Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Closed Thread
 
Thread Tools Display Modes
Old Feb 24, 2009, 01:31 PM // 13:31   #161
Jungle Guide
 
Tullzinski's Avatar
 
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
Advertisement

Disable Ads
Default

Perhaps a new method being employed by one of the Gold Sellers to obtain gold for resale? One of the recent messages on GW splash screen had a recent deletion of accounts associated with gold selling. And there has been many references of private emails for purchasing that gold/zkeys/ectos. If it is a larger outfit they would have the time/computers/manpower and motivation to undertake something like this.

If ANET was making headway, the Gold sellers may be trying to up the ante and just take stuff directly.

For people that have been affected it may not hurt to double check for downadup/conflicker virus, since it is very good at hiding itself.

http://www.guildwarsguru.com/forum/s...php?t=10351098

Key items:
Downadup can mask itself and you may not even know you are infected. Once it infiltrates your system, it will edit your Windows Registry. After this is completed, the worm begins to override your firewall settings, allowing it to download malware from any number of hosts. This malware will only increase the damage to the PC. However, the creators of Downadup have yet to activate the second stage of the worm. Once they do, Downadup will do one of two things:

1). It will retrieve all your confidential files, personal information, passwords (online banking especially), and logins and send them to any numbers of hosts.

2). It will combine your PC into its botnet and attempt to hack (by brute force) anything it is targeted to. This is the fear of the Department of Homeland Security. With the current infection rate, it has the capability of hacking some of the most important data centers in the country if given the chance and enough time.

Stage two testing perhaps? Probably a stretch, but you never know. Would explain not showing up on a scan and the possible use of brute force and retrieving logins(which are sent to any number of sources).
Tullzinski is offline  
Old Feb 24, 2009, 07:11 PM // 19:11   #162
Academy Page
 
Join Date: Oct 2007
Guild: Luck
Profession: Mo/
Default

To add to the incident count, my guildy/friend's account was hacked on the 22nd too. What's sickening about this is that I kept my 2000 ecto and 40 armbraces on his account too because we had consolidated money for a 'panda fund'. The hacker walked away with enough items to total well over 6000 ecto. And we found out that while the hacker was on his account, he asked our guild chat to borrow more armbraces for a panda and walked away with an additional armbrace from that. No viruses came up, he doesn't give out account info to anyone, etc., etc. I'm not sure if it was a coincidence that the hacker mentioned the panda since we've been looking for it or if my friend's account was targetted.

I'm not sure what you do after you lose this much money...you can't really start over and earn it back again... *sigh* I'd like to say I do appreciate the special attention anet is giving this, and my only hope is that the guy who stole everyone's money doesn't make a profit off of this.

Editted to add: 3rd party programs were never used, no visiting of forums, virus scan came up clean, no gold buying/selling, and account info was not given out. In fact, the reason we kept all of our panda money on his account and not mine is that I used texmod to map..that's how paranoid we were coming into this.

The specifics of what was stolen: over 2000 ecto, around 50 armbraces, 80k (left 20-30k), a tormented shield, salvaged 2 pairs of chaos gloves, an undedicated mini ghostly, ... I think that's it. The account was given some fruitcakes and 8 or so celerities.

Last edited by Blue Banner; Feb 24, 2009 at 07:17 PM // 19:17..
Blue Banner is offline  
Old Feb 24, 2009, 07:55 PM // 19:55   #163
Academy Page
 
Wubbies's Avatar
 
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
Default

Quote:
Originally Posted by Adult View Post
You obviously either don't understand the situation or are not willing to listen.

