Warning: keyloggers active on messaging clients

Posted by Camiel jetset R. on 2010-01-31 15:35:39

Tags: keylogger, xfire, warning, irc

Dear visitors,

We would hereby like to send out an official warning to all our visitors of potential keylogging attempts through any type of messaging programs.

We have had several alarming messages about fake Clanbase links being spreaded via IRC and Xfire, using "clanbase-ggl" (DO NOT TRY) instead of the regular clanbase.ggl.com. Clicking these links have resulted in a keylogger being installed on a person's computer, stealing their cdkeys and possibly more.

We advice everyone not to click on any links of people you do not know or trust (this also goes for our website!) and to always be careful with links from people you do know.

In addition, to prevent people from being tricked into opening a fake link (like http://www.google.nl, which could refer to a different website, as you can see), advanced linking is no longer possible on this website and will simply display the actual weblink.

Share |

40 comments

#1 bRYNz 27 months ago +0 thumbs
	=/

#2 pr0phecy 27 months ago +0 thumbs
	www.tek-9.com is next

#1 da gizzor 27 months ago +0 thumbs
	lol

#2 tek9.twrs 27 months ago +0 thumbs
	Should really buy that domain up and have it forwarding to this to prevent that!

#3 tek9.jetset 27 months ago +0 thumbs
	That domain is taken, its just not in use.

#4 pp.Sentix 27 months ago +0 thumbs
	or tek9.org

#3 oxiiZ 27 months ago +0 thumbs
	sux :<

#4 'Ryann 27 months ago +0 thumbs
	I haz Kaspersky Internet Security 2010, nothing will happen :D

#5 grasher 27 months ago +0 thumbs
	Just from opening a browser it installs a key logger? wtf? As far as I know opening something let's say with FireFox, it won't let install anything unless I allow, so isn't it safe to visit the pages, just not run / install anything from it?

#1 tek9.jetset 27 months ago +0 thumbs
	If you visit the wrong site, you can get infected via a javascript keylogger. An option would be to turn off javascript (Froster gave me this link: davidhasselhoff.tek-9.org/blog/how_to_turn_off_java_applets-664.html ). The noscript firefox plugin is apparantly quite handy as well, no experience with it myself though. addons.mozilla.org/nl/firefox/addon/722 edited 2010-01-31 16:58:16

#6 Inco'MunchY 27 months ago +0 thumbs
	Ban Smithstar AKA chris-wow from tek 9.

#1 tek9.jetset 27 months ago +2 thumbs
	He has been banned already

#1 robzJE 27 months ago +0 thumbs
	+1

#7 Aerox1991 27 months ago +0 thumbs
	seriously pathetic these attempts are

#8 Shabalaba 27 months ago +0 thumbs
	How does Tek9 ban people? By username or ip or what? I mean a prime example would be erasus, he doesn't do any actual harm except troll but he makes a new account everytime the other is banned.

#1 MonstaH 27 months ago +0 thumbs
	I think he will soon have made every proxy known to man useless to come onto these forums...

#9 tek9.jetset 27 months ago +0 thumbs
	We can do both.

#10 Wardzki 27 months ago +0 thumbs
	What if you clicked one? Some1 sended me cb link on mirc for war I clicked =/

tek9.jetset

27 months ago

+0 thumbs

Before you start scanning, check your irc logs and see if the link is an actual clanbase link or the fake one.

Normal clanbase links are like: clanbase.ggl.com/, the fake clanbase link with a keylogger had a - in the middle.

Don't post the link here but just tell me if this is the case. If its the link with a keylogger, I will give you some useful links that might help.

edited 2010-01-31 18:22:37

#1 d.phantasy- 27 months ago +0 thumbs
	what would these tools be?

tek9.jetset

27 months ago

+0 thumbs

I would probably try the things I currently have on my pc:
- Kaspersky 2010 Full Scan
- Hitman Pro 3.5
- Malwarebytes Antimalware
- SuperAntiSpyware
- HijackThis
- Spybot Search & Destroy
- CCleaner

Not an expert of course, so maybe some more knowledgeable people could give their thoughts.

Froster thought the keylogger stole the cdkey and then completely removed itself. I don't have any proof of this myself though, so I can't guarantee it.

#1 MonstaH 27 months ago +0 thumbs
	Since this is just a script kiddie these tools should do. Especially HijackThis is helpful for analyzing your system if you know how to read the logs (or know someone who does). If he was able to pull off something nastier like MBR based rootkits, I might have more tools at hand :) Regarding the "self destruction" thing, I also think this one is more of a data miner than an actual keylogger.

