Sign In
Register
Help
QUOTE
22nd April 2005 - Warning Fansite users hijacked
Warning: fansite users getting hijacked
It has come to our attention that several users of a large RuneScape fansite have recently had their RuneScape password stolen. The fansite is an independent website, and isn't run by us or affiliated with us, but many of our users do choose to use it.
We don't know for sure, and we are basically trying to work this out from the pattern of attack, but it seems quite likely this was done by posting malicious content or images on the forums of the 3rd party fansite. People viewing that page then got infected with a keylogger which could be used to steal all their passwords.
I know it's hard to believe that just viewing a page on a forum could be enough to be infected with a keylogger, but there have actually historically already been a number of security flaws in the image code in web browsers which allowed exactly that!
Our own forums deliberately don't allow users to post images or html exactly because of this security risk. Lots of people complain that we don't offer this feature, but we believe security is far more important than features. Unfortunately many third party fansites aren't as secure as ours with regards to this. Indeed we've noticed the attacker spreading recent rumours to try to pursuade more people to use fan-site forums instead of ours, presumably so he can hack more people through them.
I would like to emphasize that we believe the security of our own servers and forums is in no way compromised. It appears that the accounts are being stolen not by targeting our servers, but by instead targeting the home computers of users. Possibly via fansite forums.
We have of course very thoroughly double checked our own server security as well, but can find no sign of intrusion, and the fact that the people being hijacked are users of the same fansite seems unlikely to be a coincidence.
We take our own security very seriously here, but our users still have to take good care of their own computer as well. It is essential that you are careful to keep your computer secure to prevent a keylogger being installed on it, we recommend EVERYONE pays close attention to the following advice:
1) Ensure your computer is fully patched. Go to www.windowsupdate.com and make sure you have all the latest patches for your machine and web-browser. You may have to reboot and visit the site several times to get all patches.
2) If you use Internet Explorer it might be worth considering using an alternative web-browser which historically has been less targetted by attacks, and appears to often patch such critical problems more quickly. Here at Jagex we use Firefox, because we believe it offers better security. Although even if you do this it is still VERY important to make sure you always only use the latest version of the browser. Because firefox has previously had security problems too.
3) DON'T use your password anywhere except runescape.com. It is very important NOT to use the same password for RuneScape and other websites.
4) DON'T believe that just having anti-virus software instantly makes you 100% immune. It doesn't. There are many less common threats and attacks which you will still not be protected from. Anti-virus software helps, and is worth having, but it doesn't mean you can ignore all other security advice!
Unfortunately if you've already been infected then this particular keylogger doesn't appear to be picked up by anti-virus software yet, and the only sure way to get rid of it is a total reformat and reinstall of your computer (which should only be done by a professional). If anybody knows an easier way to detect or get rid of it then please let us know and we'll pass the info on. Of course your best bet is to be careful and not get infected in the first place!
Warning: fansite users getting hijacked
It has come to our attention that several users of a large RuneScape fansite have recently had their RuneScape password stolen. The fansite is an independent website, and isn't run by us or affiliated with us, but many of our users do choose to use it.
We don't know for sure, and we are basically trying to work this out from the pattern of attack, but it seems quite likely this was done by posting malicious content or images on the forums of the 3rd party fansite. People viewing that page then got infected with a keylogger which could be used to steal all their passwords.
I know it's hard to believe that just viewing a page on a forum could be enough to be infected with a keylogger, but there have actually historically already been a number of security flaws in the image code in web browsers which allowed exactly that!
Our own forums deliberately don't allow users to post images or html exactly because of this security risk. Lots of people complain that we don't offer this feature, but we believe security is far more important than features. Unfortunately many third party fansites aren't as secure as ours with regards to this. Indeed we've noticed the attacker spreading recent rumours to try to pursuade more people to use fan-site forums instead of ours, presumably so he can hack more people through them.
I would like to emphasize that we believe the security of our own servers and forums is in no way compromised. It appears that the accounts are being stolen not by targeting our servers, but by instead targeting the home computers of users. Possibly via fansite forums.
We have of course very thoroughly double checked our own server security as well, but can find no sign of intrusion, and the fact that the people being hijacked are users of the same fansite seems unlikely to be a coincidence.
We take our own security very seriously here, but our users still have to take good care of their own computer as well. It is essential that you are careful to keep your computer secure to prevent a keylogger being installed on it, we recommend EVERYONE pays close attention to the following advice:
1) Ensure your computer is fully patched. Go to www.windowsupdate.com and make sure you have all the latest patches for your machine and web-browser. You may have to reboot and visit the site several times to get all patches.
2) If you use Internet Explorer it might be worth considering using an alternative web-browser which historically has been less targetted by attacks, and appears to often patch such critical problems more quickly. Here at Jagex we use Firefox, because we believe it offers better security. Although even if you do this it is still VERY important to make sure you always only use the latest version of the browser. Because firefox has previously had security problems too.
3) DON'T use your password anywhere except runescape.com. It is very important NOT to use the same password for RuneScape and other websites.
4) DON'T believe that just having anti-virus software instantly makes you 100% immune. It doesn't. There are many less common threats and attacks which you will still not be protected from. Anti-virus software helps, and is worth having, but it doesn't mean you can ignore all other security advice!
Unfortunately if you've already been infected then this particular keylogger doesn't appear to be picked up by anti-virus software yet, and the only sure way to get rid of it is a total reformat and reinstall of your computer (which should only be done by a professional). If anybody knows an easier way to detect or get rid of it then please let us know and we'll pass the info on. Of course your best bet is to be careful and not get infected in the first place!
(Not sure if anyone posted this yet.)
I think this may be the action taken by JaGex to kill off SS (Swiftswitch.)
-Cowboy
MultiQuote
