| |||||
| | #1 |
| Dynamis Guru Bronze Ribbon of Service Join Date: May 2006 Location: Roe Dilund
Posts: 590 Style: Light Theme V7 Thanks: 267
Thanked 54x in 45 Posts
My Mood: | WARNING - Somepage linked to account hijackings http://bluegartrls.com/forum/viewtopic.php?f=2&t=27256 A few weeks ago people were asking around about the ffxi database at Somepage.com not being updated. It turns out that the site was hacked. The hackers implanted a ActiveX control (Internet Explorer only) that will auto-download a javascript-based trojan onto your computer, which will steal your FFXI account information. This exploit can be patched by installing this software patch for Realplayer. As expected, the GMs are completely clueless to this, and have even stated to some players that the idea that a well-known FFXI informational website is the cause of the many compromised accounts recently. However they have supposedly made reports on this issue to the Special Task Force, so hopefully there will be a better response on SE's side. They can't claim that people are taking their chances anymore.. BG has setup a thread for the SPT to keep track of players whose accounts have been compromised. If you or someone you know has been hijacked, post the character information there. BTW, use Firefox and you can probably avoid this problem. Don't risk it though guys.
__________________ Olorin of Ramuh! At least I used to be.. now I'm Scoopster - Host of irc.gamesurge.net #ffxivbeta BRD77 WHM75 BLM75 RDM75 SCH50 SMN40 - TheAfterLife LS ![]() |
| | |
| | #2 |
| Chocobreeder Bronze Ribbon of Service | Re: WARNING - Somepage linked to account hijackings
Funny how people thought those same things were coming from FFXIAH... or are these different hackings?
__________________ Kindadarii (Bahamut) 80PUP / 80BRD / 66WHM / 58SMN / 42DNC 68.9 + 2 Woodworking 42.1 Synergy ![]() Breeding Chocobos? Visit Chocobreeder.com to find chocobos in your area! |
| | |
| | #3 |
| Something soft on my face Steelknight Emblem Join Date: May 2006 Location: Best Carolina
Posts: 5,801 Style: Light Theme V7 Thanks: 157
Thanked 2,276x in 1,290 Posts
| Re: WARNING - Somepage linked to account hijackings
Best fix, get that Real player crap off your system.
|
| | |
| | #4 |
| Something soft on my face Steelknight Emblem Join Date: May 2006 Location: Best Carolina
Posts: 5,801 Style: Light Theme V7 Thanks: 157
Thanked 2,276x in 1,290 Posts
| Re: WARNING - Somepage linked to account hijackings Could be the same and could be different. If Somepage and FFXIah are using the same ad providers then both sites could serve up the same malicious ads.
|
| | |
| | #5 |
| Junior Member Join Date: Oct 2003 Location: Kennesaw, GA
Posts: 343 Style: Light Theme V7 Thanks: 0
Thanked 0x in 0 Posts
| Re: WARNING - Somepage linked to account hijackings
And this is why you don't use realplayer... oh, and "buffering"
__________________ |
| | |
| | #6 |
| Dynamis Guru Bronze Ribbon of Service Join Date: May 2006 Location: Roe Dilund
Posts: 590 Style: Light Theme V7 Thanks: 267
Thanked 54x in 45 Posts
My Mood: | Re: WARNING - Somepage linked to account hijackings
I don't think RP causes the vulnerability.. The source of the exploit is an ActiveX plugin to IE - which means you don't necessarily need to have Realplayer installed to be a target.
__________________ Olorin of Ramuh! At least I used to be.. now I'm Scoopster - Host of irc.gamesurge.net #ffxivbeta BRD77 WHM75 BLM75 RDM75 SCH50 SMN40 - TheAfterLife LS ![]() |
| | |
| | #7 |
| Something soft on my face Steelknight Emblem Join Date: May 2006 Location: Best Carolina
Posts: 5,801 Style: Light Theme V7 Thanks: 157
Thanked 2,276x in 1,290 Posts
| Re: WARNING - Somepage linked to account hijackings
BTW, no this is different. FFXIah ads tried to get you to download a file (presumably a trojan) whereas sompage's main page has a hidden iframe that is trying to do things automatically in the background.
|
| | |
| | #8 |
| Something soft on my face Steelknight Emblem Join Date: May 2006 Location: Best Carolina
Posts: 5,801 Style: Light Theme V7 Thanks: 157
Thanked 2,276x in 1,290 Posts
| Re: WARNING - Somepage linked to account hijackings No, the FFXIah one seems to be a real player exploit which is why Real Player has to patch it.
|
| | |
| | #9 | |
| Dynamis Guru Bronze Ribbon of Service Join Date: May 2006 Location: Roe Dilund
Posts: 590 Style: Light Theme V7 Thanks: 267
Thanked 54x in 45 Posts
My Mood: | Re: WARNING - Somepage linked to account hijackings Quote:
![]() The malicious ActiveX control is implanted in that little box, which is actually an inline frame. I'm not saying it couldn't be in the banner ads on FFXIAH - I work with banner ads all day at work so I know what kind of funky stuff can be weaved into them. I'm actually thinking that maybe these hackers might also have compromised FFXIAH, in which case we'll find the same kind of inline frame somewhere on the page. ------------------------------------------ Yeah.. this one on Somepage is the same exploit. Downloading the patch from Real will fix it.
