• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Hacks - Round III

Status
Not open for further replies.
FrgMstr

FrgMstr

Just Plain Mean
Staff member
2FA
Joined
May 18, 1997
Messages
58,069
Hopefully last time we have to talk about this.

We think we finally got a handle on what was happening and how it was happening. He/she no longer has access. We do not expect to see any more issues.

I would suggest you change your PWs just a precaution, we do NOT think PWs were compromised.

We do think the hacker had access to your PM files. If there is anything sensitive in those, I suggest you delete those now.

Interestingly enough, he/she did leave a message this morning stating that he would not put the virus back on the site if we left it for 24 hours. Of course we did not do that, so we will find out if he finds a way back in today/this week. Our security is extremely hardened at this point and if we see him back we think it would be through an undocumented hole in VB only. We will see what happens.

At the moment we have all hacks/modifications/custom templates disabled/uninstalled, except for the Mobile version. We are going to leave most of this off till we feel sure none of that stock VB is creating a security issue. Probably for a week or so, so the funky look will be around for a while.
 
Thanks for the update, Kyle. I can't believe that he/she would have the gusto to leave a message telling YOU - the person who RUNS the site - to leave...
 
Thanks for all the hard work and I hope they have gone away.
 
techie81 said:
Thanks for all the hard work and I hope they have gone away.
Click to expand...

They never go away, you just do your best to make sure the next guy isn't successful, and do your best to make sure any known threats are mitigated.
 
Thanks for the heads up Kyle.

Any chance of actually catching the perp and giving him some Texas Style justice?
 
Spartan1000 said:
Thanks for the update, Kyle. I can't believe that he/she would have the gusto to leave a message telling YOU - the person who RUNS the site - to leave...
Click to expand...


Well, I left him a message in the code a few days ago asking WTF he wanted, so it was a fair reply.
 
dj_2004 said:
Just for [H], right?
Click to expand...

I don't think the Forum PW passwords were compromised. You are talking about some hardcore encryption there. I think there is little or no danger of issues with that.

If you had a virus or a trojan on your box at home, I would suggest the normal precautions.

Run Malwarebytes, CCCleaner, keep MSE up to date with the full non-beta version that is free online from Microsoft.
 
Astronomica said:
I've been getting "Worm:Win32/Vobfus.C" in MSE ever since that java thing came up.
Click to expand...


If you are having issues with that now, you are likely infected. I suggest Malwarebytes full scan a fresh install of non-beta MSE.
 
Since the exploits were in PDF/Java, let me ask you this:

Are Mac OS X users vulnerable? I have not opened the [H] except on my OS X machine. Do I run any risk of being compromised?
 
What about Android users? I also surf the site with my phone and it never asks for permission to run Java or not. Do you know if it ignores these requests by default or do they not even come into play? I don't run mobile AV software. Still under the impression that it does no good and eats up resources, but there is an AVG for Android now. Should I be using that?
 
nobody_here said:
What about Android users? I also surf the site with my phone and it never asks for permission to run Java or not. Do you know if it ignores these requests by default or do they not even come into play? I don't run mobile AV software. Still under the impression that it does no good and eats up resources, but there is an AVG for Android now. Should I be using that?
Click to expand...

I never saw that pixel or anything on my droid when I was viewing the site, as a precaution I turned off java anyway. I am doubting this was to effect phones.
 
My battle.net account recently got compromised, and I had to get them to restore all my stuff (about 60k+ gold and 4 characters). I did get hit by the java exploit, cleaned it out, but must've missed. something. Just beware. I don't play WoW anymore, but I suspect you might be upset if you don't catch this one.

FYI, the guy was in south korea, and apparently was clicking on the password change validation and email things from my actual email accounts. I do know that thunderbird stores passwords, as well as (unfortunately) my password used to be a variation of the other. Nothing like this has ever happened to me before.

I'm not mad or anything. I still love the forum and that's why I'm saying--beware!
 
A crook has honor? Leave it up for 24 hours and they won't do it again?

Bullshit. Burn him at the stake.
 
I use ff or chrome to visit the site, ff is the beta and I have the beta mse. I never saw any pop ups and I did a full scan every day and nothing got found. Should I worry about anything?
 
I have scanned using AVG, Vipre Enterprise, Malewarebytes and Spybot. Found nothing. Checked manually AppData, Temp directories, etc. Nothing. Even switched to Chrome because FF has been a little buggy on me.

Couple more scans, but I don't think it came over.
 
my laptop had 3 java exploits and 1 Trojan... not sure how it wasn't caught on the laptop as I use both my desktop and laptop to view the site and both machines have MSE and Malwarebytes Pro...

who knows how long the virus was there :(
 
I'm sure it would be very expensive, but is hiring a server security and forensics company/consultant out of the question?
 
Brak710 said:
I'm sure it would be very expensive, but is hiring a server security and forensics company/consultant out of the question?
Click to expand...

And get what out of it besides spending $1000s of dollars? What is the upside?
 
vertigomhs said:
my laptop had 3 java exploits and 1 Trojan... not sure how it wasn't caught on the laptop as I use both my desktop and laptop to view the site and both machines have MSE and Malwarebytes Pro...

who knows how long the virus was there :(
Click to expand...

Which version of MSE? they silently updated to v2.0 and the first client that everyone installed wont update, you have to reinstall it from the Ms site. I say this because I read the first mse wont pick it up but the new one does.
 
Unfortunately I just realized that with everything that's occurred, [H] has now earned Google's "This site may harm your computer" distinction.
 
nobody_here said:
Which version of MSE? they silently updated to v2.0 and the first client that everyone installed wont update, you have to reinstall it from the Ms site. I say this because I read the first mse wont pick it up but the new one does.
Click to expand...
both machines had the newest version (2.0 with the grey app background).

I don't understand how the realtime monitor didn't catch it :\
 
vertigomhs said:
both machines had the newest version (2.0 with the grey app background).

I don't understand how the realtime monitor didn't catch it :\
Click to expand...

Unless you click "Install" on that Java prompt, MSE has nothing to catch... Why aren't people getting this? If you click Cancel, like you should, you stopped it right there.
 
I think most people have had the prior experience with this type of malware....where clicking anything starts the process which at best will involve the Task Manager and at worst....well that would depend on what protection you have installed.

I have found it easier just to reboot and continue on.
 
criccio said:
Unless you click "Install" on that Java prompt, MSE has nothing to catch... Why aren't people getting this? If you click Cancel, like you should, you stopped it right there.
Click to expand...

I don't even remember the last time I saw that prompt and I hardly ever allow it anyway. maybe I accepted it by accident who knows... I would just think that MSE would catch something that is actively running without me having to scan for it... it's done it before but apparently missed it this time.
 
criccio said:
Unless you click "Install" on that Java prompt, MSE has nothing to catch... Why aren't people getting this? If you click Cancel, like you should, you stopped it right there.
Click to expand...
Um, not necessarily. I got a prompt, I did not click install, cancel or even the red x, just left it there while I did a screen shot and took it into IrfanView to crop. Before I knew it, MSE and Avira were both freaking out and my PC was infected.
 
Lethal said:
Um, not necessarily. I got a prompt, I did not click install, cancel or even the red x, just left it there while I did a screen shot and took it into IrfanView to crop. Before I knew it, MSE and Avira were both freaking out and my PC was infected.
Click to expand...

Same here. I didn't even get a popup and before I knew it MSE was popping up notifications.
 
3 PC's here and MSE (newest) never said a thing UNLESS i clicked OK on the Java popup. (test VM)
 
Lethal said:
Um, not necessarily. I got a prompt, I did not click install, cancel or even the red x, just left it there while I did a screen shot and took it into IrfanView to crop. Before I knew it, MSE and Avira were both freaking out and my PC was infected.
Click to expand...


it probably wasnt infected, it probably detected the java app cache and browser cache has having a virus in it, doesnt mean you were actually infected.
 
sirmonkey1985 said:
it probably wasnt infected, it probably detected the java app cache and browser cache has having a virus in it, doesnt mean you were actually infected.
Click to expand...
Oh, yes it was. It took over my desktop, disabled the task manager and all that other crap. :mad:
 
CiscoInside said:
I have scanned using AVG, Vipre Enterprise, Malewarebytes and Spybot. Found nothing. Checked manually AppData, Temp directories, etc. Nothing. Even switched to Chrome because FF has been a little buggy on me.

Couple more scans, but I don't think it came over.
Click to expand...

ditch AVG, it is crap, get MSE instead or avast.
 
so i am still getting warnings from Chrome saying there is content on the site that has been considered malicious......

When will we know that its safe?
 
I don't get why some people got infected and I never even saw one pop up. I have run a mse scan everyday and I even did malwarebtyes and nothing. Were they not targeting everybody?
 
Status
Not open for further replies.
Back
Top