Cipher7
Posted - 2006.10.14 13:55:00 - [37]
 


Whois info on the perp :

domain: ho.com.ua admin-c: VL-UANIC tech-c: COLO1-UANIC status: OK-UNTIL 20070222140323 dom-public: NO nserver: ns.secondary.net.ua nserver: ns.ho.com.ua mnt-by: COLO1-UANIC (ua.colocall) remark: Hosting Obyknovennyi changed: COLO1-UANIC 20060316124412 source: UANIC glue record: ns.ho.com.ua. IN A 62.149.0.81 nic-handle: VL-UANIC person: Petro Vlasenko address: 04053, Ukraine, Kiev address: Turgenevskaya 52-58 address: ColoCall Internet Data Center phone: +380444617988 e-mail: vl@colocall.net changed: vl@colocall.net 20050330 source: UANIC nic-handle: COLO1-UANIC person: Colocall ltd address: 52-58, Turgenevskaya str., Kiev, UA phone: +380 44 4617988 fax-no: +380 44 5319165 e-mail: hostmaster@colocall.net changed: hostmaster@colocall.net 20050823 comment: hostmaster@colocall.net.ua source: UANIC


Player One
Minmatar
Die wilde 13
Posted - 2006.10.14 13:56:00 - [38]
 

Originally by: Duke Kell
Edited by: Duke Kell on 14/10/2006 13:52:15
This is a Good Time For CCP or every one To jsut change their passwords. especially if you clicked on that link


change the password after scanning and deleting the files on your hd
if you've been infected

Xelios
Minmatar
Broski Enterprises
-Mostly Harmless-
Posted - 2006.10.14 13:57:00 - [39]
 

All moderators, move zig for great justice!

Elgar1
Lightfoot Industries
Posted - 2006.10.14 13:58:00 - [40]
 

The Trojan it installs is - HKTL_BOARDMON.A

Kyguard
Deep Core Mining Inc.
Posted - 2006.10.14 14:01:00 - [41]
 

Moderator SWAT squad on its way, ETA : 5 mins ugh

Xs 142
Posted - 2006.10.14 14:02:00 - [42]
 

Funny... Spybot found a FirewallDisableNotify..

Darvin Felth
Oberon Incorporated
Posted - 2006.10.14 14:02:00 - [43]
 

Edited by: Darvin Felth on 14/10/2006 14:02:51
CCP ban his ass,or better still give us his address so we can go round and kick the living crap out of him YARRRR!!


keepiru
Omega Fleet Enterprises
Executive Outcomes
Posted - 2006.10.14 14:04:00 - [44]
 

Edited by: keepiru on 14/10/2006 14:05:05
Originally by: Xs 142
Funny... Spybot found a FirewallDisableNotify..

Thats just what it shows when an application (usually a 3rd-party firewall) disables window's inbuilt firewall notification.

If you had actually clicked on the "threat" and read the info, you would know this too...
Originally by: Darvin Felth
CCP ban his ass,or better still give us his address so we can go round and kick the living crap out of him YARRRR!!

If they do this, you better hope youre not the next guy whos acco9unt gets hacked and used to spam the forums, like it happened to the last 5 accounts used to spam.

Hakera
Freelance Unincorporated
Ushra'Khan
Posted - 2006.10.14 14:05:00 - [45]
 

Originally by: Cipher7

Whois info on the perp :

domain: ho.com.ua admin-c: VL-UANIC tech-c: COLO1-UANIC status: OK-UNTIL 20070222140323 dom-public: NO nserver: ns.secondary.net.ua nserver: ns.ho.com.ua mnt-by: COLO1-UANIC (ua.colocall) remark: Hosting Obyknovennyi changed: COLO1-UANIC 20060316124412 source: UANIC glue record: ns.ho.com.ua. IN A 62.149.0.81 nic-handle: VL-UANIC person: Petro Vlasenko address: 04053, Ukraine, Kiev address: Turgenevskaya 52-58 address: ColoCall Internet Data Center phone: +380444617988 e-mail: vl@colocall.net changed: vl@colocall.net 20050330 source: UANIC nic-handle: COLO1-UANIC person: Colocall ltd address: 52-58, Turgenevskaya str., Kiev, UA phone: +380 44 4617988 fax-no: +380 44 5319165 e-mail: hostmaster@colocall.net changed: hostmaster@colocall.net 20050823 comment: hostmaster@colocall.net.ua source: UANIC




x'd - lets get ccp to ban the whole ip range for that region

Jim McGregor
Posted - 2006.10.14 14:05:00 - [46]
 

Originally by: Darvin Felth
Edited by: Darvin Felth on 14/10/2006 14:02:51
CCP ban his ass,or better still give us his address so we can go round and kick the living crap out of him YARRRR!!




Would you do something like this using your own account? :)

qrac
Caldari
Caldari Provisions
Posted - 2006.10.14 14:06:00 - [47]
 

I don't think there's much that can CCP can do. The hacker will most likely use a proxy and Tom h is a hacked account :(

Niccolado Starwalker
Gallente
Shadow Templars
Posted - 2006.10.14 14:09:00 - [48]
 

Originally by: Elgar1
Edited by: Elgar1 on 14/10/2006 13:51:17

If you clicked the link....

Go straight to your Windows folder and delete the 'CRSS.EXE' program.

Then scan your machine for '~.exe'
That is the trojan installer.




