fakeitormakeit Posted September 29, 2007 Share Posted September 29, 2007 This is why we don't accept the IMs from random people in fully correct grammar saying: "Hello, remember our trip to Europe? Click here to see the pictures." Link to comment Share on other sites More sharing options...
ilovecuttingyews Posted September 29, 2007 Share Posted September 29, 2007 Over the past few days there have been an influx of newcomers posting things like " LOOK I LURED 1.3B AND A BAJILLION PHATS!" Then they post a bunch of links...I have a feeling that was bubbles. Link to comment Share on other sites More sharing options...
reaper88888 Posted September 29, 2007 Share Posted September 29, 2007 Good thing I never go to any rs-related sites but Tip.it, have fully updated A/V, use an onscreen keyboard to type my password, never open unknown emails, and scramble my password when I type it... Even if I did get the virus, no biggie, I've got a bank pin, I never log off without banking, and I've got all my recovery q's set...     Massive case of paranoia ftw, eh? :) There is no meaning or truth in life but that which we create for ourselves. Link to comment Share on other sites More sharing options...
RoswellCrash Posted September 29, 2007 Share Posted September 29, 2007 For any of you techno geeks out there....are Ad Aware SE and ZoneAlarm good enough?   Zone Alarm is a firewall that's fine, Ad-Aware SE is good you got an Anti-Virus? - Twitter | RuneScape FB Group | My PC Link to comment Share on other sites More sharing options...
Winner5555 Posted September 29, 2007 Share Posted September 29, 2007 They really should have used one of the other names to talk about it... describing a vicious, evil worm while using the name "bubbles" sort of detracts from the mood.   In my opinion, bubbles sounds a little too innocent, so even though the virus maker probably used the name so people wouldn't think it was so bad, it probably still drew caution due to it having such a weird name. 621st person to achieve 99 slayer on December 3rd, 2007177th person to 99 summoning on June 21st, 2008 Link to comment Share on other sites More sharing options...
Umega Posted September 29, 2007 Share Posted September 29, 2007 Luckly for me the only "3rd party site" I visit is Tip.it, which I trust. Or doesn't that matter? :uhh: No longer playing Runescape, I caught the WoW bug. Link to comment Share on other sites More sharing options...
ilovecuttingyews Posted September 29, 2007 Share Posted September 29, 2007 For any of you techno geeks out there....are Ad Aware SE and ZoneAlarm good enough?   Zone Alarm is a firewall that's fine, Ad-Aware SE is good you got an Anti-Virus?   Zone Alarm is both anti-virus and anti-spyware Link to comment Share on other sites More sharing options...
PhaperPlane Posted September 29, 2007 Share Posted September 29, 2007 For any of you techno geeks out there....are Ad Aware SE and ZoneAlarm good enough?   Zone Alarm is a firewall that's fine, Ad-Aware SE is good you got an Anti-Virus?   Zone Alarm is both anti-virus and anti-spyware   I use Zone Alarm as well, you should be fine as long as you keep it updated an run a virus scan every week :) Link to comment Share on other sites More sharing options...
Wachtwoord Posted September 29, 2007 Share Posted September 29, 2007 I wonder in what age you live if you don't have an up-to-date firewall and anti virus program... When everything's been said and done, more has been said than done.All skills 80+ Link to comment Share on other sites More sharing options...
Randox Posted September 29, 2007 Share Posted September 29, 2007 Not to mention every single one of you should be using Firefox too.   I use FireFox now. :)    I'll be more careful then..   Actualy, in my case IE explor is WAY safer. Vista runs a 'safe mode', so things can only be writen to the temp folder. For ANYTHING, to be written outside that folder, the computer has to get manual permision from the human user to allow it, so worms and what not can never leave the temp. Of course a manualy initiated download is also permission since you normally specify a destination outside of temp.   But ya, AVG is great, if you pay for it, it will do spyware and maleware too. Spysweeper is superior to AVG, does everything and has a 14 day free fuly functional trial. Link to comment Share on other sites More sharing options...
