Results 1 to 22 of 22

Thread: Interesting Simba scam

  1. #1
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default Interesting Simba scam

    Hey guys, I am shocked and puzzled as to how this have occurred.

    Let me explain what happened.

    I have purchased a script from Aligndude from Sythe who is confirmed to be Mat from Villavu. I have in no solid evidence that Mat did hacked me, just explaining how I ended up like this.

    This is the link to his selling thread on Sythe http://www.sythe.org/showthread.php?t=1347787

    The script worked like a charm and it was all good for a week then just today something very interesting happened. This script gave some command to auto-shut down my pc and with it, took contorl of the Smart Manager and hacked my bank.

    The pin was useless as the hacker has direct access to the bank like it was botting.

    Now, I also have some details about this. When Mat sells any script, he would have his customers create a new account on his own Website. This is the link
    http://www.matsscripts.co.uk/

    And here is a portion of the script which requires users to key in their account info of Mat's website.

    Code:
    Const
      UserMs = 'Key in MatsScript user here';//www.MatsScrits.Co.Cc User
      PassMs = 'MatsScript Pass here';//www.MatsScrits.Co.Cc Pass
      Pouches = True;//Pouches?
      AirStaff = True; //Using a Air Staff?
    With it, the script needs to have this website's user and pass to even run. I do believe that he uses this to hack into his customer.

    Now, I need some help if Mat may have done it or is it someone have found a way to compromise the Smart Manager.

  2. #2
    Join Date
    Oct 2007
    Location
    #srl
    Posts
    6,102
    Mentioned
    39 Post(s)
    Quoted
    62 Post(s)

    Default

    So you're saying you used the same password on the website as you do for RS? If so, that's a pretty foolish idea.

    If you PM the script to someone knowledgeable they can surely let you know if there is any malicious code included.

  3. #3
    Join Date
    Feb 2006
    Location
    Tracy/Davis, California
    Posts
    12,631
    Mentioned
    135 Post(s)
    Quoted
    418 Post(s)

    Default

    I'd PM mat on Sythe/SRL and talk to him about it first.

    I'm pretty lost on what you are saying.
    1) Script shut down your PC?
    2) Script took control of Smart Manager?

    If your PC is shut down, how did that happen?
    Also smart manager (as far as I know) just manages opening/closing simba/smart no actual interaction with runescape itself.

    Also how do you know it was the script/smart manager that did this to you? Did you see it happen or something? How do you know if wasn't something else you downloaded?

    Also, if you go to C:\Simba\Includes\SRL\Logs\IPLogs it will show an image of ever IP address logged in (assuming you let simba log you in, not logged in manually).

    Have you recovered the account? If so, did you take note of the last logged in IP address?

  4. #4
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    For starters, I did not use the same password one his website as my Runescape one.

    I also did not enter any account information or bank pin into his script.

    Here's a more detailed explanation.

    I ran the script like every other normal day and it worked for 1 hours. Until then, my pc just Auto-shut (Like Force shutdown) down on its own. Interestingly, the Smart Manager was the last thing I saw before my screen went blank.

    My character was in Castlewars at that time I was shut downed. During this period, I tried re-starting my computer and it just auto-shutdown like 4-5 times. It was until 5 mins later then I was able to get my computer back to normal. [Did nothing as I cannot access anything. It shut me down in 10 seconds whenever I got to my Desktop.]

    When I logged back in Runescape, Alas, I was standing in the G.E with the bank hacked, even with a pin.
    Last edited by GodGenesis; 05-10-2012 at 05:34 AM.

  5. #5
    Join Date
    Jan 2009
    Location
    Turlock/LA, California
    Posts
    1,494
    Mentioned
    3 Post(s)
    Quoted
    66 Post(s)

    Default

    ------

    EDIT: my comment was not taken as i had intended it to be. i wrote it in a harsh manor, thus now that i am awake, i have decided to remove it. all i wanted to do was show that there is little accountability with paid scripts on other sites, and this could lead to events such as this. i am sorry if my original post offended anyone
    Last edited by x[Warrior]x3500; 05-10-2012 at 04:11 PM.

  6. #6
    Join Date
    Feb 2006
    Location
    Tracy/Davis, California
    Posts
    12,631
    Mentioned
    135 Post(s)
    Quoted
    418 Post(s)

    Default

    I don't think Simba (when running SMART/Targeted to RS) can do anything outside of it.
    But it IS possible that the script shut down your computer, sure.

