can we have a statement on risk to our computers?

[Nails]

is there much more risk to our computers and accts from exposure to whatever was happening here.

I never got a message like some others did but i really would like to understand what is meant by if you think yo are at risk seek additional assistance. AS in beyond our virus scanners and firewalls?

If so were do we go to do that?

Just a general sticky or posting would be really supportive to those like myself that are concerned.

 

[Petra Fyde]

I'll ask for a statement from those who understand the techie stuff.
All I can tell you is, not one single member of staff got any infection, not even those who went surfing the boards with old, unprotected pcs deliberately trying to get an infection for checking.

 

[Nails]

I'll ask for a statement from those who understand the techie stuff.
All I can tell you is, not one single member of staff got any infection, not even those who went surfing the boards with old, unprotected pcs deliberately trying to get an infection for checking.

thank you for taking the time to help; much appreciated.

 

[kelmo]

I just wish to echo Petra's reply. I have scanned thoroughly and often. Just cookies.

 

[George]

Hi guys,

I spoke with Petra and Ilysess and wrote an official reply to this concern

See
http://stratics.com/stories/stratics-infecting-computers

I hope this explains the rumors.

 

[kelmo]

I did get banned for a second... *glares at George*

 

[Tinsil]

I'll ask for a statement from those who understand the techie stuff.
All I can tell you is, not one single member of staff got any infection, not even those who went surfing the boards with old, unprotected pcs deliberately trying to get an infection for checking.

Well that makes me feel a lot better about the virus I got from here.

I haven't been virused in a looong time -- about 1 and a half years. I also heard from a few other people they got the same thing.

Program was called xxvseydtssd.

 

[kelmo]

A lot of us tried to get these "virus". I got a false report... once. If you have more please pass that information on as requested. It would help.

 

[Tinsil]

A lot of us tried to get these "virus". I got a false report... once. If you have more please pass that information on as requested. It would help.

Just did. PMed George. I strongly doubt its any coincedence that it was the same, first night that all this happened that it showed up. Hadn't done anything else remotely risky besides go here.

 

[Ilysess]

Thank you Tinsil, we do definitely recognize there are reports coming in from different situations and in order to deal with them appropriately we need all the details available.

 

[kelmo]

*nods* Thank you, Tinsil.

 

[George]

Tinsil, thank you for the PM. I replied.

My biggest concern is that Googling for the virus you got "xxvseydtssd" returns 0 results!

Are you sure it is spelled correctly?

 

[bumblefutz]

Run Firefox with the NoScript, AdBlock, and FlashBlock add-ons and you're proof against 99% of the generic bullcrap malware floating around.

 

[Storm]

http://stratics.com/stories/stratics-infecting-computers?

 

[Tinsil]

*nods* Thank you, Tinsil.

PMed again, and yes.

 

[Taylor]

Throughout the fiasco, I constantly clicked through the warnings on Chrome while searching/reading forums. No viruses here and no ad blocker used.

 

[Flutter]

I can assure you that I did indeed get two trojans from Stratics forums.
I do not know what time it occurred but looking at my scan history I have a completed scan at 6:54

Which came up clear as you see:
"Scheduled scan";"5/27/2010, 6:30 AM";"5/27/2010, 6:54 AM";"0/0";"0/0";"0/0";"0/0";""


I logged into the stratics forums and UO. I had stratics forums minimized in my browzer while I played UO. Checking back every so often between then and 3PM my time when we got notice the shards were going to come down.

It was at that time I found out about the Stratics hacking and ran an scan on my computer which found 60 spyware notices and 2 trojans:

"Scan whole computer";"5/27/2010, 3:29 PM";"5/27/2010, 4:01 PM";"2/2";"0/0";"60/60";"0/0";""


Both read as:
"Trojan horse Java/Downloader.P";"Moved to Virus Vault"


I have no reason to lie about this.

 

[Petra Fyde]

Thank you, I'm sure George will look into it.
All I could do in my inexpert way was google it. There weren't many entries for it by itself. Those few got it from a spoof Java install/update, but I guess these things mutate.

 

[Alvinho]

Hi guys,

I spoke with Petra and Ilysess and wrote an official reply to this concern

See
http://stratics.com/stories/stratics-infecting-computers

I hope this explains the rumors.

I just find it completely coincidental that i got the e-mails from the phishing attempts from "blizzard" and "NC Soft" i have accounts on both games, that have been inactive for at least 2 years or more, and did not reply however stratics is the only e-mail that is tied to that e-mail account, my gaming accounts are tied to different e-mail accounts, Very coincidental how i got e-mails phishing attempts on my stratics only e-mail, I am not making any accusations whatsoever i am just a bit concerned how the e-mail tied to only stratics got the e-mails phishing for Blizzard and NC Soft.