I logged out...30 minutes later I logged back in to find my main account in GTOB not in TOA where I left her (doing vanquishing in that area so I'm 100% sure that's where i left myself)...I checked storage...They STOLE...theft...stealing... took my stuff (got it? ok just making sure)...330+ectos...100k....q9 VS...everlasting tonic...2 zkeys...maybe something else This was done by the hacker logging in as me and trading my items to his account in place of a Grail of Might (which I never use)... So if you bothered to read any of these posts you would find the same thing happened....we are all very protective of our passwords, accounts, names, whatever...logged in in GTOB and found things missing, so please read the posts first before you QQ our QQ...kthxbai
i do understand what this thread is about. these "hackers" got your info. how it is uncertain. you ADULT can blame anet by saying a "hacker" got into anet. highly unlikely since they would know fairly quickly.

Ok so u have the best antivrus . change your password every 30 seconds..yada yada.. if a "hacker" wanted in they would find a way. You or anyone can say i dont give out out info or i dont visit this site etc.. only u really know. keep in mind "hackers" are smart so its a fact there is human error with a loop hole. Sorry i just dont buy the fact that its a "xmas miracle" that people got hacked for no possible reason, if you believe this then i recommend a great movie called "GREMLINS" by steven spielberg.

interesting how people personally attacked anet then when they offer help you act like anet is your best friend.

imo opionion it suks be be on the receiving end of these situations and this thread can go on and on about who is right about how they "hacked" or whatever doesnt solve the issue.

Fact: people got hacked for "whatever" reason
Fact: Anet is looking into it to see how and correct if on anet's end of thing
Fact: this thread has lost most of the ability to become informative info on hey i found this in my email etc.. or look at this Screen shot yada yada yada..
Possible Fact: its become the domino effect of suspisciousness when a few people claimed to be hacked then a whole mess of them claim the same thing. im sure some people got hacked but not as many as this thread suggests.
Fact: Adult please dont "poke the bear"
Fact: Most people dont understand "hackers" or how they work or how they do what the do.. it is appearant that some people in this thread know their computer shit hats off to u

Suggestion: let anet do their job , they have acknowldeged there is a problem.. let them deal with it and with all due respect i suggest to close the thread since its alot of "grasping" and finger pointing and anet has already asked those people to contact them.

Quote:
Originally Posted by Blue Banner View Post
What's sickening about this is that I kept my 2000 ecto and 40 armbraces on his account too because we had consolidated money for a 'panda fund'. The hacker walked away with enough items to total well over 6000 ecto. And we found out that while the hacker was on his account, he asked our guild chat to borrow more armbraces for a panda and walked away with an additional armbrace from that.


6000 ectos? wow thats alot.. just curious how did this hacker know about your "panda" fund and to then ask other members specificaly about that.

just curious..brave lil hacker since most of the other "hackers" came on took what they need and left and never said a word.

Again my "gremlin" theory

Last edited by Wubbies; Feb 24, 2009 at 08:03 PM // 20:03..
Wubbies is offline  
Old Feb 24, 2009, 08:01 PM // 20:01   #164
Krytan Explorer
 
Adult's Avatar
 
Join Date: Mar 2008
Location: South Texas
Guild: Paper St Fight Club [Soap]
Profession: Mo/
Default

Well, I just got off the phone with Gaile Gray. I had sent the email to the support liaison late last night so I must say I'm rather happy with the speed of the response time. She basically went over all the information I had already provided. Right now they are looking for a commonality between guru, wiki, Xunlai, and the game as far as emails and passwords all being the same.

Amongst others, my main question was if they are able to resolve the issue how does replacing the lost items work? She said that the game was built so that it is actually impossible to just create something from scratch. This is in place to prevent someone from breaking in and creating say 2000 stacks of ectos and destroying the games economy. Not a bad policy.

