Thetrader - keyloger and more.

[noone]

There have been some posts made on various gatewars alliances related forums by a user called: thetrader.

He manages to post some sort of keylogger script/virus.
Check your alliance boards, delete his posts, do not read it. Remove his account, block the proxy servers IP adres.

[Juliette]

There have been some posts made on various gatewars alliance related forum by a user called: thetrader.

He manages to post some sort of keylogger script/virus.
Check your alliance boards, delete his posts, do not read it. Remove his account, block the proxy servers IP adres.

This is VERY important.
We have analysed his 'program'. It is a deceptive little thing. Use it, and lose it. (First it = program; Second it = your account.)

[Clarkey]

There have been some posts made on various gatewars alliances related forums by a user called: thetrader.

He manages to post some sort of keylogger script/virus.
Check your alliance boards, delete his posts, do not read it. Remove his account, block the proxy servers IP adres.

thetrader? Not the same guys this?

The_Trader : memberlist.php?mode=viewprofile&u=13651

and this?

Der Phönixkönig : memberlist.php?mode=viewprofile&u=17480

Both being known as the person Franzis?

I'd be interested to know from the leaders of those forums what this "thetrader"'s email or IP address is.

[noone]

173.0.6.153

Anonymous Proxy
cant trace that

address state: n/a
IP address city: n/a
IP address latitude: 0.0000
IP address longitude: 0.0000
ISP of this IP [?]: proXPN Direct LLC
Organization: proXPN Direct LLC



Name: thetrader
Email used: thetradersgw@yahoo.com

[Kjarkur]

We banned him on AG forums, I know DDE banned him right away too.

Everyone should ban the IP right away

[Dubby_CompGamerGeek2]

DublinWarrior, Associate Admin of The Magnificents Forums just discovered this account attempting to register on our boards.

Thankfully, I did not take his SGW-named email address as proof of a legitimate SGW player...

Juliette, et al:
Please tell me more about what this program is capable of, and what it steals.

I plan to contact the proxy service, and eventually law enforcement.



Can we have this moved to a section that is more likely to get urgent attention?


Perhaps a Security Section that I keep recommending?

[ƒëmmë ƒatalë]

We banned him on AG forums, I know DDE banned him right away too.

Everyone should ban the IP right away

Realm: New Owner
God: The Trader
Main Realm Worshipper: Bucephalus

Realm: New Owner
Overseer: The Trader [[AG]]
Race: Ajna

http://ascended.gatewars.com/stats.php?id=2095

a link I don't know for sure, believe it was Lith's old account.

And someone should move this to the report area

[ƒëmmë ƒatalë]

This is about MSN/password hax, not a user. Lets try not to digress.
Any complaint against a user will be made in the proper section.

I believe it should be in the report section, where more will see it and it would be taken more serious...

the post they make with the link claims to be an aid for finding naq sitting out... it's being circulated on SGW alliance forums not via msn etc

[Juliette]

Bucephalus is not the one you'd be looking for.

[Clarkey]

Bucephalus is not the one you'd be looking for.

Definitely not!

There's nothing to suggest this person actually has an account ingame.

I'd be interested in knowing the link that he's posted if someone could PM it to me.

EDIT: I have contacted MediaFire to inform them of the keylogger and I expect them to remove the file and likely the user responsible.

[Dubby_CompGamerGeek2]

so Thetrader is not hacking / stealing SGW accounts atm?

just MSN accounts?

hmm... funny, SGW goods seemed to be Franzis' specialty, yes?

and both accounts are quite clear that they have a new owner, yes?


maybe the new owner is this honorable person nicknamed Bucephalus...
and nothing is related...

or perhaps thetrader or someone else stole his account?


Stranger things have happened, yes?




Let us not presume anyone's innocence quite yet...

first the facts...

[Clarkey]

so Thetrader is not hacking / stealing SGW accounts atm?

just MSN accounts?

hmm... funny, SGW goods seemed to be Franzis' specialty, yes?

and both accounts are quite clear that they have a new owner, yes?


maybe the new owner is this honorable person nicknamed Bucephalus...
and nothing is related...

or perhaps Franzis stole his account?


Stranger things have happened, yes?




Let us not presume anyone's innocence quite yet...

first the facts...

Lets not presume someone is guilty either. There is no solid link to any particular person, regardless of what I have said in this thread. The only reason you have mentioned Franzis is because I planted that seed of thought.

Now who said this 'thetrader' is not stealing or attempting to steal SGW accounts? All I said is that there is nothing to suggest that this person actually has an ingame account. Try not to change the meaning of what I say. If he's stealing accounts it doesn't mean he has an account of his own.

Dubby do you actually have an account ingame? If so why not try to have a look at that account you mentioned and then see what you think about it, you'll then realise why Jo and i say it's not related. And if it had been stolen from the owner they would have said something already.

[noone]

The technique involved enables the receiver of the keylog data anything you type in your browser.

From your precious facebooks account, to email account, to browser game accounts ... anything requiring you to manually fill in a log in form on a webpage.

He ends up with passes, names emails ... the works ...

Just imagine you getting someones credentials ..... you could try it out on anything you like.

Those who have their accounts on 'auto login' escaped the fact they needed to retype their credentials, as it was in the cookies.

The level of knowledge involved, and the approach used, and the depth of legal issues, is someone skilled enough to not make his butt get caught by something simple as having an gatewars account tied to his RL life.

Do not asssume you can 'easily' catch this guy.

Also, the blocking of the IP is a one time thing, he could easily jump proxy server.


The bit where he used 'thetrader' as a name, is blatantly obvious ...

Its like the 'I love you' email virus from last deccade, 80% of the internet users accepted the e-mail because they wanted to know who loved them. Its elaborate.

Like "Ooohhww who wants to trade with me, or what does he have to offer, lets take a quick look" ...

The name reveals only one thing, making you bellieve he wants to trade is the only link with Gatewars up to now and the fact he placed his work in Gatewars related alliance forums.

[stuff of legends]

send me the link to the program if anyone knows of it please.

There is no skill in making a keylogger anymore, its amazingly simple. So this is probably a kid with access to the internet, a bit of time on his hands and knowledge of a few programs. With that in mind just get the program sandbox it, deob it (depending if its obfs), decompile (depending on its language), search through the code and tada you have his email and password. Go whale him.

If you downloaded anything he sent you, it probably had the keylogger binded so you are probably infected. Go download malewarebytes and search through your process's in task manager to see if there are any dodgy looking ones, run msconfig and see what is started on startup and see if there is anything dodgy as well. If it looks clean you probably are, if your certain you have a keylogger but you cant see it just download a key scrambler and wait for some new virus definitions to come out. They are all eventually found, just takes time.

[stuff of legends]

Use it, and lose it. (First it = program; Second it = your account.)

the keylogger or RAT would be the program, so executing the program would execute the keylogger/RAT, so dont use it at all, if you really want to just sandbox it.