Swiftkit hacked!!!!!!!!

[Oobz]

I do not know the details, but I am led to believe that swiftkit has been compromised. It is advised that you stop using it for now until the problem has been sorted out.

Edit:It may be a good idea to change your password just to be sure, as we all know Daskins was hacked yesterday and had his bank emptied. I don't know if this was related to Swiftkit.

[dev]

Thanks Oobz, I'll be using my browser until I know more

[syfyqueen]

That's why I never use programs like that nor do I go on RS high score page. The last time I did they tried to hack my entire laptop and I wasn't the only one that happened to. Just read the RS forums - it's very scary. I don't even do fb, twitter or any "social network" because of all the loser scumbags out there just waiting to ruin our lives. Now I'm scared to try to log on to my RS account and that sucks. Although most of us have pins and pw's that doesn't always protect us from (can't use the language I really want to here) if they're extremely determined. :evil:

[Sassyspikes]

Confirmed swiftkit (did not came from the IRC chatrooms), was hacked it was the browser where you launch rs with, there was some sort of Java popup what you had to click and that was the virus.So if you did use it I suppose over the last weekend its highly recommended to do a virus scan. I have to say I been using Swift since over 6 years and that is the first time that happen just like it happens with the high scores etc. Runescape forums quick code 25-26-125-63757878

[0ZZ-MAN]

THANK YOU for bringing to my attention i've used Swiftkit for 5-6 yrs i noticed yesterday it was down line this explain why. I will be running a complete virus scan and not using S/K until all is fixed BTW this is the 1st time since i've used Swiftkit anything like this has happened. AGAIN THANK-YOU VERY MUCH FOR GETTING THE NEWS OUT!

[Deep_Pain]

Just a quick bit of advice for anyone that isnt sure if they have been infected - I had a simular infection recently with a java pop up - and was "hacked" on RS.

Jagex are saying if you didnt click yes on the pop up you should be ok.. however on the exploit that got me, I clicked cancel - the java program still started loading and I still recieved a virus.

Jagex are also saying run a scan change ur password and all will be fine, they may have a little more info on this exact trojan/virus/exploit, I havent really read very far on that thread, but my Virus scanner was completely unaware on a full scan that I had a virus (or only found part of it I cant remember which) - only by running a further online scan which uses the engine of several virus scanners on the specific file I knew to be a virus did it show as a virus and then only on about 10% of the different engines it used ..

It might be an old virus, but I would suggest, especially if u clicked this pop up, to run a seperate online scan - also if it is a new virus most av's have them in updates within a few days.. so just be careful for a few days until you are entirely sure it's gone ( i asked the admins to remove my admin powers on koa - only accessed my bank thru my phone etc) It's possible that it is new and holistics wont find it.

[Sassyspikes]

found this here too http://forums.zybez.net/topic/1556987-s ... explained/

Really if the Department of Defense can be hacked lol I guess they can get into anything

[Torri]

This is related to a similar incident called 'SpyEye'. Though not RS, it happened through Facebook to a member of my family. They were given a window that looked EXACTLY like the Java updates and told they needed to update their Java. Not being internet friendly really, they clicked it. Now our spare computer (not my laptop I access everything on) has been infected and virus programs are NOT picking it up as a virus or malware; the government state this is because it is simply written as 2 lines of code and not recognized.

As of now, I have found NO way to remove this. Please watch everything you do!

[malex]

I only use facebook login since they added it.
That way I never have to write down my password.

[Rocky]

Unsure if you're infected? Read below

As a result of the fantastic work buy a number of people, we have dissected the malware that attempted to get into the computers of SwiftKit users. Here is a way to definitively check to see if you are indeed infected:

1. Open Start
2. In search, type "regedit" and hit Enter
3. Navigate to "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows" using the folder dropdowns.
4. If there is a file or entry in the Windows folder called "Adobe Drivers", than you are infected and you require removal. If it doesn't exist, you are not infected.