__________________ Olorin of Ramuh! At least I used to be.. now I'm Scoopster - Host of irc.gamesurge.net #ffxivbeta BRD77 WHM75 BLM75 RDM75 SCH50 SMN40 - TheAfterLife LS ![]() Last edited by Olorin401; 12-12-2007 at 06:18 AM. Reason: Automerged Doublepost | |
| | |
| | #10 |
| Just a glimpse of an ankle Allied Ribbon of Glory | Re: WARNING - Somepage linked to account hijackings
Ha, nevermind. Thread kept going while I was typing and reading a bunch of stuff. Screw posterity! I'ma cover my dumbass tracks!
__________________ Ellipses on Fenrir There is no rush. If you're not willing to take your time, don't be surprised when no one wants to give you much of theirs. <3, . . . Last edited by Ellipses; 12-12-2007 at 06:26 AM. |
| | |
| | #11 |
| Where The Bad Things Go Mythril Star Join Date: Jan 2005 Location: Confirmed
Posts: 3,994 Style: Light Theme V7 Thanks: 179
Thanked 487x in 344 Posts
| Re: WARNING - Somepage linked to account hijackings
So how did Somepage get hacked? Giving away their information?
|
| | |
| | #12 |
| Pink Mage Allied Ribbon of Bravery Join Date: May 2006 Location: Bastok/Illinois
Posts: 1,800 Style: Light Theme V7 Thanks: 196
Thanked 235x in 151 Posts
| Re: WARNING - Somepage linked to account hijackings
Ok, that really sucks, but that's why I run Firefox. RealPlayer hasn't been cool for a long time--and the exploit is a buffer overrun which is very very sloppy since Windows development environments have been updated since what... 1999 or 2000 to deprecate functions without buffer overrun checks on them. That's rather poor coding at best. Does anyone actually make content for RP any more? I mean content that's worth getting that's not also available for Flash? Also, I think RP is still a "thick" client whereas Adobe Flash is much lighter and better integrated with teh Intarweb. Oh and on another note, I can't believe that GD Internet Explorer, after all Microsoft's To-do about "security" is still running these f'in Active-X controls without even the slightest notification. "Oh sure Mr. Unsigned Active-X control, you can go ahead and do whatever you like. Oh that user guy? Nah, we don't need to tell him, I'm sure he doesn't want to be bothered anyway. Now, do you accept Mastercard or Visa? I've got both numbers, we can just set him up for automatic billing right now, I'm sure he'll appreciate the efficiency."
__________________ Last edited by Sabaron; 12-12-2007 at 06:33 AM. |
| | |
| | #13 |
| The Hare Administrator Steelknight Emblem | Re: WARNING - Somepage linked to account hijackings
Well hell, what site can I go to anymore? And the irony is I switched back to IE from Firefox specifically because Firefox wasn't blocking the popups on somepage.
__________________ - |
| | |
| | #14 |
| Something soft on my face Steelknight Emblem Join Date: May 2006 Location: Best Carolina
Posts: 5,801 Style: Light Theme V7 Thanks: 157
Thanked 2,276x in 1,290 Posts
| Re: WARNING - Somepage linked to account hijackings Could be anything. Maybe their password to their hosting site was easy to guess. The site does seem to have been abandoned, at least updates wise so maybe they don't even know or care to look.
|
| | |
| | #15 |
| Kerio | Re: WARNING - Somepage linked to account hijackings this forum is starting to scare me... and what's wrong with real player? I never use it, it's kinda just sitting there on my computer. I use this thing called Zoom player and it works great. Got it with this CCC pack or "combined community codec" thing. And also can you please keep me updated on the ffxiah thing?? i always use that... just don't tell me ffxiclopedia is bad too... aaaah i'm running out of places to look at for cooking recipes! And i mean GOOD recipe lists, GOOD ones. |
| | |
![]() |
| Tags |
| account, hijackings, linked, somepage, warning |
| Thread Tools | |
| Display Modes | |
| |