Atlantic Roleplay Community Boards

[Teh Glouris Lrod Kujabis]

---

Updated 2/14/2011 with fixed and updated links to programs.
Updated 11/4/2005 with all sorts of new stuff.
Updated 8/22/2004 with info on a new Ad-Aware.
Updated 6/12/2004 with a small new section about ICQ security.
Updated 5/6/2004 with a new link to a new spyware scanner.

A background on what you should have:

Spyware scanner(s):
Ad-aware is a good scanner to run now and then, but for realtime protection, look into Microsoft's new anti-spyware program. I linked to it below with all the other links. Remember that you can have as many of these installed as you want; I personally use three. I -really- recommend the Microsoft one. Just keep in mind that you have to have a legit windows copy to download it from microsoft, or be a very bad person and have someone with a legit copy download and send it to you. Update and scan regularly.

Antivirus:
There are so many out there. I use Antivir, but I am told the big guys (norton, trend micro, etc) are all effective as well. Note that you can -NOT- have two antiviruses installed at the same time, because, more or less, they tend to use a certain part of your PC to scan from and a certain technique to do it, and if two things are trying to use that space and scan method at once, you can seriously obliterate your PC and need to reformat. However, if you have a problem that one won't remove, try scanning once with Housecall. I find that I had no problems using housecall while my antivirus was on, so you can use these together. Update and scan regularly.

Firewall:
Many hardware programs have a firewall built in. Windows (a'la Service Pack 3) also has one. I prefer software ones in conjunction with these because they are easier to use and customize (while being vulnerable to -really- good hackers, but I've not heard of anyone that can pound a major brand software firewall). I'd recommend if you have a hardware firewall to have it on and use a software one at the same time, just in case. The software ones, I find, aren't as strong, but how many times have I seen my firewall pop up and say, 'Would you like (insert spyware program here) silent install to connect to the internet?' because I installed a program that has in their EULA 'oh hey, we can spam your candy ass with spyware, LAWL' in lawyerspeak somewhere a hundred and seventy five million pages down. Update regularly.

Basic Knowledge:
Know what filetypes can contain malicious programs. Remember that viruses can be packed into a large variety of file types.. But people don't send you viruses to steal your login info, do they? Keyloggers are candycoated around executable files most commonly. Remember that every single time you double click an EXE, it has free run of your machine. After that first time, it could have put itself into your startup services where 99% of people don't know where to find and remove it, and it'll boot with your machine and do as it pleases. Do not accept files from people you don't trust 100%. If you have even the slightest doubt, don't do it. Just think when you receive a file and you are unsure of the sender: "Is this file more important than my UO accounts (and possibly credit card info)??" The answer I pray is no, so don't do it.



Here is the easy breakdown on hackers:The Not-Even-A Hacker:

This 'hacker' gains someones trust until they acquire a username and password. This person might also be a good friend one day, and a jerk the next, and might just decide they value the things on your account over your friendship.

Ways to prevent this:

Simple. Do not give out your account. Trust people at your own risk. Also, remember this: If you give your account out to someone else, and THEY get hacked by one of the next two categories of hackers, the hacker will not know the difference between your account and theirs. It's not always a matter of trust, it's just twice the vulnerability.

What you can do if you are hacked by this hacker:

Sad to say, nothing much. This is 100% legal. There is no laws that protect non-tangible objects. This is why paypal scammers get away with it. The only thing you can really do is try and find out who did it, and beg and plead for your stuff back. But usually this doesn't work. Even if the culprit thinks he should never have done it, he will probably think 'It's too late, can't go back now!', and you are screwed.

The Newbie Hacker:

This hacker uses the easy-to-find keylogger and takeover programs on the internet. This is considered hacking, yes, but their hacking ability is only as good as the program they use.

Ways you can prevent this:

Do not accept files from people that might hack you. This includes random people, and friends alike. Follow your judgement I mentioned in the above category - accept files only from people you want to meet face-to-face one day. The big thing to look for is .exe files. Even if you trust someone, there is few jokes or gags that are in EXE files, and NONE that are worth risking your account for! Do not accept 'executable' files. There are other extensions besides .exe but I do not know them. Yes, other files can contain trojans and hacks. Quick clarification: A trojan is the term used for a keylogger. Trojans can be other things, like an IP tracker (IP tracking sets up an email program on your system that emails your IP to your hacker every time you sign online. Very useful to the hacker if you are being hacked with something like SubSeven.), but generally a key-logger is what is being placed on your computer. Key loggers log any and all keystrokes you make. If I was being keylogged right now, someone would be getting all the text i type on AIM/ICQ/IRC/forums (poor sucker that has to read all my posts, HAH)/UO client. Yes, your password is in there. You say, "I don't type my username in, I'm fine." Two things: Most standard keyloggers can also see what OTHER people/programs are displaying, text wise. And I'm willing to bet there is a keylogger out there aimed specifically at UO. Also, you don't type in your username? Why is that? Oh, it's stored on your computer, in your UO folder, right? Yep, a skilled hacker could easily view that file, especially one using SubSeven. Another thing to note: Some hacks don't communicate out to it's hacker, the hacker has to communicate to your PC to connect. They must have your IP by doing this. Sometimes a hacker will want to connect again later to get your IP again. This is why dialuppers are rarely hacked, as they change IP's every 5 minuites when their ISP dumps them off because dialup sucks. But that's a whole 'nother rant.

How to prevent this:

A firewall will still stop a lot of the hackers from connecting, even if they have already trojan infected you! A good firewall will stop most anything, except the most sophisticated hacks that you ACCEPT. Think of it this way, a firewall is a big invisible bubble around your PC. If you accept a file in, it's like placing a time bomb in the middle of the bubble. You don't know if it's going to go off or not, but when it does, your bubble is useless. A firewall like Zonealarm will even ask you, 'do you want this program to access the internet?' Though, you must remember, if you bring a file into your system, it can do anything it wants. P.S. I will link to good programs below. A good antivirus, like Norton Pro, has spyware checking stuff in it already, and will catch it right away. Also, constant scans from Lavasoft Ad-Aware will catch it, and if you pay for the program, you can get a constant-scanning thing and not have to do it manually. I personally run the memory-check Ad-aware and Antivirus scans like mad, whenever I'm bored, because it takes about 10 seconds each, and stops keyloggers dead in their tracks.

What you can do:
Some police stations have software to scan your computer for the keyloggers and hack programs. These hack programs, or other files on your PC, very often retain the IP of your hacker! From there, it's very easy for the authorities to go to an ISP and say 'hey, who had this IP at this time, he is 1337 h4x.' And thus, you can press charges, etc. Your items may not be recovered, as they are still non tangible items, but your PC was still hacked, and software was used to intrude your system, etc. That's up to like, five years in jail. Well, probably not for hacking your UO account, but you get the idea.

The Professional Hacker:

I've not heard of anyone in Ultima Online being hit by an uberhacker before. Usually mistaken with newblet hackers that find an exploit tool for a specific firewall/antivirus, and got lucky. A professional hacker is the kind of person the military should be hiring for digital warfare. Don't confuse these with packet sniffers either. Packet sniffing is a program that listens to data you send and receive - which is why websites with credit card info has SSL-SECURE encryption tunnels.

How you can prevent this:

Constant scanning Ad-aware and antivirus, and a strong file. Anything goes with a professional hacker, and your PC's protection is not as good as a military system. Don't expect to be a target of a professional and win. Usually though, this is just a newblet with a collection of programs to exploit specific firewalls etc, and a lot of luck on their part.

What you can do: The above. Call the police and tell them it was a hacking crime, hopefully they have people that can/will help you.

The new ICQ security section
I just looked again at trillian and remembered that if improperly set up, ICQ WILL BROADCAST YOUR IP ADDRESS. Newbie hackers may be able to get your IP address and do all sorts of 'fun' things with it if you are not firewalled, or if they are adept at getting around them.

Due to the many versions of ICQ, this cannot be pinpointed to one exact setting. What you want to look for is settings in your Security and preferences window about peer-to-peer connection settings. On version 2003b pro, Jeff was able to turn off his IP broadcast by setting this to 'only allow people on my list to connect with me', but you may need to set it to 'allow no one to connect with me' depending on other settings.

I cannot pinpoint precisely the settings you need, but if you add me to your list (78154429), send me an ICQ and ask me to check for you, I can check to see if you are broadcasting or not.

Good luck.

End updated section

In closing, consider yourself a graduate of Hacking Defense 101.

Freebie programs:

Zonealarm: Http://www.zonelabs.com/ (Firewall)
New Addition:Spybot S&D: http://www.safer-networking.org/
Ad-Aware has gone to a new version! Your old Ad-Aware versions will not update, you must download and install the new SE version! Find it here!: http://www.lavasoft.com/
Microsoft Anti-Spyware Beta: http://www.microsoft.com/athome/security/spyware/software/default.mspx
Trend Micro Housecall (online virus scanner): http://housecall.trendmicro.com/ (I think you need to be running I.E. for this, not firefox/opera/netscape/etc)

A note about the antivirus I am linking to... Not many free antiviruses are 'the best', but it's good to have one. Remember never to have two antiviruses running at once. You can run Ad-aware and Antivir together, but never two antiviruses. It can cause irreparable harm to your PC, depending on what type of virus scanner it is.

Also, Antivir is in german. The program is in english but the website is in german. To skip all that, go here:

http://www.avira.com/en/pages/index.php

Good luck, and happy virus squashing.

[bleen]

---

Updated 11/8/05 added some links to good products.
Updated 11/11/05 added another website for a good rootkit revealer software.

My list of anti hacking items includes

1. Get a router between you and your cable/dsl modem if you have those. Even if only one machine and use network address translation.

2. Update anti virus software on regular basis. Set to auto update is best.

3. Updates and patches to windows. Lots of security updates going on there. Very important.

4. My favorite spyware killer, Spybot, also update and use immunize feature. Spybot website also directs to some very interesting looking security software from another group. I have not tried the WinXP firewall, so can't comment. I use Zonealarm. I have added three other programs, Ad-aware, Spyblaster and Hijack this which takes a look at your registry.


5. The insecurity of accepting files into ones system without verification of safety or second best not scanning files before opening. Not only through email, but file exchanges using messengering services like IRC or ICQ etc.

6. Essential features of good passwords, using upper/lower case letters, include numbers, special symbols (?!$), etc. Eight characters minimum, not names or words even backwards. Not shared.

7. Best practice on passwords to change every 30 to 60 days if possible. But if not, to change them on some regular basis.

8. I suggest a couple of books to everyone: Always Use Protection: A Teen's Guide to Safe Computing & Computer Security for the Home and Small Office and the most comprehensive of all: Computer Security for the Home and Small Office By Thomas C. Greene ISBN: 1590593162, 448 pages These are all great guides.

9. There are a number of recommendations including in winxp turning off a number of "services". But I would not do this unless I had one of these books to let you know how and exactly which ones.

http://www.javacoolsoftware.com/index.html
go here for two good anti spyware products that can be used real time.

bleenie
aka larry
_________________
Bleen the Green
First Student
Truth Ascendant
Seer of Spirituality
Drunken Prophet

[Smogg]

---

While on the subject it might be worth in to throw in yet another catagory:
Social Engeneering
These work on diferent levels according to their skills. The most primitive will work towards getting your username as passwords as main goal.
Other than simply asking, there are many aproaches to take. Could be getting your trust and learn your username. Then maybe send a false mail looking to be from uo, concerning acccount xxx and requireing you to change the password per mail.

Getting more advanced it could be tricks on player run shards to make you use your uo login and psw to "transfer your character". Or it could be UO tools with build in functionallity to sniff your username and password.

I have myself encounted methods where hackers, spend a little time getting friendly and ooc, and then move on to talk about hacking, and the dangers of it, kindly offering to help with your computer security.
When people offer to help, it is mostly with good intentions, but watch out when the good suggestions of steps you can take turns into a series of questions regading your current security settings. Your current OS, firewall and settings are really no ones business.
_________________

[Apoc]

---

Kuja, thanks for the freebies. They really helped me out. But I have a question: Oftenly when you delete spyware, they have attached themselves with programs and they get deleted with the spyware. Is there a way to recover these files? Any programs or such?

[Dryzzid]

---

Depends on the program you use to clean them.

I use AdAware and it automatically creates copies of all deleted files, so that you can restore them whenever you wish. I'm not sure what program you're using or even what options other programs use.

[Jebidiah Jake]

---

Some advice I'd offer as far as passwords, I've hacked in the past (not UO, and not maliciously, it's a long story) and when your dictionary program doesn't work (a program the uses a list of common words/passwords and tries to use each one. For example.. "lamp/shade" -nope "pass/word" -nope, etc.) try and find out some information on the victim, if you can gain access to "my documents" you can find out information on family and friends often. My point is not to make a hacking tutorial *laughs* but rather to make a point: Don't use words, don't use pets, don't use family members or loved one's names or birthdays, dates etc. make something COMPLETELY random up, download a keygen for some random game and use whatever pops up, put some random letters and symbols in (alternate caps at random intervals LikE thIs. [DoNt Do It LiKe ThIs, it's too common]) and write it down next to your computer or put it in your wallet or something, you don't have to memorize it. It shouldn't be easy to remember, remember if worse comes to worse and you forget it you can call customer support and they will give it to you.

-Hope I helped.

[Teh Glouris Lrod Kujabis]

---

UPDATED! There is a new Ad-Aware out. I've been scanning for five minuites and found 100 things the last one didn't!

Go get it!

[Dryzzid]

---

Thanks for the update man, found 45 new objects
_________________
Dryzzid#5091 | 74503058

[Reminisence]

---

Thanks for the update Kuja lol I almost thought I was imaging it but I ran my scanners and stuff today for a while and there was NOTHING!!! WOOHOO, thats the FIRST time Ive ever done that and found nothing lol

[Teh Glouris Lrod Kujabis]

---

Light update.

[bleen]

---

Added a couple of updates to my post with more links. The rootkit revealer is important as it will reveal hidden programs installed on your machine. This can include keyloggers and trojan programs.
_________________
Bleen the Green
First Student
Truth Ascendant
Seer of Spirituality
Drunken Prophet

[Teh Glouris Lrod Kujabis]

---

Kinda funny that I decided to come post and make mention of rootkit scanning being added to Antivir, and here Bleen beat me to the punch a year and a half ago

For those of you that have Avira Antivir, go update and it'll ask you to reboot. Do so, it'll tell you in the lower right corner about Rootkits. Click yes, go to modity, turn the rootkit checkbox on, let it do its thing, reboot again, and voila. It is worth giving the rootkit search a go once you've rebooted.