    Seeing Smart maanger last means nothing really. When you shut down with programs still open, windows just closes them all for you before shutting down, that was just 'luck'/random that smart manager happened to be last.

    As for not being able to turn your computer on for an extended period of time, that for sure is not the work of simba. Sibma does not/can not auto start, open a script, and run it or block your computer from turning on at all. That is not the work of simba.

    That is however pretty damn odd behavior, not being able to have computer on at desktop for over 10 seconds... sounds like you've downloaded something else malicious which may have caused it.

    Quote Originally Posted by x[Warrior]x3500 View Post
    If you dont know how to script, why do you use a script that only the author knows wats in it. you put your full faith in the author of that script, and these things can happen when you do that. i am not saying that the script was malicious, im just sayin you are stupid for buying a script w/o knowing what the hell is inside of it. learn to script and this would never happen. many people here are willing to help, and there are tons of tutorials. the only thing holding a leecher back is laziness.

    now this occured on sythe, so nothing should happen to the person on this forum. srl does not promote nor encourage script selling/buying. why are you posting this on these forums?
    Meh. Do YOU know the code and exactly how ever program you use/buy works? Nah. He bought it because it was a product he was interested in, and the person seemed (and probably still is) treatable.

    Yeah script selling is not allowed/condoned at SRL, but if a member at SRL is scamming elsewhere, action should be taken here at SRL too to stop it.

  7. #7
    Join Date
    Mar 2012
    Location
    Australia
    Posts
    625
    Mentioned
    0 Post(s)
    Quoted
    18 Post(s)

    Default

    I am certain this is a rat. the guy shutting you down so he has time to get everything from you bank, not denying that this could have been matt, but i think that guy would already be rich enough to not even waste his time hacking peoples accounts.
    Bored of playing rs, and bored of botting it, why am i here?

  8. #8
    Join Date
    Mar 2012
    Posts
    426
    Mentioned
    0 Post(s)
    Quoted
    9 Post(s)

    Default

    Quote Originally Posted by x[Warrior]x3500 View Post
    If you dont know how to script, why do you use a script that only the author knows wats in it. you put your full faith in the author of that script, and these things can happen when you do that. i am not saying that the script was malicious, im just sayin you are stupid for buying a script w/o knowing what the hell is inside of it. learn to script and this would never happen. many people here are willing to help, and there are tons of tutorials. the only thing holding a leecher back is laziness.

    now this occured on sythe, so nothing should happen to the person on this forum. srl does not promote nor encourage script selling/buying. why are you posting this on these forums?
    So you are saying if a member here is hacking accounts on another site, we should allow him to continue to be a member in our community? That doesn't make any sense. I am in no way saying Mat's script has any malicious code, just hypothetically. Also, an overly aggressive post like that is not going to make him want to learn scripting any faster.

    But on topic. I would think that the script could shut down your computer once, but wouldn't that terminate the script and prevent it from continuously restarting the computer?
    Last edited by iBlank; 05-10-2012 at 05:53 AM.

  9. #9
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    I truly appreciate all the responds and help I have been getting. I do admit that I should have learnt scripting myself and this is a lesson learnt the hard way.

    I am sorry that I have broken some rules on this forums but I just need some tips from the experts as to how did this happened. As for downloading something malicious, I've only downloaded an SPS file and a Version 4 of the script from Mat's site.

    Thanks once again for all the help I have received.

  10. #10
    Join Date
    Feb 2006
    Location
    Tracy/Davis, California
    Posts
    12,631
    Mentioned
    135 Post(s)
    Quoted
    418 Post(s)

    Default

    Most of us/I'm saying we don't think its Simba/anything Simba related.

    Simba can possible shut down your computer, but it definitely can't continuously shut it down/keep from you staying on it.

  11. #11
    Join Date
    Nov 2011
    Posts
    1,589
    Mentioned
    9 Post(s)
    Quoted
    17 Post(s)

    Default

    Dude that is for my server to allow scripts to go online if a mod want to see my script they can do..
    I do that to help stop people passing it round, I can show you my user lists if you want to see them and see my databases and what im storing if you want, do go accusing me of stuff that I am not doing!
    The Script never shuts down ur pc.



    ^^

  12. #12
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by YoHoJo View Post
    Most of us/I'm saying we don't think its Simba/anything Simba related.