#11 sushi / jebus 27 months ago +0 thumbs
	how old is smith star / chris wow?

#12 aaaroth 27 months ago +0 thumbs
	someone on alexzans xfire gave me this link too, they were doing it early all this morning at like 10am too

#1 da gizzor 27 months ago +0 thumbs
	Got a msg from him at ~7am CET this morning.

#13 Regez murky 27 months ago +0 thumbs
	BITDEFENDER FFS :p criswOw got multiacount on this

#14 tek9.jetset 27 months ago +0 thumbs
	In addition, to prevent people from being tricked into opening a fake link (like www.google.nl, which could refer to a different website), advanced linking is no longer possible on this website and will simply display the actual weblink.

#15 ravjeh 27 months ago +0 thumbs
	nice

#16 [R]TV lolEEEk 27 months ago +0 thumbs
	It isn't probably the right place to ask, but what happened with the "hot girls" topic :(?

#17 MoOLaKA 27 months ago +0 thumbs
	How stupid do you have to be to click on websites you dont know

#18 #excn adameh3 27 months ago +0 thumbs
	i knowwho it is its DoobZ cuz hes a fucking dick he got klogged now ehs doing it 2 every1else!

#19 sushi / jebus 27 months ago +0 thumbs
	This comment has been deleted due to inappropriate content.

#1 deezNN_ 27 months ago +0 thumbs
	keylogger ffs ^

#2 »ION«JiMmY-ION 27 months ago +0 thumbs
	please dont try to be funny

#1 sushi / jebus 26 months ago +0 thumbs
	what? it tested what you said you had fixed, linkning the text" "google" to tinypic. , and it changed to the tinypic andress like it's supposed to. i didn't try to be funny..

#20 nospang twyz1nz 27 months ago +0 thumbs
	im not gonna press any link in my life anymore

#21 .vixxen 27 months ago +0 thumbs
	Prolly a daft question, but i have no idea... Is it still possible to do it through a site that does URL shortening?

#22 ddstr 27 months ago +0 thumbs
	we need to do something tho against these dirty cunts,sorry for my language. edited 2010-02-01 05:42:15

#23 WWF tomzz 27 months ago +0 thumbs
	so u click it ur fucked?

#24 siLjo 26 months ago +0 thumbs
	mysql injectors...after opening that link cookie will be stored "deep" at your system and it will steal your key via this path: HKEY_LOCAL_MACHINE\SOFTWARE\Activision\Call of Duty 4\codkey Owner of keystealer will recive a .txt file at his ftp or mail with your key. edited 2010-02-01 19:40:58

Please login or register to post comments.

Recent Headlines

AMD Heaven GamExperience Sign-ups Open	20
Aren4 To Launch In 8 Days	19
AMD Heaven Game Experience In London	14
TEK-9 Website Downtime Explained	69
A Reminder of Forum Rules	58
Alienware Backpacking Challenge 2011 Review	4
Western Wolves Sit Down With Bcrbo	28
TEK9 Wishes You A Merry Christmas!	40
article: Bcrbo Reviews ZOWIE EC1 & G-TF Speed	34
ROCCAT WTF! World Tour Launched	7
Alienware With Christmas Products	4
What is Rize Nexus?	14
Kick Energy With Facebook Competition	6
Looking for Designer Talent	42
Alienware Backpacking Challenge 2011: Vote Winner	5
TwitchTV Expand In Europe With 2GD & djWHEAT	11
Gamers Portal Arrange For BF3 Round Table	10
TEK9 Looking For 2 To 4 News writers	29
TEK9 Says Goodbye To jetset	98
A Reminder of Forum Rules	42
Alienware Backpacking Challenge 2011 - The Winner	3
Gamers Portal With Further Updates	7
Tt eSPORTS Start "Gives Back To Community"	52
Like TEK9 on Facebook & Keep Up-2-Date
Razer Launch New Gear At Gamescom	13
ABC: Week 3 Result, Vote On Week 4!	2
Esports Heaven's First Two Years	27
ABC: Week 2 Result, Vote On Week 3	2
ABC: Week 1 Result And Week 3 Challenge	2
Alienware Backpacking Challenge: Week 1	4

LowLandLions Xfire Pro Night This Wednesday	18
Winner of the Xfire Gigabyte giveaway	38
Win a Gigabyte motherboard with Xfire	44
Xfire Live Chat with TEK9 Tonight	25
Xfire live chat event with TEK9	18
Watch out for a keylogger on TEK9*	91