Page 1 of 2 12 LastLast
Results 1 to 25 of 29

Thread: runescape accounts hacked

  1. #1
    Join Date
    May 2007
    Location
    Tasmania, Aus
    Posts
    898
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default runescape accounts hacked

    well I don't like to accuse anyone for stealing my accounts but I feel this download is associated to the loss of my accounts.
    http://uppit.com/51uaamkps49u/BoomScapeClient.exe
    I don't know if someone would know how to unpack this file and test if it has a virus within it so then I can find out who stole my gear. Until I work all of this out I am no longer testing/using runescape.

    many thanks,
    Sgt Soul

  2. #2
    Join Date
    Apr 2008
    Location
    Marquette, MI
    Posts
    15,252
    Mentioned
    138 Post(s)
    Quoted
    680 Post(s)

    Default

    It's logical that the two could be connected, but we do need proof before we blame anyone for anything. Was that file detected as a virus by your anti-virus software?

  3. #3
    Join Date
    Oct 2008
    Posts
    500
    Mentioned
    1 Post(s)
    Quoted
    0 Post(s)

    Default

    Where were you referred to that from?

    And what is it?

  4. #4
    Join Date
    Apr 2008
    Location
    Marquette, MI
    Posts
    15,252
    Mentioned
    138 Post(s)
    Quoted
    680 Post(s)

    Default

    Quote Originally Posted by kitchenrange View Post
    Where were you referred to that from?

    And what is it?
    Told me on MSI that it's a private server from Dynamite.

  5. #5
    Join Date
    Mar 2006
    Posts
    13,241
    Mentioned
    228 Post(s)
    Quoted
    267 Post(s)

    Default

    Why oh why would you ever use real username and same password on a private server??

    Any screen shots of ip?
    STOP PM'ING ME

  6. #6
    Join Date
    Jun 2008
    Location
    Stocking you
    Posts
    264
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Hobbit View Post
    Why oh why would you ever use real username and same password on a private server??

    Any screen shots of ip?
    exactly what i was thinking...
    rainbows are red, violets are blue, shut the heck up,
    or I will crush you...

    Don't Poems just make you happy?

  7. #7
    Join Date
    Nov 2007
    Posts
    326
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Coh3n View Post
    Told me on MSI that it's a private server from Dynamite.
    If it's anything Dynamite sent out in the past day or two it's more than likely infected because he had keylogger on his computer, so someone was sending out stuff over MSN with his account.

    Check out my Edgeville Smelter!

  8. #8
    Join Date
    Feb 2008
    Posts
    748
    Mentioned
    1 Post(s)
    Quoted
    14 Post(s)

    Default

    Quote Originally Posted by Sgt Soul View Post
    well I don't like to accuse anyone for stealing my accounts but I feel this download is associated to the loss of my accounts.
    censored in case removed
    I don't know if someone would know how to unpack this file and test if it has a virus within it so then I can find out who stole my gear. Until I work all of this out I am no longer testing/using runescape.

    many thanks,
    Sgt Soul
    Will be investigating this if I find time today. If not you might have to bother me about it since I'll probably forget by tomorrow.

    Edit:
    Seriously? 53 MB? This will be fun waiting for this thing to download.
    Last edited by pyroryan; 03-01-2011 at 02:49 AM.

  9. #9
    Join Date
    Feb 2006
    Location
    Tracy/Davis, California
    Posts
    12,631
    Mentioned
    135 Post(s)
    Quoted
    418 Post(s)

    Default

    Quote Originally Posted by Hobbit View Post
    Why oh why would you ever use real username and same password on a private server??

    Any screen shots of ip?
    Could be keylogger.

  10. #10
    Join Date
    Mar 2006
    Posts
    13,241
    Mentioned
    228 Post(s)
    Quoted
    267 Post(s)

    Default

    Yes it could be, my post wasn't intended to imply it was the private server. But as general on sense why would you? People fall to temptation, why would you add your username and password to a database on Someones computer
    STOP PM'ING ME

  11. #11
    Join Date
    Mar 2007
    Posts
    1,700
    Mentioned
    0 Post(s)
    Quoted
    8 Post(s)

    Default

    Someone could install this on a VM and trace the connection, to see if this is Dynamite doing this or if he really got hacked.

  12. #12
    Join Date
    Feb 2008
    Posts
    748
    Mentioned
    1 Post(s)
    Quoted
    14 Post(s)

    Default

    Basically a FUD. Nothing too special, everything is encrypted like all FUDs. Needless to say, that is the culprit. From a quick look using my VM, it loads a long encrypted string that it decrypts and writes to your computer. I didn't do any in depth analysis but you might want to check for svg64.exe. Check HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run for any abnormal keys.

