These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Trojans from EVE Online Browser?
Author
Previous Topic Next Topic
Private Pineapple
Brutor Tribe
Minmatar Republic
#1 - 2012-08-23 19:24:51 UTC  |  Edited by: Private Pineapple
So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me.

But.

This got interesting. Look where the trojan is from (picture link): http://i.imgur.com/PjxbI.jpg

So basically... I visited some site on the EVE Online browser which had a dirty javascript blackhole that infected me. Fortunately, only bad things happen to me if and only if I go back to the site again.

But that makes things interesting because then what would happen if I did? I'm not exactly sure how the EVE Online browser works in relation to your actual system. If I visited the site again, what exactly could happen? Would my system be infected, or would they be trying to interact with the EVE Online client itself?

The way I'm viewing this is the hole in the js doesn't matter to me since it's trapped in the EVE Online cache, but a more network security savvy person (or someone who knows more about how the EVE Online cache/browser could interact with the actual system running it) could clear me up on this.

EDIT: I'm wrong. The blackhole in the javascript is supposed to open up a gateway in any one or more vulnerabilities my computer may have due to installed software which allows an attacker to get into my computer. However my general question still stands, does this even work through the EVE Online cache? I'm not quite sure if they were viewing the vulnerabilities of the EVE Online client or my computer.

.
Alice Saki
Nocturnal Romance
Cynosural Field Theory.
#2 - 2012-08-23 19:36:17 UTC
Good Luck with that Andrew

FREEZE! Drop the LIKES AND WALK AWAY! - Currenly rebuilding gaming machine, I will Return.
James 315
Experimental Fun Times Corp RELOADED
CODE.
#3 - 2012-08-23 19:36:36 UTC
What kind of websites were you visiting? What?

MinerBumping.com
Private Pineapple
Brutor Tribe
Minmatar Republic
#4 - 2012-08-23 19:37:07 UTC  |  Edited by: Private Pineapple
Alice Saki wrote:
Good Luck with that Andrew


Yes, I left in my current user's name because what can you do with a first name that may or may not be mine? I left out my steam name for obvious purposes.

.
Private Pineapple
Brutor Tribe
Minmatar Republic
#5 - 2012-08-23 19:39:07 UTC
James 315 wrote:
What kind of websites were you visiting? What?


Does anyone ever know? Everyone pops into shady websites once in a while...

(mostly 9gag/4chan and lottery sites like somerblink, but there were 2 more lottery sites being spammed in jita chat)

.
CARB0N FIBER
Derailleurs
#6 - 2012-08-23 19:47:22 UTC
I like cuckoldspace and xhamster
Jim Era
#7 - 2012-08-23 19:47:51 UTC
your post is invalid.
I do not visit shady websites

Wat™
Ifly Uwalk
Perkone
Caldari State
#8 - 2012-08-23 19:54:36 UTC
In Soviet Russia shady website visits you!
Jack bubu
Caldari Provisions
Caldari State
#9 - 2012-08-23 19:56:47 UTC
i allways thought that jscript and flash are disabled for this very reason in the ingame browser..
Private Pineapple
Brutor Tribe
Minmatar Republic
#10 - 2012-08-23 19:58:42 UTC
Jack bubu wrote:
i allways thought that jscript and flash are disabled for this very reason in the ingame browser..


I know Flash is disabled but I think javascript is enabled. Even if someone confirms it is disabled - it has to be enabled for this thing to occur.

.
Sturmwolke
#11 - 2012-08-23 20:42:42 UTC
Lookup http://wiki.eveonline.com/en/wiki/Category:In-game_Browser for some info titbits.

Personally, I never set any website as trustworthy for the IGB (which grants intel), nor actively use the IGB for browsing or opening weblinks from ingame chats.
I'm usually very selective on the websites which I use the IGB for.
Ginger Barbarella
#12 - 2012-08-23 21:40:00 UTC
Private Pineapple wrote:
So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me.