In the end if they are able to locate the account / accounts involved it would be exceedingly difficult to track down all the items missing as they would probably have moved on to other accounts through either RMT companies or legitimate trades with another player. Then there's the question of if my VS was traded to some guy, if they take it from him then he's also left kinda screwed. In the end I shouldn't hold my breath that anything will be returned...Back to farming I guess.
Adult is offline  
Old Feb 24, 2009, 08:10 PM // 20:10   #165
Academy Page
 
Join Date: Oct 2007
Guild: Luck
Profession: Mo/
Default

Quote:
Originally Posted by Wubbies View Post
6000 ectos? wow thats alot.. just curious how did this hacker know about your "panda" fund and to then ask other members specificaly about that.

just curious..brave lil hacker since most of the other "hackers" came on took what they need and left and never said a word.
I've posted on guru about a panda, but I believe he's only ever spammed Kamadan a few times over it. Again, we don't know if it's a coincidence (probably not), or if the person took his name from Kamadan chat (wtb panda 5000 ecto) and thought that he would make a good target (and obviously so).

And no, I don't imagine it was brave. What happens if someone figures out it was a hacker? He probably already moved what we had and what he wanted. He took an extra minute, and if someone 'caught' him - he logs out.

What I find more brave (aka stupid) is that he did this Sunday night, double HA point weekend, at like 8pm CST I think. This is an active playing time.

Quote:
Originally Posted by Wubbies View Post

Possible Fact: its become the domino effect of suspisciousness when a few people claimed to be hacked then a whole mess of them claim the same thing. im sure some people got hacked but not as many as this thread suggests.


Suggestion: let anet do their job , they have acknowldeged there is a problem.. let them deal with it and with all due respect i suggest to close the thread since its alot of "grasping" and finger pointing and anet has already asked those people to contact them.
And I feel like I should share this with the community.

Those of us who lost a lot of really hard earned items are already very frustrated and saddened by this that the last thing we need are ignorant accusations from people that we're making up stories.

We're trying to share facts of our experiences for multiple reasons: 1) awareness; (2) to find common links of things we may forget to think of as important details otherwise; (3) for understanding of what might have happened to us.
You don't like it? Don't look at it.

And I never said that 'we were hacked for no reason. In fact, I said that there is good reason to target the hacked account and how we may have even become a target. I'm not saying it can't be a keylogger or brute force; I'm not acting like our account was invincible or that we got hacked 'for no reason.' I'm sharing the facts of what risk factors were and were not involved in this as far as we are aware of them. And again, factors that were not involved were viruses that would be shown by routine virus scan, giving out account info, gold selling/buying, etc.

With Indie's observation: I should clarify what I know of our hacked account. We were playing an hour before, and an hour after. We *may* have still been logged on during that afk time. I can't remember if there was a reported 007 or not but I can update this information later. There is a good chance that there was.

Last edited by Blue Banner; Feb 24, 2009 at 08:36 PM // 20:36..
Blue Banner is offline  
Old Feb 24, 2009, 08:31 PM // 20:31   #166
Site Contributor
 
Join Date: Dec 2004
Default

Everyone seems to be missing the key point of nearly all these stories. You were all hacked within minutes to hours of signing onto your game. Some even kicked out of game while playing. Read through all the stories... it's something that keeps being reported. We have only confirmation from 2 people that they had trojans in their system. 1 of them was hacked, 1 wasn't. If the other 15+ people have scanned their systems and have anti-virus scanners in place, which could possibly suggest no keylogger since the only one reported in this thread was an old trojan and would be flagged by a current anti-virus software, then the hackers may have a way of monitoring who is in game. They are hitting active playing accounts regardless.

Quote:
  • Was playing the game a few hours ago, got disconnected in the middle of a mission and couldn't reconnect. It happens frequently. Went for dinner, came back, logged in. Instead of coming up on the character I was playing, the selection came up on my main character, who was not in Kamadan where I ALWAYS leave it, but in great temple of baltazar. Huh? Everything looked ok, but I realized after a second look that the zkeys I had on my character, maybe 40 or 50 of em, were gone and a mini whiptail devourer was there in their place.
  • What I find more brave (aka stupid) is that he did this Sunday night, double HA point weekend, at like 8pm CST I think. This is an active playing time. We just happened to not be on the game then - but we were an hour before and an hour after.
  • I went out today and logged in tonight. Everything on my characters is fine (fow warrior+tormented str shield), but on my monk, i was moved to gtob(place to pass off the stuff obviously), my brand new tormented prot staff is gone (voltaic spear is still there), and a golden rin relic is in its place? Also the inventory has been rummaged around and moved around. Finally, 100k+35ectos are gone out of my storage
  • Logged in from a error7 after maybe 20 mins to find my main in temple of balth...not toa where i left her. Missing 330 ectos.... q9 VS....2 zkeys....100ishk....everlasting autotonic.... and a grail of might was in my invo...
  • so today i went on gw and realized my main was in great temple of balthazar. cuz last time i remembered i was in kaineg helping my friend... i get on my main and see all my weapons, ectos (60), and my zkeys (100) all gone. all replaced with some stupid quest items and red iris flowers...
  • I usually keep an ID kit and Salvage kit as my first two items, but for some reason, there was a Grail of Might and 4 Armors of Salvation instead. I checked my Xunlai account. All of my money was gone. In fact, all the money on Shayne was gone. My undedicated Greased was also gone, and after looking at the situation more, I realized I was out ~192 Z-keys. Switching through my characters, nothing else seems to be out of place. Whatever unintentional changes that happened to my account occured between Saturday afternoon and Sunday night, tonight.
  • Another one here Lost about 750k few ectos, my torment shield and an everlasting searing tonic which I had bought just before I logged off.
  • I'd just like to add that the same happened to me. (Had to be between Monday 01:00 and 14:00 GMT+1) Someone traded my 75e for a Mini Windrider, nothing else is missing.
Nearly everyone of them tells us that they were active and playing when their data was compromised. Make of that what you will. They aren't going mindlessly through and testing hundreds of emails and passwords, they aren't mindlessly going through and sifting through hundreds of inactive accounts. If the majority of people can not find an infection on their system then these hackers are either getting around multiple anti-virus systems or they are monitoring the game/your client somehow. Let it speak for itself.
Inde is offline  
Old Feb 24, 2009, 08:48 PM // 20:48   #167
Grotto Attendant
 
zwei2stein's Avatar
 
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
Default

Quote:
Originally Posted by Inde View Post
If the majority of people can not find an infection on their system then these hackers are either getting around multiple anti-virus systems or they are monitoring the game/your client somehow. Let it speak for itself.
AVs are not magical. AV company must get hands on sample of new virus/trojan & analyze it to be able to detect it unless author is very stupid. And after that it still takes time for updates to propagate. All that assuming it gets noticed by them.

Besides, it does not necessarily need to be keylogger as people understand it. GW binary can be patched to also send entered password and username to attacker. Common feature of specifically targeted malware.

What is last modification date on hacked peoples gw.exe?
zwei2stein is offline  
Old Feb 24, 2009, 09:06 PM // 21:06   #168
Desert Nomad
 
Join Date: Jun 2006
Location: Look out!
Profession: E/
Default

Quote:
Originally Posted by Blue Banner View Post
I've posted on guru about a panda, but I believe he's only ever spammed Kamadan a few times over it. Again, we don't know if it's a coincidence (probably not), or if the person took his name from Kamadan chat (wtb panda 5000 ecto) and thought that he would make a good target (and obviously so).
This gave me a sudden thought - this person was looking in kamadan for a panda, so it's possible someone saw them and knew they had xxx amount of ectos for a panda ---- I had been buying zaishen keys 100k at a time for a couple weeks to turn my plats into something else, so maybe someone saw me looking to buy zaishen keys and figured I might have a whole bunch on my account. The other people who were hacked - have you been looking to buy or sell a high ticket item, especially in kamadan or gtob? Cause maybe the 'hacker' is watching the wtb/wts to target people who look like they have a bunch of stuff to steal? OR maybe if they see you in town with a ghostly/panda/greased lightning or chaos gloves or something, they're targeting that?
crazybanshee is offline  
Old Feb 24, 2009, 09:17 PM // 21:17   #169
Lion's Arch Merchant
 
Coverticus's Avatar
 
Join Date: Jan 2006
Guild: The Zodiac Elites [TZE]
Profession: Mo/
Default

Very interesting to note on how seriously ANet are taking this - the promptness and detail of phones calls be made by Gaile and co are an indication (imo) that something very serious has (or still is) transpired. Don't think we have ever experienced anything like this from them.