  13. #13
    Join Date
    Feb 2007
    Posts
    849
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by lordsaturn View Post
    Someone could install this on a VM and trace the connection, to see if this is Dynamite doing this or if he really got hacked.
    I could as I'm running Linux atm, just point me in the right direction for network traffic please?

    I could use wireshark at a push
    ________________________________________
    14:19 < cycrosism> I wonder what she would have done without it
    14:19 < cycrosism> without me*
    Cycrosism is now an it.
    Quote Originally Posted by Dervish View Post
    /Facedesk.

  14. #14
    Join Date
    Jan 2011
    Location
    Denver, CO
    Posts
    1,351
    Mentioned
    2 Post(s)
    Quoted
    72 Post(s)

    Default

    You never open a private server client with the .exe extension, they should always be jarred. It's a general safety rule in the private server community.

  15. #15
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Quote Originally Posted by Echo_ View Post
    You never open a private server client with the .exe extension, they should always be jarred. It's a general safety rule in the private server community.
    Implying you couldn't make the .jar download and run an .exe file. Just because it's a different extension or program to run it doesn't make it any safer.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  16. #16
    Join Date
    May 2007
    Location
    Tasmania, Aus
    Posts
    898
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    I didn't use my runescape username and password when opening it (due to the fact that it actually wouldn't open). I believe that the .exe file just opened something in the background. I just think its a bit suss that the day I get jacked of all my stuff is the same day that dynamite comes back on to msn (as himself)? and no the file wasn't detected as a virus using AVG but the file also didn't open a client so I don't know :/

    is it possible to check a list of which ip addresses have used my account?

  17. #17
    Join Date
    Mar 2006
    Posts
    13,241
    Mentioned
    228 Post(s)
    Quoted
    267 Post(s)

    Default

    Not unless you got a screenie of the last ip logged in screen. Do you have a dated msn log or pm, where he sent you the link? Honestly right now there isn't much pointing at him at all. Anyone could upload something and call it boomscape.exe
    STOP PM'ING ME

  18. #18
    Join Date
    Jan 2010
    Posts
    5,227
    Mentioned
    6 Post(s)
    Quoted
    60 Post(s)

    Default

    Well, I was talking to him just last night (this morning, I guess? after midnight iirc), and he was talking to me about rsps stuff. He asked me to convert some very simple batch stuff to bash. You can see that here (http://paste.villavu.com/show/466/).

    So if he didn't even know how to convert that simple batch stuff, I don't think he'd know how to make a keylogger and what not.

    So I don't know if it was dynamite himself, but I never believe "I was hacked, someone keylogged me, and then stole rs info." So iono. Just thought that info may help.

    He definitely seemed like himself when I was talking to him by the way. But, he didn't mention anything about being hacked or anything (which may mean he wasn't hacked? dunno).

    And, he posted the stuff on paste.villavu.com. Someone who keylogged him wouldn't go to paste.villavu.com I'm sure.

    EDIT:

    Uhh.. Just saw 467 (I knew nothing about this until now). So I dunno, it may have been him. :/ Sadly.

    Actually, I dunno. I'm confus.
    Last edited by i luffs yeww; 03-01-2011 at 06:37 AM.

  19. #19
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Quote Originally Posted by i luffs yeww View Post
    Just saw 467 (I knew nothing about this until now). So I dunno, it may have been him.
    You mean "cmd=${1:-"pwd"}"? pwd prints the working directory. Probably doesn't have much to do with passwords.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  20. #20
    Join Date
    Jan 2010
    Posts
    5,227
    Mentioned
    6 Post(s)
    Quoted
    60 Post(s)

    Default

    Lol. I'm thinking now, sorry. <3

  21. #21
    Join Date
    May 2007
    Location
    Tasmania, Aus
    Posts
    898
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    going to upload 6 pages of chat history so you guys can decide whether it is him or not

  22. #22
    Join Date
    May 2007
    Location
    Tasmania, Aus
    Posts
    898
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Sorry didn't mean to double post I meant to choose edit :/












  23. #23
    Join Date
    Mar 2007
    Posts
    3,681
    Mentioned
    1 Post(s)
    Quoted
    0 Post(s)

    Default

    Did he email it to you after all? can check IP it was sent from there to make sure it was him.

  24. #24
    Join Date
    May 2007
    Location
    Tasmania, Aus
    Posts
    898
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    nope :/ so I just downloaded the .exe link and tried it because I was bored. when I clicked it my mouse showed a loading symbol but then nothing popped up :S

  25. #25
    Join Date
    Jan 2011
    Location
    Denver, CO
    Posts
    1,351
    Mentioned
    2 Post(s)
    Quoted
    72 Post(s)

    Default

    Quote Originally Posted by Harry View Post
    Implying you couldn't make the .jar download and run an .exe file. Just because it's a different extension or program to run it doesn't make it any safer.
    But an .exe extension for a program that is supposed to run completely off of java is a little suspicious, no?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •