Jump to content


Photo

Password hackers


  • Please log in to reply
5 replies to this topic

#1 Arwen

Arwen

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 26 May 2007 - 09:17 AM

I have a long standing account in an online RPG. My character is fairly wealthy in game terms, is head of a wealthy 'clan' which has a wealthy bank account. Or 'had'. Recently while online and in the game chat room with another clan officer we received a message from another player which said 'have fun with Ophcrack and John the Ripper'. By the time we realised what these names meant, the bank account had been emptied out.

Now I am not particularly worried about losing imaginary stuff in an online game, however having researched a little into these programs, as far as I can see, they are password retrieving programs which can also be used to infiltrate a third party's computer via Windows or whatever system they may use. Only three people had the password to this account, myself and two friends. It was never given out to anyone else. I personally use Windows XP home, my one friend has a Mac and the other a laptop using Windows. I have run Spybot and my antivirus and found nothing untowards. Addressing the wider issue here, I am interested to know how these programs work and what threat they pose to our general security. Was one of our three computers gotten into? Can we avoid it happening again? I have, by the way, changed my Windows password to one over 14 digits long as I understand that this makes it unguessable by these programs.

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 26 May 2007 - 09:32 AM

It is likely that what you are describing is a keylogger rather than a password cracker... Keyloggers record each keystroke and some of them will dig through old records for things that look like account numbers and passwords... This suggests that one of you has a keylogger and that everything you have done on the computer is at risk... It would be a good idea to read the FAQ and run scans, then post a log in Malware Removal to have it checked... This would apply to you and the other person using Windows...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 Arwen

Arwen

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 29 May 2007 - 07:13 AM

Hi
Thanks for your advice. I have run AVG and hijackthis. Before I post the logs in a thread in 'Malware', it would seem that my AVG log is very, very long :oops: Should I post it as is, or would it be better to link it in some way?

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 29 May 2007 - 08:25 AM

If the AVG AS log is full of cookies (which is typical), you can delete the duplicate cookies and just post the most relevant sections, but be sure to note that in the post so that the helper knows what you did... If there isn't anything other than cookies, you can probably just say you ran AVG AS and that is all you got...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 racooper

racooper

    Master of my own Domain

  • Emeritus
  • PipPipPipPipPip
  • 1,420 posts

Posted 30 May 2007 - 12:32 AM

Ophtcrack and John the Ripper are password "auditing" programs that have legitimate uses in security administration. They are normally used by network admins to test the strength of passwords on their network/Active Directory/NT domains and *nix boxen.

It sounds like someone was able to get ahold of a couple of your local PC registry files (called SYSTEM and SAM, located in %windir%\system32\config) and run password cracking routines against them. Now, if your PC password and game password were the same, then that makes it easy to "guess" once your PC password(s) are known. So, good security tip: never use the same password for important services!

I would certainly follow Budfred's advice and post HijackThis logs from both Windows PCs in the Malware Removal forum. It's possible that you have a trojan of some sort installed that's designed to capture passwords, or even the registry files needed. I would also say, however, that this sounds like a targeted attack; the perpetrator sounds like he/she knows about your character's worth and holdings, and wanted a piece for him/herself. I wonder, if you still have access to the character(s) in question, are there logs of transactions available that might help track this down and get the culprit suspended from the game?

#6 Arwen

Arwen

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 30 May 2007 - 02:28 AM

Personally I have always used separate passwords for different types of account; I can't speak for my friend of course.
We are pretty certain that yes this was a targeted 'attack' by someone with a grudge. The admins of the game in question haven't been able to do much since the person in question was clever enough not to transfer all our stuff to him/herself. Anyway we have modified all our passwords but it remains incredible that someone should take a game so seriously that they would pull a stunt like this :blink:

I've posted my log in the Malware thread as suggested.
Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button