 

[Morgana LeFay (PoV)]

It is painfully obvious that Statics was compromised. Instead of making excuses, the Stratics team needs to rectify, then apologize. Period.

I love this site, I post here a lot, but if these sorts of incidents continue, I will move on...and so will many others.

Just deal with the issues at hand, stop denying it, and move on. Got it?

 

[Petra Fyde]

I think we've all had those, there were reports on the boards long before this happened.
I've a feeling they have some kind of program that can send to *.hotmail.com *.yahoo.com and other popular addresses. Where else you use the address would, in that case, be totally irrelevant.

 

[Petra Fyde]

Excuses? Where? We have explained as fully as we can what happened. When I say 'no staff member got an infection' that is the absolute truth. I don't lie. The problem is fixed.
And yes, there are coincidences that have happened. There's also some deliberate misinformation been put out. I'd love to know the source of that.

 

[Archie]

It is painfully obvious that Statics was compromised. Instead of making excuses, the Stratics team needs to rectify, then apologize. Period.

I love this site, I post here a lot, but if these sorts of incidents continue, I will move on...and so will many others.

Just deal with the issues at hand, stop denying it, and move on. Got it?

Yes, they were, and apparently the Stratics people in this thread aren't qualified to speak about the nature of the threat, which was real.

HTML/Infected.WebPage.Gen real, to be precise.

 

[Farsight]

Contrary to official reports,

The risk is greater than zero, so clear your cache, run your virus scan and play it safe.

If you haven't done at least that much, you are putting yourself at greater risk.

 

[wee papa smurf]

As i stated in another post i got the anti-spyware soft virus the other night, and all i did that night was play uo, check my emails (never opened any) and read stratics, also had icq running, but as ive said i dont know where it came from, my avg or spybot never puck it up till it was too late

 

[lucksi2]

They also say that the database was not affected.
I.e. the emails not taken and such.

To me that sounds like a lie, simple as that.

If not, then why were so many people banned or unable to post?
Why is my main account still unable to post, PM, see attachments or even use the friggin "contact us" page because I don´t have the privileges to do so?

 

[Petra Fyde]

Some people will see lies and coverup no matter how honest and open we are. The bans were caused by stuff needing to be re-synchronised after the clean up. Even the mods and admins were banned at that point.

If you let me have your usual user name - by pm if you can or email to [email protected] if you can't I'll look into it right now.

 

[MalagAste]

I just find it completely coincidental that i got the e-mails from the phishing attempts from "blizzard" and "NC Soft" i have accounts on both games, that have been inactive for at least 2 years or more, and did not reply however stratics is the only e-mail that is tied to that e-mail account, my gaming accounts are tied to different e-mail accounts, Very coincidental how i got e-mails phishing attempts on my stratics only e-mail, I am not making any accusations whatsoever i am just a bit concerned how the e-mail tied to only stratics got the e-mails phishing for Blizzard and NC Soft.

I've been getting those for weeks ...... but I don't have any of those accounts ..... the only Blizzard account I made ever was a free trial..... of which I used a whole 2 hours... so I think that crap just goes to every email they can get their hands on, in hopes someone would be dumb enough to click their links. As for getting a virus from here I run firefox with ad block and no script... ran several virus scans since haven't found anything.

 

[Alvinho]

I think we've all had those, there were reports on the boards long before this happened.
I've a feeling they have some kind of program that can send to *.hotmail.com *.yahoo.com and other popular addresses. Where else you use the address would, in that case, be totally irrelevant.

you see there in lies a problem i don 't have a .yahoo, .hotmail accounts, i have a similar pop3 as you have to [email protected] , however mine is not @stratics it is @ somethingelse im not divulging atm i have my own exchange addressee, and stratics account the only on that uses one of my @somethingelse address not even my game accounts use that addressee got the phishing e-mails, and yes it was before the obvious breech in this server, the only way it that e-mail address could have been sent to was from access to the stratics database nowhere else on the web have i used the addressee to receive anything. There have been ads going back a long way that showed as viruses and it could have been anytime from the first advertisement that poped positive, not necessarily this last attack the proverbial stuff has happened to hit the ceiling coinciding with this last breech of stratics but it was not the first time stratics was compromised.

 

[Harlequin]

They also say that the database was not affected.
I.e. the emails not taken and such.

To me that sounds like a lie, simple as that.

If not, then why were so many people banned or unable to post?
Why is my main account still unable to post, PM, see attachments or even use the friggin "contact us" page because I don´t have the privileges to do so?

The initial mass "permanently banned" issue was due to a human mistake while they were resolving the problem -

http://stratics.com/stories/stratics-back-normal

"You are banned permanently" was shown to everyone for 20 minutes a few hours ago - that was my fault. While cleaning the database tables, I forgot to re-sync the cache tables and vBulletin displayed that message.

If your account is still getting the banned message, it is possible that some accounts were missed or that there is some data corruption. The admins will need to check. PM George using your new alt to bring it to his attention.



I have a few concerns regarding this statement here:
http://stratics.com/stories/stratics-infecting-computers

Some also speculated that the hacker got a copy of our email database. This is false. We monitor traffic with server logs and there were no downloads from unknown parties, only the SQL injections that added iframes throughout Stratics.

What constitute as unknown parties in this case? Does that mean there are downloads from known parties?

Were the SQL injections done from an unknown party? You are able to get the source IP I'm guessing?

Also, I presume the server logs you are referring to is separate from the compromised database server and there's no indication that it has been tampered with?

Have you confirmed that it's due to an backdoor, drupal vulnerability or hacked admin account?

It is for these reasons that we are confident stating there were no trojans or any other form of virus located on the site that were able to infect any system running updated software.

I know you are trying to cover your bases here...but the way you put it, it means folks running less updated software could be infected by malware from the site.
(a whois indicates that the IP is registered to a German address, but owner name could be fake "Wendy Webb").

 

[Harlequin]

BTW, it might be a good idea to create an announcement (or at least sticky a post) that links to George's statement.

 

[Petra Fyde]

Alvinho, please check your personal details in your user cp. I think you are mistaken in what you have just claimed.

Harlequin, I'll make a sticky. The rest of your question will need a response I'm not qualified to give.

 

[Llewen]

For what it's worth, I've gotten phishing emails related to MMO's long before this incident on Stratics. I have no idea how many I have gotten because they go straight to my junk folder, but I know Stratics had nothing to do with them.

And if anyone got infected because they haven't kept Windows and IE up to date, well, I'm afraid you have to take some responsibility for that. There really isn't much of an excuse for not being up to date these days, and most of the threats that you see on the internet exploit vulnerabilities that have been fixed long ago. My guess is that is the case with these as well.

And if you are still running Windows 9x/Me, well I'm afraid it is long past time when those operating systems should have been ditched. Windows 7 will run on pretty old machines, and if money is an issue, Linux is a good option, and both the classic and the enhanced clients will run on Linux with WINE, including UOA.

 

[DevilsOwn]

I've been getting the mails from NCSoft for months now, and anything that has another game in the title doesn't even get opened, no matter how threatening the title line reads, cause I don't play the other games........ if you *do* play the other games, then wouldn't they have a notice of anything important on their websites?

 

[ingsmsico]

And if you are still running Windows 9x/Me, well I'm afraid it is long past time when those operating systems should have been ditched. Windows 7 will run on pretty old machines, and if money is an issue, Linux is a good option, and both the classic and the enhanced clients will run on Linux with WINE, including UOA.

Windows 7 will not run on a PC designed to run Windows 9x

for any computer with less than 2 GB ram just run XP

 

[Llewen]

Windows 7 will not run on a PC designed to run Windows 9x

for any computer with less than 2 GB ram just run XP

Windows 7 will run on some pretty old hardware. A P I or P II like that guy would probably not produce great results, but from everything I've heard it will run just fine on a P III.

And if you are going to upgrade your OS, unless you are running truly ancient hardware, I'd definitely recommend Windows 7 ahead of XP. I'd also recommend a Linux distro ahead of XP.

Put it to you this way. You could probably buy a used computer that would easily run Windows 7 for under $100. But if you are going to be spending $100+ on an OS, and $100 on a used computer, you might as well save up a little bit more and get a low end new computer that will include Win 7.

The whole point being that you shouldn't be running an OS that is no longer supported, and XP is almost ten years old, and it probably isn't going to be supported for too many more years, so if you are going to be upgrading your OS to another Windows OS, you should be upgrading it to Windows 7. And Windows 7 will run on just about anything that Windows XP will.

 

[Archie]

For what it's worth, I've gotten phishing emails related to MMO's long before this incident on Stratics. I have no idea how many I have gotten because they go straight to my junk folder, but I know Stratics had nothing to do with them.

And if anyone got infected because they haven't kept Windows and IE up to date, well, I'm afraid you have to take some responsibility for that. There really isn't much of an excuse for not being up to date these days, and most of the threats that you see on the internet exploit vulnerabilities that have been fixed long ago. My guess is that is the case with these as well.

And if you are still running Windows 9x/Me, well I'm afraid it is long past time when those operating systems should have been ditched. Windows 7 will run on pretty old machines, and if money is an issue, Linux is a good option, and both the classic and the enhanced clients will run on Linux with WINE, including UOA.

Yes, everyone is responsible for maintaining security on their own computer.

No, this post is not acceptable.
http://vboards.stratics.com/showthread.php?t=211041

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

 

[Llewen]

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

Well I'm afraid I'd have to agree with that.

 

[Taylor]

George posted his Skype info. If you feel that your computer was compromised, I hope you'll give him a call. Turns out, he's pretty smart when it comes to this computer stuff and I've been told he's a pretty nice guy.

 

[JC the Builder]

When I say 'no staff member got an infection' that is the absolute truth.

There are thousands of computer configurations. A couple Stratics staff not being affected means nothing. People are posting they were infected from the Stratics attack. The announcements that Stratics did not distribute any malware is ridiculous. It is even worse to place the blame on people affected for not being able to block it.

 

[Storm]

There were more than a "couple staff members" and we were not only running with 0 protection we were actively seeking to get infected!
With that said anything is possible!
and any of the other gaming sites Could possible carry viruses or be hacked nothing is 100% !
and if you are told different you are being lied to !

 

[RawHeadRex]

As i stated in another post i got the anti-spyware soft virus the other night, and all i did that night was play uo, check my emails (never opened any) and read stratics, also had icq running, but as ive said i dont know where it came from, my avg or spybot never puck it up till it was too late

this is why avg blows, sorry this happened to you wee papa smurf.
quickest way to clean this drive is to take it out and put it as a secondary drive in another computer and scan it that way. you can clean it manually but it's just annoying and time consuming. windows anti-spyware has a few variations and the latest is a real pain to clean manually.

 

[Beer_Cayse]

I'm not staff, but bypassed the Firefox warning several times and did scans afterward ... no signs of anything nasty - at home or the office.

 

[Flutter]

I'm not staff, but bypassed the Firefox warning several times and did scans afterward ... no signs of anything nasty - at home or the office.

I never got anything on my laptop either. Just my desktop somewhere between the hours I mentioned.

 

[Mapper]

I'm not staff, but bypassed the Firefox warning several times and did scans afterward ... no signs of anything nasty - at home or the office.

Same here, On both XP and Windows 7 machines.

 

[Lord Chaos]

you see there in lies a problem i don 't have a .yahoo, .hotmail accounts, i have a similar pop3 as you have to [email protected] , however mine is not @stratics it is @ somethingelse im not divulging atm i have my own exchange addressee, and stratics account the only on that uses one of my @somethingelse address not even my game accounts use that addressee got the phishing e-mails, and yes it was before the obvious breech in this server, the only way it that e-mail address could have been sent to was from access to the stratics database nowhere else on the web have i used the addressee to receive anything. There have been ads going back a long way that showed as viruses and it could have been anytime from the first advertisement that poped positive, not necessarily this last attack the proverbial stuff has happened to hit the ceiling coinciding with this last breech of stratics but it was not the first time stratics was compromised.

It could also simply have been fished out from your mail servers, which often happens.

I got no bad emails after the attack on Stratics, nor did I get any infections. Despite having dozens of tab pages open og clicking through tons of pages during the attack.

 

[Lord Chaos]

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

That wouldn't have helped anything.

While yes, its partially Stratics fault, its a blame that lie with people far in the past that aren't even here anymore and haven't been in a long time

 

[Major Miner II]

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

That wouldn't have helped anything.

While yes, its partially Stratics fault, its a blame that lie with people far in the past that aren't even here anymore and haven't been in a long time

Wait. Not turning off the boards during the attack yesterday was the fault of people who left a long time ago?

Seriously?

I've run enough vBulletin sites to know, it's one click.

rolleyes:

 

[ingsmsico]

Wait. Not turning off the boards during the attack yesterday was the fault of people who left a long time ago?

Seriously?

I've run enough vBulletin sites to know, it's one click.

rolleyes:

dude, browers have vulnerabilities.

if someone is successful at distributing a new version of a virus, there's not much that can be done.

http://www.mozilla.org/security/known-vulnerabilities/

 

[kelmo]

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

That wouldn't have helped anything.

While yes, its partially Stratics fault, its a blame that lie with people far in the past that aren't even here anymore and haven't been in a long time

Stratics was compromised, it was a real security threat, and I think the site should have been taken down and the stratics.com domain redirected to a "Down for maintenance" page, or something similar. That would have been the respectful and secure way to handle it, instead of leaving people open to attack and then downplaying the nature of the actual threat.

That wouldn't have helped anything.

Take your agenda elsewhere.
While yes, its partially Stratics fault, its a blame that lie with people far in the past that aren't even here anymore and haven't been in a long time

Wait. Not turning off the boards during the attack yesterday was the fault of people who left a long time ago?

Seriously?

I've run enough vBulletin sites to know, it's one click.

rolleyes:

Take your agenda elsewhere, folks.