Albel Posted September 29, 2007 Share Posted September 29, 2007 This scared me to death when i read this, :ohnoes: when i get in my computer at home im going to get new anti-virus program...please let me be in time :pray: [hide=Quotes]Albel/JustinAlbel doesn't say anything anymore, just comes in, leaves an arrow and vanishes into the night :(Probablypractising some euphoniumYou nearly had me fooled, you fooler youEuphonium/10.9/10. To me, always associate Albel with musical stuff in OT.Everyone with a goatee and glasses is Albel now.lmfao albel m8 wat r u doin, hi though. [/hide][hide=Runescape Achievements]99 firemaking(2007), 99 woodcutting(2008), 99 fletching(2009), 99 magic(2010), 99 cooking(2010), 99 farming(2011), 99 construction(2011), 99 runecrafting(2012), 99 Hunter (2014),  99 ranged (2015), 99 HP (2015), 99 Slayer (2015), 99 attack (2015) 99 Defense (2015) 99 Prayer (2015) 99 Summoning (2015) 99 Strength(2015) 99 Herblore (2015) 99 Dungeoneering (2017)  99 Mining (2017) 99 Crafting (2017) 99 Smithing (2017) 99 Thieving (2017)  99 invention (2017) 99 Fishing (2018), 99 Divination (2018), 99 Agility (2018), MAXED (05/17/2018)[/hide] Link to comment Share on other sites More sharing options...
Latinoking Posted September 29, 2007 Share Posted September 29, 2007 LOL I got McAee, Spy Sweeper, Ad Adware. I'm thinking of also getting Norton and ask my friend for his full version of McAfee.   Thank God that RuneScape is blocked at my school. :D (They don't use a very good firewall/security system)   To the people who might get paronid and stuff. Don't. Drink a glass of water and just scan all of your files. C and D drivers. Delete all cookies and temp internet files. You should be safe.   If you have no security system on your computer and you go on alot of sites..... SHAME ON YOU. There's free ones out there! GET THEM!   This sorta makes me question Swift Switch though. I am Teh_King[My dA][My Last.FM][My Twitter] Link to comment Share on other sites More sharing options...
ilovecuttingyews Posted September 29, 2007 Share Posted September 29, 2007 For any of you techno geeks out there....are Ad Aware SE and ZoneAlarm good enough?   Zone Alarm is a firewall that's fine, Ad-Aware SE is good you got an Anti-Virus?   Zone Alarm is both anti-virus and anti-spyware   I use Zone Alarm as well, you should be fine as long as you keep it updated an run a virus scan every week :)   I update it whenever I can, and I have it set to a scan every night while I sleep :D Link to comment Share on other sites More sharing options...
Cabbage_Boii Posted September 29, 2007 Share Posted September 29, 2007 heh my avg auto scanned today, im not too worried i dont realy click "unknown links"Â :roll: Let your yellow mellow. Link to comment Share on other sites More sharing options...
Viv Posted September 29, 2007 Share Posted September 29, 2007 LOL I got McAee, Spy Sweeper, Ad Adware. I'm thinking of also getting Norton and ask my friend for his full version of McAfee.   Thank God that RuneScape is blocked at my school. :D (They don't use a very good firewall/security system)   To the people who might get paronid and stuff. Don't. Drink a glass of water and just scan all of your files. C and D drivers. Delete all cookies and temp internet files. You should be safe.   If you have no security system on your computer and you go on alot of sites..... SHAME ON YOU. There's free ones out there! GET THEM!   This sorta makes me question Swift Switch though.       same i hope its not swift swich...and i updated my antivirus program and running a scan cause if it is swift swich.. :uhh:    gonna use official rs thing til it clears up i need my account to live =0 Link to comment Share on other sites More sharing options...
ayden7794 Posted September 29, 2007 Share Posted September 29, 2007 I think im in the clear. The only file I think I opened or whatever in the last few weeks was the mirc channel for tipit. Get me a whopper! Link to comment Share on other sites More sharing options...
happybappy Posted September 29, 2007 Share Posted September 29, 2007 I don't have to worry because I have a mac. pwned. :P Link to comment Share on other sites More sharing options...