As for the possible cause, yes there seems to be some kinda correlation between players asking for something in chat in the likes of Kamadan and them then getting targetted. I have 2 friends that have been hit with this - both of them stating that they did hit a high-end trade recently in Kamadan (both for Tormented weapons). Someone earlier mentioned a debugger encounter, makes me wonder if the hackers (if indeed this is a case) of intercepting information. Though I will be very surprised indeed if they can link this back to being able to get UserID and Password from the game. Just my thoughts though
Coverticus is offline  
Old Feb 24, 2009, 09:22 PM // 21:22   #170
Pre-Searing Cadet
 
Join Date: Oct 2007
Default

From the GW Wiki
Quote:
Originally Posted by GW Wiki
Update - Tuesday, February 24, 2009
Bug Fixes

* Fixed a crash bug.
Giaus is offline  
Old Feb 24, 2009, 09:43 PM // 21:43   #171
Academy Page
 
Wubbies's Avatar
 
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
Default

Quote:
Originally Posted by Terra Jim View Post
Very interesting to note on how seriously ANet are taking this - the promptness and detail of phones calls be made by Gaile and co are an indication (imo) that something very serious has (or still is) transpired. Don't think we have ever experienced anything like this from them.

they probally sick of people bitching on here
Wubbies is offline  
Old Feb 24, 2009, 09:52 PM // 21:52   #172
Wilds Pathfinder
 
Coney's Avatar
 
Join Date: Aug 2008
Default

Quote:
Originally Posted by Inde View Post
Nearly everyone of them tells us that they were active and playing when their data was compromised. Make of that what you will.
Yes, excellent point! Very nearly my point:
Quote:
Originally Posted by Coney View Post
I didn't get hacked, but I wasn't logged in yesterday either...
Wonder if the following is related?
Quote:
Originally Posted by Giaus View Post
From the GW Wiki
Quote:
Originally Posted by GW Wiki
Update - Tuesday, February 24, 2009
Bug Fixes
* Fixed a crash bug.
Coney is offline  
Old Feb 24, 2009, 09:53 PM // 21:53   #173
Academy Page
 
Wubbies's Avatar
 
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
Default

Quote:
Originally Posted by Giaus View Post
From the GW Wiki Originally Posted by GW Wiki
Update - Tuesday, February 24, 2009
Bug Fixes

* Fixed a crash bug
doesnt mean gw got hacked
Wubbies is offline  
Old Feb 24, 2009, 11:07 PM // 23:07   #174
Ascalonian Squire
 
Join Date: Jan 2006
Location: Ashford
Guild: Veritas Invictus
Profession: Me/
Default

Quote:
Originally Posted by Wubbies View Post
doesnt mean gw got hacked
Doesn't it?

Care to elaborate upon this point my apathetic, astute and articulate young fellow?

-m0r
m0r1arty is offline  
Old Feb 24, 2009, 11:17 PM // 23:17   #175
Furnace Stoker
 
MisterB's Avatar
 
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
Default

Quote:
Originally Posted by m0r1arty View Post
Doesn't it?

Care to elaborate upon this point my apathetic, astute and articulate young fellow?

