[Olorin401]

http://bluegartrls.com/forum/viewtopic.php?f=2&t=27256

A few weeks ago people were asking around about the ffxi database at Somepage.com not being updated. It turns out that the site was hacked.

The hackers implanted a ActiveX control (Internet Explorer only) that will auto-download a javascript-based trojan onto your computer, which will steal your FFXI account information. This exploit can be patched by installing this software patch for Realplayer.

As expected, the GMs are completely clueless to this, and have even stated to some players that the idea that a well-known FFXI informational website is the cause of the many compromised accounts recently. However they have supposedly made reports on this issue to the Special Task Force, so hopefully there will be a better response on SE's side. They can't claim that people are taking their chances anymore..

BG has setup a thread for the SPT to keep track of players whose accounts have been compromised. If you or someone you know has been hijacked, post the character information there.

BTW, use Firefox and you can probably avoid this problem. Don't risk it though guys.

[KingOfZeal]

Funny how people thought those same things were coming from FFXIAH... or are these different hackings?

[Mhurron]

Best fix, get that Real player crap off your system.

[Mhurron]

Quote:

Originally Posted by KingOfZeal

Funny how people thought those same things were coming from FFXIAH... or are these different hackings?

Could be the same and could be different. If Somepage and FFXIah are using the same ad providers then both sites could serve up the same malicious ads.

[METDeath]

And this is why you don't use realplayer... oh, and "buffering"

[Olorin401]

I don't think RP causes the vulnerability.. The source of the exploit is an ActiveX plugin to IE - which means you don't necessarily need to have Realplayer installed to be a target.

[Mhurron]

BTW, no this is different. FFXIah ads tried to get you to download a file (presumably a trojan) whereas sompage's main page has a hidden iframe that is trying to do things automatically in the background.

[Mhurron]

Quote:

Originally Posted by Olorin401

I don't think RP causes the vulnerability.. The source of the exploit is an ActiveX plugin to IE - which means you don't necessarily need to have Realplayer installed to be a target.

No, the FFXIah one seems to be a real player exploit which is why Real Player has to patch it.

[Olorin401]

Quote:

Originally Posted by Mhurron

Could be the same and could be different. If Somepage and FFXIah are using the same ad providers then both sites could serve up the same malicious ads.

The malicious ActiveX control is implanted in that little box, which is actually an inline frame.

I'm not saying it couldn't be in the banner ads on FFXIAH - I work with banner ads all day at work so I know what kind of funky stuff can be weaved into them. I'm actually thinking that maybe these hackers might also have compromised FFXIAH, in which case we'll find the same kind of inline frame somewhere on the page.
------------------------------------------

Quote:

Originally Posted by Mhurron

No, the FFXIah one seems to be a real player exploit which is why Real Player has to patch it.

Yeah.. this one on Somepage is the same exploit. Downloading the patch from Real will fix it.

[Ellipses]

Ha, nevermind. Thread kept going while I was typing and reading a bunch of stuff. Screw posterity! I'ma cover my dumbass tracks!

[DakAttack]

So how did Somepage get hacked? Giving away their information?

[Sabaron]

Ok, that really sucks, but that's why I run Firefox. RealPlayer hasn't been cool for a long time--and the exploit is a buffer overrun which is very very sloppy since Windows development environments have been updated since what... 1999 or 2000 to deprecate functions without buffer overrun checks on them. That's rather poor coding at best. Does anyone actually make content for RP any more? I mean content that's worth getting that's not also available for Flash? Also, I think RP is still a "thick" client whereas Adobe Flash is much lighter and better integrated with teh Intarweb.

Oh and on another note, I can't believe that GD Internet Explorer, after all Microsoft's To-do about "security" is still running these f'in Active-X controls without even the slightest notification. "Oh sure Mr. Unsigned Active-X control, you can go ahead and do whatever you like. Oh that user guy? Nah, we don't need to tell him, I'm sure he doesn't want to be bothered anyway. Now, do you accept Mastercard or Visa? I've got both numbers, we can just set him up for automatic billing right now, I'm sure he'll appreciate the efficiency."

[Taskmage]

Well hell, what site can I go to anymore? And the irony is I switched back to IE from Firefox specifically because Firefox wasn't blocking the popups on somepage.

[Mhurron]

Quote:

Originally Posted by DakAttack

So how did Somepage get hacked? Giving away their information?

Could be anything. Maybe their password to their hosting site was easy to guess. The site does seem to have been abandoned, at least updates wise so maybe they don't even know or care to look.

[Kerio]

Quote:

Originally Posted by Mhurron

Best fix, get that Real player crap off your system.

this forum is starting to scare me... and what's wrong with real player? I never use it, it's kinda just sitting there on my computer. I use this thing called Zoom player and it works great. Got it with this CCC pack or "combined community codec" thing.
And also can you please keep me updated on the ffxiah thing?? i always use that... just don't tell me ffxiclopedia is bad too... aaaah i'm running out of places to look at for cooking recipes! And i mean GOOD recipe lists, GOOD ones.