You probably got it from clicking a link to a web page from 4Chan.

"Blow it all on Quafe and strippers." --- Sorlac
Nagamor
Imperial Academy
Amarr Empire
#13 - 2012-08-23 21:51:25 UTC
Word of Advice from an IT Guy. Get better antivirus.
Splodger
Brutor Tribe
Minmatar Republic
#14 - 2012-08-23 21:57:39 UTC
i think the trojan may have cleaned your desktop, jesus only the recycling bin on there!
Tippia
Sunshine and Lollipops
#15 - 2012-08-23 22:04:03 UTC
Splodger wrote:
i think the trojan may have cleaned your desktop, jesus only the recycling bin on there!

It's quite unsightly, I agree. You really should remove the recycling bin as well and have a proper desktop.
Private Pineapple
Brutor Tribe
Minmatar Republic
#16 - 2012-08-23 22:15:57 UTC
Ginger Barbarella wrote:
Private Pineapple wrote:
So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me.


You probably got it from clicking a link to a web page from 4Chan.


You can't "click" a link on 4chan, hyperlinking is disabled and you can only have hyperlinking on 4chan via an extension on a browser which is not possible on the EVE Online browser. Furthermore, why would I visit any links on 4chan that weren't obvious such as facebook, youtube, etc links? Any intellectual user on 4chan does not visit any untrusty looking links.

Nagamor wrote:
Word of Advice from an IT Guy. Get better antivirus.


The best antivirus is common sense and I rarely get infected anyways as I visit the same sites over and over. MSE is very lightweight and automatically scans any files that come into my system.

I am an "IT Guy" as well (just not network security) and I prefer using MSE as an "automatic antivirus" if you will. If I really need to know if my system is infected I use the more powerful malware tools such as MBAM, HJT, etc...

Splodger wrote:
i think the trojan may have cleaned your desktop, jesus only the recycling bin on there!


Most of my icons are in that folder next to the Start Menu button. I don't like icons cluttering up my desktop...

Tippia wrote:
It's quite unsightly, I agree. You really should remove the recycling bin as well and have a proper desktop.


It's quite a hassle as I often have deleted items in my Recycle Bin. I do know how to toggle it off but I am too lazy to do some sort of a routine "empty Recycle bin" once in a while.

.
Private Pineapple
Brutor Tribe
Minmatar Republic
#17 - 2012-08-23 22:22:12 UTC  |  Edited by: Private Pineapple
To reiterate, no one has answered my question, which is outlined below:

If you visit a webpage in the IGB (in-game browser) that would otherwise infect you if you were using your regular browser outside of the game, what would happen?

Does your system get infected, or does the virus attempt to infect the EVE Online client to no avail?

Either way if you do get some sort of malware on your computer that is only found in the EVE Online cache, what exactly does that mean? Is it stuck/isolated to the cache itself and is only active when the EVE Online Client is running?

The questions particular to my incident are relevant as well:

If you visit a webpage in the IGB (in-game browser) that injects the trojan in the OP which scans for vulnerabilities, is it scanning the vulnerabilities of your system or the EVE Online client?

I think the answers to such questions could be educational to everyone who reads this thread, including CCP. I'm sure their security guys will get a kick out of this.

.
Private Pineapple
Brutor Tribe
Minmatar Republic
#18 - 2012-08-23 22:22:49 UTC
double post*

.
Tiger Would
Doomheim
#19 - 2012-08-23 22:28:37 UTC
3/10 for effort and "photoshop"

Once you think you have it all, you have actually become ignorant towards everything else.

T. Would
Adalun Dey
Royal Amarr Institute
Amarr Empire
#20 - 2012-08-23 23:00:32 UTC
Is this a viral ad for a competing fantasy mmo?

[i]" Take my love, take my land, take me where I can not stand, I don't care, I'm still free. You can't take the sky from me. "[/i]
12Next page