Pages: 1 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 19:24:00 -
[1] - Quote
So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me.
But.
This got interesting. Look where the trojan is from (picture link): http://i.imgur.com/PjxbI.jpg
So basically... I visited some site on the EVE Online browser which had a dirty javascript blackhole that infected me. Fortunately, only bad things happen to me if and only if I go back to the site again.
But that makes things interesting because then what would happen if I did? I'm not exactly sure how the EVE Online browser works in relation to your actual system. If I visited the site again, what exactly could happen? Would my system be infected, or would they be trying to interact with the EVE Online client itself?
The way I'm viewing this is the hole in the js doesn't matter to me since it's trapped in the EVE Online cache, but a more network security savvy person (or someone who knows more about how the EVE Online cache/browser could interact with the actual system running it) could clear me up on this. I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Alice Saki
3560
|
Posted - 2012.08.23 19:36:00 -
[2] - Quote
Good Luck with that Andrew Scottish Interweb Spaceshippy Person, Very Easily Confused.
|
James 315
Caldari Provisions Caldari State
2464
|
Posted - 2012.08.23 19:36:00 -
[3] - Quote
What kind of websites were you visiting?
-+-+-+-+-+-+-+-+-+-+ MinerBumping.com -½-½-½-½-½-½-½-½-½-½The daily saga of one man's quest to bring civilization to highsec by bumping miners out of range. |
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 19:37:00 -
[4] - Quote
Alice Saki wrote:Good Luck with that Andrew
Yes, I left in my current user's name because what can you do with a first name that may or may not be mine? I left out my steam name for obvious purposes. I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 19:39:00 -
[5] - Quote
James 315 wrote:What kind of websites were you visiting?
Does anyone ever know? Everyone pops into shady websites once in a while...
(mostly 9gag/4chan and lottery sites like somerblink, but there were 2 more lottery sites being spammed in jita chat) I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
CARB0N FIBER
Derailleurs
50
|
Posted - 2012.08.23 19:47:00 -
[6] - Quote
I like cuckoldspace and xhamster |
Jim Era
Genco Fatal Ascension
1218
|
Posted - 2012.08.23 19:47:00 -
[7] - Quote
your post is invalid. I do not visit shady websites
|
Ifly Uwalk
Empire Tax Collection Agency
281
|
Posted - 2012.08.23 19:54:00 -
[8] - Quote
In Soviet Russia shady website visits you! |
Jack bubu
GK inc. Pandemic Legion
357
|
Posted - 2012.08.23 19:56:00 -
[9] - Quote
i allways thought that jscript and flash are disabled for this very reason in the ingame browser.. |
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 19:58:00 -
[10] - Quote
Jack bubu wrote:i allways thought that jscript and flash are disabled for this very reason in the ingame browser..
I know Flash is disabled but I think javascript is enabled. Even if someone confirms it is disabled - it has to be enabled for this thing to occur. I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
|
Sturmwolke
253
|
Posted - 2012.08.23 20:42:00 -
[11] - Quote
Lookup http://wiki.eveonline.com/en/wiki/Category:In-game_Browser for some info titbits.
Personally, I never set any website as trustworthy for the IGB (which grants intel), nor actively use the IGB for browsing or opening weblinks from ingame chats. I'm usually very selective on the websites which I use the IGB for.
|
Ginger Barbarella
State War Academy Caldari State
78
|
Posted - 2012.08.23 21:40:00 -
[12] - Quote
Private Pineapple wrote:So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me.
You probably got it from clicking a link to a web page from 4Chan. |
Nagamor
Pariah Army
4
|
Posted - 2012.08.23 21:51:00 -
[13] - Quote
Word of Advice from an IT Guy. Get better antivirus. |
Splodger
Ausbruch Outbreak.
27
|
Posted - 2012.08.23 21:57:00 -
[14] - Quote
i think the trojan may have cleaned your desktop, jesus only the recycling bin on there! |
Tippia
Sunshine and Lollipops
9220
|
Posted - 2012.08.23 22:04:00 -
[15] - Quote
Splodger wrote:i think the trojan may have cleaned your desktop, jesus only the recycling bin on there! It's quite unsightly, I agree. You really should remove the recycling bin as well and have a proper desktop. GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥
CONCORD spawns: quick enough to save you?
|
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 22:15:00 -
[16] - Quote
Ginger Barbarella wrote:Private Pineapple wrote:So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me. You probably got it from clicking a link to a web page from 4Chan.
You can't "click" a link on 4chan, hyperlinking is disabled and you can only have hyperlinking on 4chan via an extension on a browser which is not possible on the EVE Online browser. Furthermore, why would I visit any links on 4chan that weren't obvious such as facebook, youtube, etc links? Any intellectual user on 4chan does not visit any untrusty looking links.
Nagamor wrote:Word of Advice from an IT Guy. Get better antivirus.
The best antivirus is common sense and I rarely get infected anyways as I visit the same sites over and over. MSE is very lightweight and automatically scans any files that come into my system.
I am an "IT Guy" as well (just not network security) and I prefer using MSE as an "automatic antivirus" if you will. If I really need to know if my system is infected I use the more powerful malware tools such as MBAM, HJT, etc...
Splodger wrote:i think the trojan may have cleaned your desktop, jesus only the recycling bin on there!
Most of my icons are in that folder next to the Start Menu button. I don't like icons cluttering up my desktop...
Tippia wrote:It's quite unsightly, I agree. You really should remove the recycling bin as well and have a proper desktop.
It's quite a hassle as I often have deleted items in my Recycle Bin. I do know how to toggle it off but I am too lazy to do some sort of a routine "empty Recycle bin" once in a while. I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 22:22:00 -
[17] - Quote
To reiterate, no one has answered my question, which is outlined below:
If you visit a webpage in the IGB (in-game browser) that would otherwise infect you if you were using your regular browser outside of the game, what would happen?
Does your system get infected, or does the virus attempt to infect the EVE Online client to no avail?
Either way if you do get some sort of malware on your computer that is only found in the EVE Online cache, what exactly does that mean? Is it stuck/isolated to the cache itself and is only active when the EVE Online Client is running?
The questions particular to my incident are relevant as well:
If you visit a webpage in the IGB (in-game browser) that injects the trojan in the OP which scans for vulnerabilities, is it scanning the vulnerabilities of your system or the EVE Online client? I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.23 22:22:00 -
[18] - Quote
double post* I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Tiger Would
EoE-Group
1465
|
Posted - 2012.08.23 22:28:00 -
[19] - Quote
3/10 for effort and "photoshop" Once you think you have it all, you-áhave actually become-áignorant towards everything else.
T. Would |
Adalun Dey
Royal Amarr Institute Amarr Empire
45
|
Posted - 2012.08.23 23:00:00 -
[20] - Quote
Is this a viral ad for a competing fantasy mmo? " Take my love, take my land, take me where I can not stand, I don't care, I'm still free. You can't take the sky from me. "
|
|
James 315
Caldari Provisions Caldari State
2469
|
Posted - 2012.08.24 00:05:00 -
[21] - Quote
Private Pineapple wrote:James 315 wrote:What kind of websites were you visiting? Does anyone ever know? Everyone pops into shady websites once in a while... (mostly 9gag/4chan and lottery sites like somerblink, but there were 2 more lottery sites being spammed in jita chat) 9gag? TEST will have your head for that!
-+-+-+-+-+-+-+-+-+-+ MinerBumping.com -½-½-½-½-½-½-½-½-½-½The daily saga of one man's quest to bring civilization to highsec by bumping miners out of range. |
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.24 00:39:00 -
[22] - Quote
James 315 wrote:Private Pineapple wrote:James 315 wrote:What kind of websites were you visiting? Does anyone ever know? Everyone pops into shady websites once in a while... (mostly 9gag/4chan and lottery sites like somerblink, but there were 2 more lottery sites being spammed in jita chat) 9gag? TEST will have your head for that!
Too bad I'm not in TEST. Though they do look like cool people, I've refrained trying to join TEST/Goons since I will be playing GW2 competitively as I used to in the original GW. It's just not respectful to join a large corporation while saying "hey guys in a month i wont be serious about eve for a while". I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Webvan
State War Academy Caldari State
22
|
Posted - 2012.08.24 02:20:00 -
[23] - Quote
Private Pineapple wrote:To reiterate, no one has answered my question, which is outlined below:
If you visit a webpage in the IGB (in-game browser) that would otherwise infect you if you were using your regular browser outside of the game, what would happen?
Does your system get infected, or does the virus attempt to infect the EVE Online client to no avail?
Either way if you do get some sort of malware on your computer that is only found in the EVE Online cache, what exactly does that mean? Is it stuck/isolated to the cache itself and is only active when the EVE Online Client is running?
The questions particular to my incident are relevant as well:
If you visit a webpage in the IGB (in-game browser) that injects the trojan in the OP which scans for vulnerabilities, is it scanning the vulnerabilities of your system or the EVE Online client?
I think the answers to such questions could be educational to everyone who reads this thread, including CCP. I'm sure their security guys will get a kick out of this. scanning your port or ports for access vulnerabilities. Firewall = on. EVE connects through a port. Your web browser connects through a port. Doesn't matter the port, just the software accessing it. Game browser is a browser, same as the next, just coded with the game client. If it has vulnerabilities then it shouldn't be any different than having your regular browser compromised, gaining access through your port to the system. You don't use a game browser to browse, only visit very trusted sites ...and even those can be iffy if they get compromised such as through ad banners or whatnot. |
Private Pineapple
Rifterlings Ushra'Khan
297
|
Posted - 2012.08.24 15:08:00 -
[24] - Quote
Webvan wrote:Private Pineapple wrote:To reiterate, no one has answered my question, which is outlined below:
If you visit a webpage in the IGB (in-game browser) that would otherwise infect you if you were using your regular browser outside of the game, what would happen?
Does your system get infected, or does the virus attempt to infect the EVE Online client to no avail?
Either way if you do get some sort of malware on your computer that is only found in the EVE Online cache, what exactly does that mean? Is it stuck/isolated to the cache itself and is only active when the EVE Online Client is running?
The questions particular to my incident are relevant as well:
If you visit a webpage in the IGB (in-game browser) that injects the trojan in the OP which scans for vulnerabilities, is it scanning the vulnerabilities of your system or the EVE Online client?
I think the answers to such questions could be educational to everyone who reads this thread, including CCP. I'm sure their security guys will get a kick out of this. scanning your port or ports for access vulnerabilities. Firewall = on. EVE connects through a port. Your web browser connects through a port. Doesn't matter the port, just the software accessing it. Game browser is a browser, same as the next, just coded with the game client, runs in memory. If it has vulnerabilities then it shouldn't be any different than having your regular browser compromised, gaining access through your port to the system. You don't use a game browser to browse, only visit very trusted sites ...and even those can be iffy if they get compromised such as through ad banners or whatnot.
Mmk I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
Gerald Taric
87
|
Posted - 2012.08.24 15:43:00 -
[25] - Quote
Nagamor wrote:Word of Advice from an IT Guy. Get better antivirus. Word from another IT-Guy: Disable JavaScript wherever possible! An Antivirus scanner alway lies behind the current developement state of viruses.
Yesterday i got a JS-Trojan Warning from Kaspersky Antivirus by just visiting a battleclinic site. Luckily JS was disabled in my browser.
With JavaScript very much nice things can be established, but it's also a huge security issue. Everytime, everywhere. |
oldbutfeelingyoung
Perkone Caldari State
676
|
Posted - 2012.08.24 18:03:00 -
[26] - Quote
Private Pineapple wrote:So I was just doing my dail... monthly virus scan and surprise surprise I had a trojan on my computer. I was anxious to see what it was since I've never been infected with anything that actually did something to me yet. I was sad to find out that this was yet again another threat that doesn't actually threat me. But. This got interesting. Look where the trojan is from (picture link): http://i.imgur.com/PjxbI.jpgSo basically... I visited some site on the EVE Online browser which had a dirty javascript blackhole that infected me. Fortunately, only bad things happen to me if and only if I go back to the site again. But that makes things interesting because then what would happen if I did? I'm not exactly sure how the EVE Online browser works in relation to your actual system. If I visited the site again, what exactly could happen? Would my system be infected, or would they be trying to interact with the EVE Online client itself? The way I'm viewing this is the hole in the js doesn't matter to me since it's trapped in the EVE Online cache, but a more network security savvy person (or someone who knows more about how the EVE Online cache/browser could interact with the actual system running it) could clear me up on this. EDIT: I'm wrong. The blackhole in the javascript is supposed to open up a gateway in any one or more vulnerabilities my computer may have due to installed software which allows an attacker to get into my computer. However my general question still stands, does this even work through the EVE Online cache? I'm not quite sure if they were viewing the vulnerabilities of the EVE Online client or my computer.
they can,t make you walk in stations in a game engine ,they invented themselves . whats making you think they can change the in game browser If Dust has social areas ,then vanishing the blog is not an CCP decision ,but an all exclusive Sony decision |
Kilastria Mog'oran
Imperial Academy Amarr Empire
0
|
Posted - 2012.08.24 21:22:00 -
[27] - Quote
Private Pineapple wrote:I visited some...dirty javascript blackhole that infected me.
Try penicillin. |
Dog Biscuit
Chitlins
7
|
Posted - 2012.08.29 17:32:00 -
[28] - Quote
ISD put em there |
|
|
|
Pages: 1 :: [one page] |