    Simba can possible shut down your computer, but it definitely can't continuously shut it down/keep from you staying on it.
    Alright! Thanks for shedding some light into this matter.

    I am just cracking my head as to how this can happen...

  13. #13
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Mat View Post
    Dude that is for my server to allow scripts to go online if a mod want to see my script they can do..
    I do that to help stop people passing it round, I can show you my user lists if you want to see them and see my databases and what im storing if you want, do go accusing me of stuff that I am not doing!
    The Script never shuts down ur pc.
    I am sorry if I sounded harsh to you but you are my only suspect in this case, unless someone have found a way to do this...
    I am glad that you responded here too, I mean no harm to you.

  14. #14
    Join Date
    Nov 2011
    Posts
    1,589
    Mentioned
    9 Post(s)
    Quoted
    17 Post(s)

    Default

    GodGensis.

    All your UserMs and PassMs is to allow the script to login to my server. Thats all.
    And also where is the proof that I hacked you? Making Slanderous comment which is deformation of character which is a crime in my country So you will show me your solid proof it was me, Also I can show everyone Mod+ All my files that have script link outs and they can see they are doing nothing. About your Account!
    Also, I have over 40 users all using the scripts.
    Also what is the IP the mods can check against me.
    E:And show them the webpages taking the information.



    ^^

  15. #15
    Join Date
    Nov 2011
    Posts
    67
    Mentioned
    0 Post(s)
    Quoted
    8 Post(s)

    Default

    I really dont think Matt would do that. I dont even think IF he could do that.

    Maybe run a scan from malwarebytes?

  16. #16
    Join Date
    Oct 2011
    Posts
    805
    Mentioned
    21 Post(s)
    Quoted
    152 Post(s)

    Default

    You have propably RAT ,you should scan your computer.
    Mat has nothing to do with it.

  17. #17
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by redgiant61 View Post
    I really dont think Matt would do that. I dont even think IF he could do that.

    Maybe run a scan from malwarebytes?
    Yes I have and there was no malicious threats been detected.

  18. #18
    Join Date
    Oct 2008
    Location
    C:\Simba\Includes\
    Posts
    7,566
    Mentioned
    19 Post(s)
    Quoted
    180 Post(s)

    Default

    I can 99.9% promise you it was a RAT. I've seen Mat's code, I've deobbed it, and there is nothing malicious in there. The Username/password that you send in the code is only so it can connect to his server, grab values, and go on.

    I'd reformat your computer, RATs are not detected by AV software.
    Away for awhile, life is keeping me busy. | Want to get my attention in a thread? @Kyle Undefined; me.
    { MSI Phoenix || SRL Stats Sigs || Paste || Scripts || Quotes || Graphics }

    When posting a bug, please post debug! Help us, help you!

    I would love to change the world, but they won't give me the source code. || To be the best, you've got to beat the rest. || Logic never changes, just the syntax.
    If you PM me with a stupid question or one listed in FAQ, or about a script that is not mine, I will NOT respond.


    SRL is a Library of routines made by the SRL community written for the Program Simba. We produce Scripts for the game Runescape.


  19. #19
    Join Date
    Oct 2011
    Posts
    805
    Mentioned
    21 Post(s)
    Quoted
    152 Post(s)

    Default

    Propably java FUD

  20. #20
    Join Date
    Feb 2012
    Location
    Somewhere, over the rainbow...
    Posts
    2,272
    Mentioned
    3 Post(s)
    Quoted
    45 Post(s)

    Default

    Quote Originally Posted by GodGenesis View Post
    Yes I have and there was no malicious threats been detected.
    Use MalwareBytes Anti-Malware

    Also download Advanced Task Manager

  21. #21
    Join Date
    Mar 2012
    Location
    Singapore
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Alright thanks guys!

    A mod can close this now. I am convinced that Simba does not play a role in here.

    And Mat, I am sorry about my accusation.

  22. #22
    Join Date
    Nov 2011
    Posts
    72
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Kyle Undefined View Post
    I can 99.9% promise you it was a RAT. I've seen Mat's code, I've deobbed it, and there is nothing malicious in there. The Username/password that you send in the code is only so it can connect to his server, grab values, and go on.

    I'd reformat your computer, RATs are not detected by AV software.
    Concurred, what you discribed sounds 100% like a rat. As Kyle said reformat and change all your passwords.
    I like making stuff.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •