These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Keylogger and Malware via Ingame Links

First post
Author
Tigihome
Republic Military School
Minmatar Republic
#1 - 2016-09-14 22:26:26 UTC  |  Edited by: Tigihome
O7 Pilots

A large number of Links in locals and Bios of "Isk service" chars or other "nices Guys" contains Malware and Keylogger.

i Testet the links on VMs.

watch out for some strange endings like .ls / .rt / .gg / .wtf / .to and thinks like that.


More informations in german General Discussion, topic "Vom "Isk double service" zum Hacker"


O7 fly and klick save
Ralph King-Griffin
New Eden Tech Support
#2 - 2016-09-14 22:45:47 UTC
Cheers for the heads up mate.
o7
TigerXtrm
The Scope
Gallente Federation
#3 - 2016-09-14 22:50:57 UTC
The unavoidable downside of doing away with the ingame browser, I guess.

My YouTube Channel - EVE Tutorials & other game related things!

My Website - Blogs, Livestreams & Forums

Jonah Gravenstein
Machiavellian Space Bastards
#4 - 2016-09-14 22:51:59 UTC
Thanks for the warning.

I hope that you've reported the people with those links in their bio to CCP, I can't see them standing for those kinds of shenanigans.

In the beginning there was nothing, which exploded.

New Player FAQ

Feyd's Survival Pack

Sobaan Tali
Caldari Quick Reaction Force
#5 - 2016-09-15 02:49:09 UTC
Much appreciated for the warning. Thanks.

"Tomahawks?"

"----in' A, right?"

"Trouble is, those things cost like a million and a half each."

"----, you pay me half that and I'll hump in some c4 and blow the ---- out of it my own damn self."

Anthar Thebess
#6 - 2016-09-15 09:53:13 UTC
CCP Peligro
Doomheim
#7 - 2016-09-15 11:47:14 UTC
Hey, good looking out!

Please report people spreading malware/sketchy links through the ticket system, either through the help desk at https://support.eveonline.com/hc/en-us or by email to support@eveonline.com.
Knowingly sending out bad or otherwise malicious links is not allowed.

You may also email the security team directly at security@ccpgames.com; replies may or may not be sent here, depending on the volume. The inbox is monitored daily.

To be clear, I don't want a ticket every time someone links to an edgy picture hosted on imgur in local, but if you suspect or know that the link is malicious, please let us know about it.

https://www.virustotal.com/ is a great resource for scanning URL's and files.

Appreciate the help and stay vigilant, friends!

CCP Peligro - Team Security

Tipa Riot
Federal Navy Academy
Gallente Federation
#8 - 2016-09-15 12:03:13 UTC
It would be even better if you could introduce a configuration where I can define what browser and parameters I would like to start the link with ... a sandboxied chrome comes to my mind.

I'm my own NPC alt.

Nalia White
Tencus
#9 - 2016-09-15 16:52:09 UTC
it was clear from the start that this would happen without the ingame browser.

CCP should just deactivate links to websites to save themself a lot of tickets...

Syndicate - K5-JRD

Home to few, graveyard for many

My biggest achievement

Dirty Forum Alt
Forum Alts Anonymous
#10 - 2016-09-15 19:00:22 UTC
Nalia White wrote:
it was clear from the start that this would happen without the ingame browser.

CCP should just deactivate links to websites to save themself a lot of tickets...

I hardly think that is needed - besides it would generate even more complaints.

Once the perpetrators get muted/banned the supply of bad links will dry up pretty quickly I imagine. Sure there will always be a couple out there but not enough to justify removing links entirely.

The dead swans lay in the stagnant pool. They lay. They rotted. They turned Around occasionally. Bits of flesh dropped off them from Time to time. And sank into the pool's mire. They also smelt a great deal.

Paula Nancy Millstone Jennings (Sussex)

Shallanna Yassavi
Imperial Academy
Amarr Empire
#11 - 2016-09-15 19:05:50 UTC
Dirty Forum Alt wrote:
Nalia White wrote:
it was clear from the start that this would happen without the ingame browser.

CCP should just deactivate links to websites to save themself a lot of tickets...

I hardly think that is needed - besides it would generate even more complaints.

Once the perpetrators get muted/banned the supply of bad links will dry up pretty quickly I imagine. Sure there will always be a couple out there but not enough to justify removing links entirely.

It depends on how determined they are and how many throwaway accounts they throw at us.

Simplest solution: no links from trials.

A signature :o

Dirty Forum Alt
Forum Alts Anonymous
#12 - 2016-09-15 19:08:24 UTC
Shallanna Yassavi wrote:
Dirty Forum Alt wrote:
Nalia White wrote:
it was clear from the start that this would happen without the ingame browser.

CCP should just deactivate links to websites to save themself a lot of tickets...

I hardly think that is needed - besides it would generate even more complaints.

Once the perpetrators get muted/banned the supply of bad links will dry up pretty quickly I imagine. Sure there will always be a couple out there but not enough to justify removing links entirely.

It depends on how determined they are and how many throwaway accounts they throw at us.

Simplest solution: no links from trialsAlpha Clones.

Fixed that for you ^


But yeah that would work - and it would be another way to encourage them to upgrade I suppose.

The dead swans lay in the stagnant pool. They lay. They rotted. They turned Around occasionally. Bits of flesh dropped off them from Time to time. And sank into the pool's mire. They also smelt a great deal.

Paula Nancy Millstone Jennings (Sussex)

Dan Seavey Allier
Seavy Acquisitions
#13 - 2016-09-15 19:09:12 UTC

i agree.


Alpha clones will be used for this purpose as throw aways.
One of the downsides of them i suppose, but I'm not against them.

Treat the links like any other on the net. Click at your own risk.

Dan

Honey Never Sleeps. - John Russell

Dirty Forum Alt
Forum Alts Anonymous
#14 - 2016-09-15 19:11:40 UTC
If things like this become a big enough problem with alpha clones CCP is going to have to start looking into bans that extend beyond an "account" to an IP address/email address/etc most likely.

Fun times ahead for team security - I don't envy them.

The dead swans lay in the stagnant pool. They lay. They rotted. They turned Around occasionally. Bits of flesh dropped off them from Time to time. And sank into the pool's mire. They also smelt a great deal.

Paula Nancy Millstone Jennings (Sussex)

Geronimo McVain
The Scope
Gallente Federation
#15 - 2016-09-15 19:53:42 UTC
That's the nice and scary part of a steam account. Doing wrong in one game can have widespread consequences. IMHO alpha accounts should be linked to a credit card or a steam account which will make banning people more effective because you can create a throwaway email address in seconds but nobody will do this with credit cards or a steam account.
Revis Owen
Krigmakt Elite
Safety.
#16 - 2016-09-15 20:07:19 UTC
Dirty Forum Alt wrote:
Once the perpetrators get muted/banned

Fixed.

Agent of the New Order http://www.minerbumping.com/p/the-code.html If you do not have a current Mining Permit, please contact me for issuance.

Shallanna Yassavi
Imperial Academy
Amarr Empire
#17 - 2016-09-15 20:16:35 UTC
Dirty Forum Alt wrote:
If things like this become a big enough problem with alpha clones CCP is going to have to start looking into bans that extend beyond an "account" to an IP address/email address/etc most likely.

Fun times ahead for team security - I don't envy them.

Those won't work.
IP address, meet proxy and/or dynamic IP.
Email address, meet new throwaway free email account.

A signature :o

Dirty Forum Alt
Forum Alts Anonymous
#18 - 2016-09-15 20:18:37 UTC
Shallanna Yassavi wrote:
Dirty Forum Alt wrote:
If things like this become a big enough problem with alpha clones CCP is going to have to start looking into bans that extend beyond an "account" to an IP address/email address/etc most likely.

Fun times ahead for team security - I don't envy them.

Those won't work.
IP address, meet proxy and/or dynamic IP.
Email address, meet new throwaway free email account.

Aye, nothing is perfect, that is why I don't envy them P

The dead swans lay in the stagnant pool. They lay. They rotted. They turned Around occasionally. Bits of flesh dropped off them from Time to time. And sank into the pool's mire. They also smelt a great deal.

Paula Nancy Millstone Jennings (Sussex)

DeODokktor
Dark Templars
The Fonz Presidium
#19 - 2016-09-16 22:12:30 UTC
Why doesn't WG simply run URL's that are pasted in public chat through URL filters to see if someone is pushing malware.
I doubt it would be a huge drain on their resources, and they could automagically ban people for doing this sorta stuff.

It would be nice if all types of "shortcuts" in chat looked different. A lot of stuff in jita now is just typed over with something else, so "WTS Trit" now leads to in-game "Porn Chat"...
Heinrich Harkkon
Trumpstaffel
#20 - 2016-09-17 11:54:31 UTC  |  Edited by: Heinrich Harkkon
Shallanna Yassavi wrote:
Dirty Forum Alt wrote:
If things like this become a big enough problem with alpha clones CCP is going to have to start looking into bans that extend beyond an "account" to an IP address/email address/etc most likely.

Fun times ahead for team security - I don't envy them.

Those won't work.
IP address, meet proxy and/or dynamic IP.
Email address, meet new throwaway free email account.

Ban the PayPal account linked to the offending account.
Edit: Derp, forgot about trial accounts. Roll

"I had a dream that CCP Guard's naked photos leaked on the internet.

I discussed it and people were surprised how small it is, I mean his sausg.

Sorry for imagining you with little wee wee."

- Nana Skalski, 2016.

12Next page