Are we safe if we dont have that CRSS.exe file? Cant find it so....


evistin
Multiverse Corporation
The Core Collective
Posted - 2006.10.14 14:10:00 - [49]
 

Install a command that passwords must be changed every 60 days or the account is disabled till its done.

Verus Potestas
Caldari
SP4RTANS
Tactical Narcotics Team
Posted - 2006.10.14 14:12:00 - [50]
 

Originally by: evistin
Install a command that passwords must be changed every 60 days or the account is disabled till its done.
Oh yes, because changing passwords stops keyloggers so effectively Rolling Eyes

keepiru
Omega Fleet Enterprises
Executive Outcomes
Posted - 2006.10.14 14:12:00 - [51]
 

Originally by: evistin
Install a command that passwords must be changed every 60 days or the account is disabled till its done.

Not gonna happen, youll have 100x more customer issues with people forgetting their passwords than you do with people's accounts getting hacked, even with al the people who use the hidden config option to make the client remember your password :)

Darvin Felth
Oberon Incorporated
Posted - 2006.10.14 14:16:00 - [52]
 

Originally by: Jim McGregor
Originally by: Darvin Felth
Edited by: Darvin Felth on 14/10/2006 14:02:51
CCP ban his ass,or better still give us his address so we can go round and kick the living crap out of him YARRRR!!




Would you do something like this using your own account? :)



I woz saying about the hacker,not the persons who`s account got hacked so chill guys ugh


Elgar1
Lightfoot Industries
Posted - 2006.10.14 14:16:00 - [53]
 

Originally by: Niccolado Starwalker
Originally by: Elgar1
Edited by: Elgar1 on 14/10/2006 13:51:17

If you clicked the link....

Go straight to your Windows folder and delete the 'CRSS.EXE' program.

Then scan your machine for '~.exe'
That is the trojan installer.




Are we safe if we dont have that CRSS.exe file? Cant find it so....




If that files not there then you didn't get infected. Run a scan anyway (to be sure).

It's an IE exploit so will only affect though that use Internet Explorer.

Niccolado Starwalker
Gallente
Shadow Templars
Posted - 2006.10.14 14:17:00 - [54]
 

Originally by: Elgar1
Originally by: Niccolado Starwalker
Originally by: Elgar1
Edited by: Elgar1 on 14/10/2006 13:51:17

If you clicked the link....

Go straight to your Windows folder and delete the 'CRSS.EXE' program.

Then scan your machine for '~.exe'
That is the trojan installer.




Are we safe if we dont have that CRSS.exe file? Cant find it so....




If that files not there then you didn't get infected. Run a scan anyway (to be sure).

It's an IE exploit so will only affect though that use Internet Explorer.


Oh. Im running FireFox so :D (you 110% it cant be affected by Firefox??)

Thank you!!

Jaabaa Prime
Minmatar
Brutor Tribe
Posted - 2006.10.14 14:17:00 - [55]
 

/me huggles his firefox installation ....

It would appear that "Tom H" is a 2+ year old character, and that his/her account was hacked and abused for this mass posting.

I wonder if his account was also hacked in game ?

It really is a sad day for EVE when this sort of stuff happens.

IMHO CCP could do a couple of things though:

1) Add something to the server to stop these sorts of automated flood mails, maybe max 1 post per minute or something (would also help stop double posts).

2) Disable the BB-Code URL

Abdalion


Deep Core Mining Inc.
Posted - 2006.10.14 14:20:00 - [56]
 

Originally by: Jim McGregor

So.... hows it going with that posts/minute limit? :)



On it!

But I know a couple forum user would be unhappy.

Specifically some of my flock in the [23], not to mention any names YARRRR!!

Jaabaa Prime
Minmatar
Brutor Tribe
Posted - 2006.10.14 14:22:00 - [57]
 

Originally by: Niccolado Starwalker

Oh. Im running FireFox so :D (you 110% it cant be affected by Firefox??)
Thank you!!

Older Trojan from early 2005.

It would appear that all scanners know about it: http://www.viruslist.com/en/viruses/encyclopedia?virusid=65430

According to Sophos:
http://www.sophos.com/security/analyses/trojpsymebm.html
Quote:
Troj/Psyme-BM contains functionality to generate webpages which exploit the ADODB stream vulnerability in Microsoft Internet Explorer to silently download executable files from a remote server to the local computer.


So FireFox users are safe.

Eldo Davip


ISD YARR
Posted - 2006.10.14 14:23:00 - [58]
 

Thanks for the emails. The CCP team should implement a solution soon. Otherwise all of the mods will just get RSI and we won't be able to mod.

keepiru
Omega Fleet Enterprises
Executive Outcomes
Posted - 2006.10.14 14:25:00 - [59]
 

I have a question for the CRC guys - when enemies attack and you all unite in the "CRC SUPER MEGA ROBOTTO", who is the crotch?

Elliot Reid
Digital Fury Corporation
Ushra'Khan
Posted - 2006.10.14 14:26:00 - [60]
 

It's a pity we can't send something down the net to his computer and blow it up in his face. Without the use of his eyes he'd have trouble doing this crap.

You know, I'm not a nasty person and I generally don't wish harm on anyone, but the thought of him having his fingernails pulled out really makes me smile (happened to me once and it really hurts Very Happy)


Pages: 1 [2] 3 4

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only