OldDucky Posted September 29, 2007 Share Posted September 29, 2007 Currently I have Nortan Anti Virus, And Pop Up Blocker Installed In my computer. Everyone as Jagex said, Please be aware of links you click on. And don't worry :shame: !   \ Lil Ol' Ducky ~ HYT Chat Rules (Click Here): Read before entering the chat. ~| Former Clan Chronicle Editor | Former Clan Improvement Member| Former TET Member | Link to comment Share on other sites More sharing options...
sithlord_man Posted September 29, 2007 Share Posted September 29, 2007 good thing i have 2... 99 FM Acheived on Friday December 26th 2008Click for my blog|Mass Effect Discussion Thread|Nation Creation/Create your own Country Forums Link to comment Share on other sites More sharing options...
4nr Posted September 29, 2007 Share Posted September 29, 2007 I use NOD32. Updates it's virus signatures 3 or 4 times a day. I'm not worried :) Link to comment Share on other sites More sharing options...
Latinoking Posted September 29, 2007 Share Posted September 29, 2007 People I looked into this worm and I now know why Jagex pointed this out!   This thing is really horrible.   Anyway, the trick displayed by Bubbles -- aka Ramex, Skiki or Pykspa -- adds to its existing ability to shut down a PC's anti-virus defenses, a pretty neat attack on its own. In addition to dropping the keylogger, it watches for PCs running Runescape and attempts to steal log-in data.   So even if you got protection you might still be S.O.L.   Source: Source Click I am Teh_King[My dA][My Last.FM][My Twitter] Link to comment Share on other sites More sharing options...
flying_death_bombs55 Posted September 29, 2007 Share Posted September 29, 2007 People I looked into this worm and I now know why Jagex pointed this out!   This thing is really horrible.   Anyway, the trick displayed by Bubbles -- aka Ramex, Skiki or Pykspa -- adds to its existing ability to shut down a PC's anti-virus defenses, a pretty neat attack on its own. In addition to dropping the keylogger, it watches for PCs running Runescape and attempts to steal log-in data.   Source: Source Click   I do NOT trust that link, post the whole thing here if it is real. When you mentioned the Dragon Plates I had a sudden vision of a load of gangsters running around in fancy dress yealling "Grim Reaper in da hood!" Link to comment Share on other sites More sharing options...
Latinoking Posted September 29, 2007 Share Posted September 29, 2007 People I looked into this worm and I now know why Jagex pointed this out!   This thing is really horrible.   Anyway, the trick displayed by Bubbles -- aka Ramex, Skiki or Pykspa -- adds to its existing ability to shut down a PC's anti-virus defenses, a pretty neat attack on its own. In addition to dropping the keylogger, it watches for PCs running Runescape and attempts to steal log-in data.   Source: Source Click   I do NOT trust that link, post the whole thing here if it is real.   Whatever no need to go on Panic Mode dude. Chill Out   September 24, 2007   Bubbles the worm adds keylogger Filed under: Security   As the so-called Bubbles worm continues to wind its way across the Web, passing itself along via the contact lists and chat feature of people's Skype VoIP calling software, researchers have now isolated a far more devious iteration of the virus.   According to experts working on the SpywareGuide blog -- which is run by security vendor FaceTime Communications -- one new version of the threat has moved it from nuisance stage -- it previously posted the "Bubbles" screensaver in Windows onto affected users' machines -- to the nasty stage -- adding a keystroke logging program.   As another twist on the attack, the latest version of Bubbles also appears to take aim at users of the Runescape massive online multi-player game, one that is known to be popular among younger users, specifically teens.   Now, most of you enterprise security readers may think that means you don't have to worry, but it's an interesting bit of social engineering that could easily be used to create subsequent versions that might be aimed at professionals.   You should also consider that people in your company much older than teens may already be playing such games.   (Am I the only one reading this who knows otherwise normal, adult people who need a trip to Worlds of Warcraft anonymous?)   Anyway, the trick displayed by Bubbles -- aka Ramex, Skiki or Pykspa -- adds to its existing ability to shut down a PC's anti-virus defenses, a pretty neat attack on its own. In addition to dropping the keylogger, it watches for PCs running Runescape and attempts to steal log-in data.   So, what if someone did the same thing for LinkedIn, or Salesforce.com or something? Now you get the idea.   Basically, it doesn't matter if you're a gamer or not if you get the virus, because according to the researchers: "it logs everything the victim does on the infected PC, storing all logged information to a file in the system32 directory called syswinf32.dll."   Fun, fun. And: "It shows applications that have run, any action taken within the application, any text typed, and any Web sites visited."   Then: "Now that it's effectively stealing every piece of information on the victim PC it's time for the worm to spread to every Skype contact."   Nice.   This is proof positive that something like Bubbles -- believed to be create by a group of young hackers who identify themselves as "Youngsters Against McAfee" (YAM) -- can be quickly and easily manipulated into something much worse, and something that can be used to attack everyone from children to adults.   And while this one only targets the IM chat feature in Skype, most security researchers are saying "stay tuned" when it comes to the development and distribution of more sophisticated threats that attack VoIP itself.   Now ask yourself, is anyone in your company using VoIP software, and what have you done to secure it?   Happy? Get a key scrambler like me if you're that scared. (It encrypts keystrokes; which sends random codes if I do get keylogged \ ) I am Teh_King[My dA][My Last.FM][My Twitter] Link to comment Share on other sites More sharing options...
the123king Posted September 30, 2007 Share Posted September 30, 2007 The worm is targeted to runescape users. taken from: http://blog.spywareguide.com/2007/09/bubblesfor_kids.html EDIT: the copy paste didnt include the pictures here. the link above has the full text and pics. and if you don't trust that link, remember i do hold legend status here. 8)    Bubbles...For Kids![/url]":3aavbg1g]The discovery of the Bubbles worm has led to the discovery of more and more variants across the internet. While all have essentially the same methods of infection, not all simply block security programs. FSL has come across a variant of the Bubbles worm that is designed to steal any and all sensitive information from the victim's computer through the most devious method of all...keylogging!   It starts with an executable downloaded from a questionable website. This executable copies itself into the system32 directory of the victim PC, and these 4 files are copies of the main executable:      That's not all this worm does. It also looks for the game Runescape on the infected PC. Here's a screenshot taken from the main executable, pdo[Caution: Executable File]:      For those not aware, Runescape is a MMO game whose target demographic is children, young teens, and teenagers in general. This worm is looking for not only "runescape", but a "RS PIN:" as well. Could this mean payment details? Or (more likely), could they be referring to the victim's PIN to their game bank? Whether its to simply loot your gold, or sell the PIN on illegal forums is unknown. That's not even the scariest part of this infection. It also logs everything the victim does on the infected PC, storing all logged information to a file in the system32 directory called syswinf32.dll.      Syswinf32.dll stores extremely sensitive information monitored from the infected PC.   The above picture is just a sample of what was found in the .dll file. It shows applications that have run, any action taken within the application, any text typed, and any websites visited. Now that it's effectively stealing every piece of information on the victim PC, it's time for the worm to spread to every Skype contact.      Now this worm starts looking familiar. This is the exact same behavior we observed in the original Bubbles worm. When you put it all together what do you get? You get a worm/keylogger that spreads through skype contacts and targets the teenagers that play Runescape. Combine that with the big juicy MAILTO: in the main executable file and you have yourself a wonderful recipe for potential identity theft.   Research Summary Write-Up: Chris Mannon, Senior Threat Researcher Additional Research: Deepak Setty, Senior Threat Researcher   Posted by Chris Mannon on September 19, 2007 01:33 PM | Permalink if you cant stand your life, hit yourself repeatedly with a rusty spoon the wannabe king who cant count to 4 runevillage database team member, guide editor and newspaper staff. hah :P Link to comment Share on other sites More sharing options...
Harrington Posted September 30, 2007 Share Posted September 30, 2007 I have so much junk on my PC that a full scan took just over an hour. I appear to be clean though, so fingers crossed :pray: Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now