Removal:

1. Right-click the taskbar and select "Start task manager"
2. In the Processes tab, end any process named "winsyl.exe"
3. In the Registry Editor window you still should have open, right-click the "Adobe Drivers" folder and select Delete
4. Open Windows Explorer, enter in the URL %AppData%\Microsoft\Windows\
5. Delete the folder "Drivers"
6. As a safety measure, run a full system scan using a reputable anti-virus such as MSE.

Source: http://forums.zybez.net/topic/1556987-s ... explained/

Another important issue one should keep in mind.. is that most of those pop-ups, directing to malicious websites.. Do not have any Cancel buttons..
Just like with malicious programs, clicking either Yes or No will or might harm your computer.
Personally I always use my Task Manager to exit such kind of pop-ups.

[Torri]

Sooo...hubby and I discovered a way to rid ourselves of the SpyEye mess.

We bought a new computer! I finally gave up trying to remove it and didn't want to make things worse by doing a factory reset. We moved the old one to one of the kids rooms and set them up a 'standard' user profile (which doesn't seem to be affected even though the admin one is) so that nothing can install itself.

[Rocky]

Torri,

I assume you have also tried out various methods of removing the virus in Safe-mode?

[Dima]

Some techy notes:
Regarding the virus - it's not uncommon for your AV software to fail to detect stuff. "Virus" is a broad term. For example, the mIRC scripts me and Rissa wrote could've screwed you over exactly the same way: The moment you allow something to run on your computer as admin, you give it full control over everything. I might, instead of writing some program that runs in memory (which is one of the things the AV scans) and steals poop, make a scheduled task that sends some of your files, to some of my servers. That's a common task in Windows.
Also, the most certain way to be sure you're clean (when talking about custom-made hacks) is recovering or reinstalling Windows. Unpleasant, time consuming, but unless you have removing instructions it's the fault-proof way.

About the javascript box (is that what it is?) - it's irrelevant what you press (OK/Cancel/X button) in that pop-up box. If the script was written badly, it might wait for your click before resuming, then you might be able to save yourself by killing the browser via Task Manager. Other than that, you're just being trolled. As mentioned, your windows user probably has admin right, so programs don't need your input.

Apologies for the long post. Just lots of misinformation about security there (not that I'm an expert) and people get paranoid. You can go outside y'know. There's pigeons and clouds and stuff...

Edit:

found this here too http://forums.zybez.net/topic/1556987-s ... explained/

Really if the Department of Defense can be hacked lol I guess they can get into anything

Just read that. In shorter (but inaccurate) words, someone did a password recovery to the hosting company's account, pulled it off, then changed where www.swiftkit.net takes you.
According to the post the thieves have been pretending that they're from Swiftkit and the hosting company bought it, but they might as well be covering their own ass, having poor security questions...
The program itself it seems, wasn't affected at all and is safe to use.

[Torri]

Torri,

I assume you have also tried out various methods of removing the virus in Safe-mode?

The problem with that is that almost all of the major a-v progs don't detect it as a virus. It is simply two lines of code imbedded in millions. I'm not fond of spending hours scanning and doing a manual removal. It was worth the cost of a new computer to me not to have to do that.

[Rocky]

I can understand this can be very time-consuming and frustrating...
However, what I was aiming at, was a Windows-recovery in Safe-mode..
If you have any back-ups made, you might be able to delete the virus or them 2 lines of codes by running a Windows-recovery in safe-mode. As in Safe-mode the virus/script most likely won't load.
Unfortunately there is no guaranteed succes. But it one of the most used methods of removing a virus/bad-script and repairing windows. In most cases it is also quite simple as Windows does most of the work for you.

I can fully understand you saying; It was worth the cost of a new pc.
But it would be a waste of money if you would throw away the old one without trying out a windows recovery in safe-mode. (If you'd ask me!) =þ