-m0r
That update and those notes simply suggest that a crash bug was found and corrected, not that user's accounts were compromised. Absent further evidence, it's illogical to assume the two events are anything more than a coincidence.
MisterB is offline  
Old Feb 25, 2009, 12:09 AM // 00:09   #176
Jungle Guide
 
Kamakazi112's Avatar
 
Join Date: Feb 2008
Profession: W/
Default

its not that bad....i got hacked 1750e when ectos where 6k each 5 toremnted weapons when they were 100k+100e each....and 5 mil in items and cash...i sent emails to support everyday and all i got was automated messages....got nothing back at all...my friends get hacked they lose 100k and they email support and they get their stuff back...support imo sucks
Kamakazi112 is offline  
Old Feb 25, 2009, 12:50 AM // 00:50   #177
Krytan Explorer
 
fusa's Avatar
 
Join Date: Mar 2007
Default

Quote:
Originally Posted by Kamakazi112 View Post
its not that bad....i got hacked 1750e when ectos where 6k each 5 toremnted weapons when they were 100k+100e each....and 5 mil in items and cash...i sent emails to support everyday and all i got was automated messages....got nothing back at all...my friends get hacked they lose 100k and they email support and they get their stuff back...support imo sucks

Its posts like this that makes me think most of the people saying they were hacked are just idiots who want to get back at NCSoft/Anet for whatever reason. Its impossible for your friends items to have been replaced, so your obviously attempting to spread false information.
Your computer security is your own responsibility. There's no reason why NCSoft or Anet should replace items you had stolen due to your own stupidity.
fusa is offline  
Old Feb 25, 2009, 01:01 AM // 01:01   #178
Krytan Explorer
 
Lummy's Avatar
 
Join Date: May 2007
Default

im just wondering if theres a way for anet to "restore" deleted characters
coz i know in wow theres been instances where ive had a friend who got hacked
get all his items and characters restored.
Lummy is offline  
Old Feb 25, 2009, 01:02 AM // 01:02   #179
Desert Nomad
 
Join Date: Jun 2006
Location: Look out!
Profession: E/
Default

I talked with Gaile too, it seems like they're looking at not just the possibility of people having trojans or something on their computers, but also what commonality there might be between using the same passwords for guru/gw/xunlai and maybe selling high end things on guru or spamming them in kamadan (which might make them a target for these people)

Edit- I'm not saying guru had anything to do with it, only that the thieves might be using guru and kamadan etc. to find people who seem to have money or high end items

So sounds like they might be heading in some direction but no firm ideas yet. She seemed genuinely annoyed that people would do this. And yeah, there's no way anybody can get their stuff back, they didn't write the ability into the code for gw1 (but she requested something along those lines for gw2!)

Last edited by crazybanshee; Feb 25, 2009 at 04:10 AM // 04:10..
crazybanshee is offline  
Old Feb 25, 2009, 02:58 AM // 02:58   #180
Desert Nomad
 
BrettM's Avatar
 
Join Date: Aug 2008
Guild: Fuzzy Physics Institute
Profession: E/
Default

Sounds like the perfect opportunity for ANet to set up a sting. Have an undercover GM set up an account, go into Kamadan, and spam WTB <something really expensive> for <some outrageous amount>.

Sounds like ANet is missing a good business opportunity, as well. When your car is stolen, you have car insurance to get it replaced. When some burglar cleans out your apartment, you have renter's insurance to get your stuff replaced. It doesn't matter if it happened because your security was lax; your losses (or some percentage of them) are made good. Maybe ANet should sell "character insurance". $xx gets you a guarantee of in-game-gold reimbursement for any provable losses due to hacking.
BrettM is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bot Stop! they way to stop gold spammers! bathazard Sardelac Sanitarium 22 Feb 14, 2008 09:03 AM // 09:03
WTF Hackers on GW...? sunder187 The Riverside Inn 143 Feb 12, 2008 01:05 AM // 01:05
fujin Technician's Corner 3 Nov 12, 2007 01:13 PM // 13:13
NowTumi The Riverside Inn 91 Dec 12, 2005 10:43 PM // 22:43
Hackers Canis Lupus The Riverside Inn 4 Jun 03, 2005 08:45 AM // 08:45


All times are GMT. The time now is 02:20 AM // 02:20.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("