Jump to content

WARNING: SwiftKit Domain Stolen (Now Resolved)

Mercifull

By Mercifull
in General Discussion

 Share

Recommended Posts

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Carl

Carl

Posted
Posted

Looks like this happened a couple hours ago tops? / Today?

 

Guess that makes it have no relation at all to me being hacked/recovered a few days ago then?

 

(not sure which answer I want to hear, seeing as how they will likely still hold the same end result.)

 

This only happened several hours ago, and SwiftKit does't contain any of your personal details.

RIP Michaelangelopolous

Link to comment
Share on other sites
Howlin0001

Howlin0001

Posted
Posted

I use SK have done for years. all I care about is my screenshots!!! XD

I've used Howies Quick Screen Grab for years http://www.howiesfunware.com/loadSideBarMiscSoftware.html

I've used gadwin printscreen since I've joined the Crew (a month shy of 4 years), it's easy very easy to use. http://www.gadwin.com/printscreen/

howlin1eeveesig.png

Link to comment
Share on other sites
Jeffery

Jeffery

Posted
Posted

I use SK have done for years. all I care about is my screenshots!!! XD

I've used Howies Quick Screen Grab for years http://www.howiesfunware.com/loadSideBarMiscSoftware.html

I've used gadwin printscreen since I've joined the Crew (a month shy of 4 years), it's easy very easy to use. http://www.gadwin.com/printscreen/

 

I've got Gadwin printscreen for when I do FF scapin' just if I were to uninstall SK all my screen shots i got from it would be deleted (It's bad to say my screenshot file consists of 15,000 over the past 6 years) lol

Thievingcapesigcopy.png

Jeffery.png

180th to 99 Divination + 1st W36er

 

Rambo, cannot pk call your friends bro :). Wait nevermind none of SAPK/PKS can. Kappa.

Link to comment
Share on other sites
Thus

Thus

Posted
Posted

I'm laughing at everyone that still uses Swiftkit in 2012.

 

Seriously, it stopped being useful when the world switching feature was taken out of swiftswitch years ago. Use the client/firefox/whatever and mirc and you wouldn't be in this mess. And there are plenty of ways to take screenshots.

Link to comment
Share on other sites
Carl

Carl

Posted
Posted

An update on the Zybez post by Marius (funman),

 

Update

We understand that after a while, a java drive by was introduced into the hijacked sites prompting users to run an unsigned java applet which would install malware on your system. If you received the prompt and accepted it, or would just like peace of mind, we recommend running your antivirus or using Microsoft Security Essentials which we found picked up this specific malware rather easily.

 

We are still working on resolving all issues, but will keep this post updated with information as we have it available.

 

Can that update and the original post on this thread by funman please be edited on the first post?

RIP Michaelangelopolous

Link to comment
Share on other sites
Huge Noob

Huge Noob

Posted
Posted

I've never used Swiftkit. The official client and mIRC work fine for me, have for years. Sorry for anyone who still uses it but I'm sure it was bound to happen sooner or later with a 3rd party client...

 
user1-dark.png 
 
Huge_Noob.png

 

Link to comment
Share on other sites
Stev

Stev

Posted
Posted

An update on the Zybez post by Marius (funman),

 

Update

We understand that after a while, a java drive by was introduced into the hijacked sites prompting users to run an unsigned java applet which would install malware on your system. If you received the prompt and accepted it, or would just like peace of mind, we recommend running your antivirus or using Microsoft Security Essentials which we found picked up this specific malware rather easily.

 

We are still working on resolving all issues, but will keep this post updated with information as we have it available.

 

Can that update and the original post on this thread by funman please be edited on the first post?

Done. :).

09144a99bb.png

Link to comment
Share on other sites
Affxtion

Affxtion

Posted
Posted

There is a sticky thread on the RuneScape forums now for anyone who uses SK and is worried about the safety of their account. http://[use Quick Find Code]/c=1F0laTMrr8c/sl=0/[Please Use QuickFind Code]?25,26,125,63757878,goto,1

Mod Mozza will be delighted to lock your account for the time being should you be worried.

Link to comment
Share on other sites
Abdulla

Abdulla

Posted
Posted

I'm laughing at everyone that still uses Swiftkit in 2012.

 

Seriously, it stopped being useful when the world switching feature was taken out of swiftswitch years ago. Use the client/firefox/whatever and mirc and you wouldn't be in this mess. And there are plenty of ways to take screenshots.

It still has many useful functions, like very accessible highscore features, grand exchange price features, and it's own irc as well. Also very quick to take screenshots and upload them with Swiftkit as well, but I understand that there are many alternative for that now. Still a very useful application, and nothing wrong with using it.

imp7C.jpg


(22:28:44) <@Leik> LE INTORNUTZ SPEEK xDDDDDDDDDDDDDDDDDDD


Mish.png

Link to comment
Share on other sites
HunterDexter

HunterDexter

Posted
Posted

Hmmm, I opened SK before reading the disturbing news. And I can't quite remember if I accepted an update... I seriously don't know whether I should get on my account or not, as some on the RSOF say the malicious file can't be picked up by an antivirus.

Link to comment
Share on other sites
Albel

Albel

Posted
Posted

Am I supposed to feel old for still using the "PRTSC" button to take a print screen?

I have always done that.

 

I hope the problem is resolved asap for people who use it though.

35bvvh1.png

[hide=Quotes]

Albel/Justin

Albel doesn't say anything anymore, just comes in, leaves an arrow and vanishes into the night :(Probably
practising some euphonium

You nearly had me fooled, you fooler you

Euphonium/10.

9/10. To me, always associate Albel with musical stuff in OT.

Everyone with a goatee and glasses is Albel now.

lmfao albel m8 wat r u doin, hi though.

 

[/hide]

[hide=Runescape Achievements]99 firemaking(2007), 99 woodcutting(2008), 99 fletching(2009), 99 magic(2010), 99 cooking(2010), 99 farming(2011), 99 construction(2011), 99 runecrafting(2012), 99 Hunter (2014),  99 ranged (2015), 99 HP (2015), 99 Slayer (2015), 99 attack (2015) 99 Defense (2015) 99 Prayer (2015) 99 Summoning (2015) 99 Strength(2015) 99 Herblore (2015) 99 Dungeoneering (2017)  99 Mining (2017) 99 Crafting (2017) 99 Smithing (2017) 99 Thieving (2017)  99 invention (2017) 99 Fishing (2018), 99 Divination (2018), 99 Agility (2018), MAXED (05/17/2018)[/hide]

Link to comment
Share on other sites
The Observer

The Observer

Posted
Posted

Hi,

 

We are aware of the issues (as can be seen by our post on Zybez), and are working to resolve it.

 

SwiftKit it self is safe to use, as our update servers are in no way compromised, but the patch notes are fetched from the swiftkit.net domain and can thus be edited.

The update you are referring to is a safe update, it's just the skdata file with the latest quests in it, unless the client issues a warning that it needs to restart it self after an update then the client it self has not been changed. We recommend you keep an eye on the forum post linked to for updates as we'll try to keep you all updated on the situation as it progresses.

 

-Marius

 

K swiftkit is not [bleep]ing safe to use. Ignore this imbecile above. I've had the passwords on all the accounts i've ever used on SK changed, so shut up.

 

One would presume from examining the above poster that he is a hacked account that had his tif password the same as his rs acc one

 

That user happens to be SwiftKit senior staff. FYI, the domain was hijacked. So, it redirected swiftkit.net to a malicious website. When SwiftKit redirected to the start page on the Swiftkit.net domain, it most likely ran a Java driveby (if you accepted Java to run). The servers themselves weren't touched. If you believe that you received some form of a virus from it, then scan using your anti-virus programs. I know for sure Microsoft Security Essentials can detect and remove it.

 

Hmmm, I opened SK before reading the disturbing news. And I can't quite remember if I accepted an update... I seriously don't know whether I should get on my account or not, as some on the RSOF say the malicious file can't be picked up by an antivirus.

 

No, that is incorrect. The malicious file can be picked up with anti-viruses such as Microsoft Security Essentials quite easily.

 

At this moment, they have control over the domain and it will be back to normal once DNS propagates in your region.

 

~ Kill

j0xPu5R.png

Link to comment
Share on other sites
HunterDexter

HunterDexter

Posted
Posted

Hmm, I did that first quickscan that MSE does when it is installed, and it found nothing, so it's safe?

Also, is there any way to see if you accepted a change to your firewall? Can't seem to find that on BitDefender. :s Because I'm still unsure whether I had a Java pop up.

Link to comment
Share on other sites
Randox

Randox

Posted
Posted

Am I supposed to feel old for still using the "PRTSC" button to take a print screen?

Yeah, I do that too.

Right there with you. The only time I have needed anything but the Prtsc button was when I recorded all the diologue in the Shadow Robe miniquest. I did the first few like that, cropping them into a collage, then I realised how long that would take, so I started up hypercam and used that instead, focusing it where the text would appear. So someplace, probably on my laptop, is a collage and a 90 second (maybe longer) movie that contain all the chat from the quest. To view it, I just set the playback speed of WMP really low, and then I can double click the play button to advance it by a frame.

 

Hmm, I did that first quickscan that MSE does when it is installed, and it found nothing, so it's safe?

Also, is there any way to see if you accepted a change to your firewall? Can't seem to find that on BitDefender. :s Because I'm still unsure whether I had a Java pop up.

 

I think someone already pointed this out. If you had comprmised swift kit, the easiest way to take advantage of that would be to redirect it to a phising site mimic of the log in screen if you had one set up. This wouldn't cause anything to show up in a scan.

 

And do a full scan with MSE whenever you want to really be sure. The quick scan completes very quickly by only scanning what are probably the more critical parts of your hard drive, and places where viruses are likely to show up, like your download folder. It's good for a routine check, but once a month, and whenever you suspect something might have gotten onto your computer, you should do a full scan.

Link to comment
Share on other sites
Kimberly

Kimberly

Posted
Posted

like very accessible highscore features, grand exchange price features, and it's own irc as well.

 

Any IRC server that has RuneScript has this as well, via a light client called mIRC. But some people have preferences and I respect that. I just typically play on cheaper/older computers that don't have the resources to spare on bulkier setups. RIP my multitasking abilities ; _ ;

hzvjpwS.gif

Link to comment
Share on other sites
Zpoon

Zpoon

Posted
Posted

Hey guys just thought I'd let you know we made a post explaining what happened and what's going on right now:

 

http://forums.zybez.net/topic/1556987-swiftkit-website-issue-explained/

 

One down side to SwiftKit being as popular and successful as it is, means that it has a giant target on it's back. Today we unfortunately experienced the effect of that., which is a shame really as we only exist to offer a free helpful tool to players...It really is unfortunate. As always though, we aim to be as transparent about the situation as possible.

 

At around 3am this morning it came to my attention that someone had gained access to the domain register's account that hosts SwiftKit.net. This allowed them to transfer the SwiftKit.net domain off our account and onto their own. Once they did this they were then able to change the webserver the domain points at, to their own malicious site. The problem was that it took around 5 hours for the domain to be rightfully returned back to us. So during this time the SwiftKit.net domain was pointing to a malicious website. We'll definitely be moving to a different domain registrar in the near future.

 

How was the intruder able to gain access to our domain account? By using a fake ID, or identity document to convince the domain hosting company to reset the e-mail address to their own. Then all they had to do was perform a simple password reset. We're very concerned that this could even happen in the first place, and that it took so long to re-gain control. We'll be looking forward to getting as far away as possible from this domain host.

 

So what does this mean for you as a user? Not too much, SwiftKit itself wasn't affected at all, just the domain. However If you were unfortunate enough to click accept or yes on any JAVA popups that came up I suggest do you a virus scan straight away and once clean change your password. You should never accept any JAVA requests from sources you don't trust. (It states the source in the popup)

 

We have seen this specific malware can be detected and removed by Microsoft Security Essentials. If you believe you have loaded SwiftKit in this small window and accepted any rogue Java confirmations, then it would be a good idea to run a full system scan.

 

SwiftKit itself has several layers of protection built into the updater to prevent anyone from being able to push out bogus updates. The only way you could be harmed is if you download or accept something yourself.

 

As it stands we now have full control of our domains and have taken temporarily steps to prevent such a situation from occurring again. DNS changes have been successfully apllied to many users and they should now be directed to the right, normal site. If you still are redirected incorrectly, try clearing your browser's history and cache, and also by going to Start > search for "cmd", and type in "ipconfig /flushdns". This will ensure the right DNS address is obtained from the server. In the coming future we will be looking to implement some permanent changes to further prevent such an occurrence, abandoning our current and frustrating registrar is one of them.

 

We understand our well-earned reputation has been tarnished by this horrible incident, and we understand many are wary using our products in the future. That trust is going to have to be earned back, and I know for some it will be difficult. I want to personally let everyone know the safety and security of all of our users are our #1 priority. The entire SwiftKit staff, including support from our users and Jagex moderators have hopefully showed everyone that we are serious about security.

 

If you have any hesitations or questions please don't hesitate to ask.

 

We're also going to be posting some specific ways of checking if you are indeed infected, and removal steps if you are. Gimmie a sec.

 

Edit: Detection and removal instructions:

 

1. Open Start

2. In search, type "regedit" and hit Enter

3. Navigate to "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows" using the folder dropdowns.

4. If there is a file or entry in the Windows folder called "Adobe Drivers", than you are infected and you require removal. If it doesn't exist, you are not infected.

 

Removal:

 

1. Right-click the taskbar and select "Start task manager"

2. In the Processes tab, end any process named "winsyl[Caution: Executable File]"

3. In the Registry Editor window you still should have open, right-click the "Adobe Drivers" folder and select Delete

4. Open Windows Explorer, enter in the URL %AppData%\Microsoft\Windows\

5. Delete the folder "Drivers"

6. As a safety measure, run a full system scan using a reputable anti-virus such as MSE.

SwiftKit staff // http://swiftkit.net

Zpoon.png

Link to comment
Share on other sites
Kaida23

Kaida23

Posted
Posted

I'm really surprised that they were able to gain control of the host domain that easily. Glad to hear you've got things back under control. :thumbup:

 

f2punitedfcbanner_zpsf83da077.png

THE place for all free players to connect, hang out and talk about how awesome it is to be F2P.

So, Kaida is the real version of every fictional science-badass? That explains a lot, actually...

Link to comment
Share on other sites
Saradomin_Mage

Saradomin_Mage

Posted
Posted

I'm really surprised that they were able to gain control of the host domain that easily. Glad to hear you've got things back under control. :thumbup:

Reminded me of Jagex's account recovery system when I read it.

6Ij0n.jpg

In real life MMO you don't get 99 smithing by making endless bronze daggers.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept