Warning of a potential keylogger script running on the forum
Posted: Tue Jul 24, 2018 5:13 pm
Hey guys!
I really hate to do this kind of stuff, but better announce it now and letting people be prepared than to shut up about it and see it pop-up for others.
What's following is only an assumption, but all the hints I could gather points toward this.
I got some kind of bad news for some of you.
Seems like some kind of system/software/virus/whatever might have been placed in one way or another which act as a keylogger.
I haven't done a lot in the recent week in terms of checking stuff online so it's not that hard for me to get an idea of where things might have gone wacky.
Today, I have received an email from a prick telling me that he know one of my password (he does give it out).
That password is the password I use on this forum and it's different from my other passwords.
(Usually, when I join a forum or other kind of system that has a database that can be cracked open more easily than something like the server of a bank system, I use an unique password. After all, a forum like this uses a relatively "open" system that can be cracked open like an eggs relatively easily if you know what you have to do.)
This is what makes me warn you as I'm usually using the Private mode whenever I'm on the web (especially forums) as it clear the cache after closing it automatically. (Making it more secure if, next time, something tries to get access to that cache.)
Now, I'm not saying that the forum itself is affected, but more that there's potentially something on it that do act as a keylogger.
Here's the 3 potentials sources which could have "acted" as keyloggers:
• The forum itself. If there's some code inserted into it while the administration wouldn't be aware of it.
I doubt that this is the case because it would have surfaced like a plague.
• An advertisement API being exploited by an exterior party.
For those who doesn't understand, basically an ads also act as a local keylogger. For sure, if the keylogger would have been installed outside of the browser, it wouldn't be as easy and many would have been receiving some notice that something is fishy by their PC security (be it anti-virus, web security, etc.)
This means that it could be a passive thing that only affect the forum's website such as a keylogger that only scan while it's on the page and only scan activity in the forum's page. (Basically, registering all inputs done while the page with the funky ads is loaded.)
• Through a Vimeo's video, the keylogger could have been loaded.
In the last week, the only kind of stuff that has been "loaded" through my PCs are YouTube and Vimeo. The thing though is that, in relation to this forum, I only have watched embedded Vimeo videos up to now in my private message. I'm not pointing fingers and I won't share the name of those who have PM me just out of fear.
For now, I did have replied to the scammer as there are many things that doesn't make sens in his demand while, at least, the Password was actually the password of this forum and it's not a word you find in a dictionary. Basically, he contacted me through a different email from the one I have used for the forum. He did it through one of the most easiest one to find which is on my Freelance Website. (If you know the name of my freelance business which I have already displayed around on the forum, it's not hard to find it in the next minute.)
People who would have access to more than the forum information would mostly have contacted me through another email, knowing that it's more "hidden" and less public. Funny enough, I guess this is due to the fact that the email I have used for this forum hasn't been shared yet on the forum. The guy haven't done a really good job at hunting up my info.
There's also another point that made me wonder... and that's the fact that the amount requested out of me was relatively higher than the usual scamming amount, if I look at other example online. The scammer asked me for $7,000 to be paid in Bitcoins. Usually, this kind of scam doesn't aim so high and goes for around $500 to $600 as it's clearly not everyone who has so much money as $7,000 in their bank account. This means that the scammer has an idea that I may be able to afford such a price (which I am not btw). I shouldn't have to remind that the subject of this forum is primarily products that range at grand (1,000) as a entry-level.
There's the possibility that the scammer might be one of us or someone who has access to the forum's database up to a point.
Still, there are the points that point toward the forum as the source:
• Unique password that is only used on the Forum.
• The scammer is aware that I "might" be able to afford $7,000
• $7,000 is an amount that could be easily linked to Real Size Dolls' purchases.
• The scammer was able to link this account to my business which, to be honest, can't easily be done unless I have stated it.
I haven't wrote that I'm a freelance and haven't given my business name for quite a while, prior to this forum. You could say that this forum is the most "up-to-date" source of information on it with the exception of Facebook which I use 1-2 times per month.
If the scammer ever reply to me as I asked me for more proof that a single password that's only used on 1 forum on the web, I'll give you an update.
In case you wonder what he "will do" if I don't pay him...
Basically he supposedly have recorded me going onto porn website and have recorded it with my webcam and If I didn't pay him back in 24 hours or if I replied to him, he would have send the video to my 9 contacts. (Who are those 9 mysterious contacts? I don't know.)
By the way, funny fact is that my only webcams are the ones on my phone and tablet as well as the one on my laptop. I haven't visited this website with neither my phone nor tablet so there shouldn't be any kind of trace related to the password I was used on this forum. The laptop webcam... well... if he did was able to make it run, that means he would have done quite a lot to make it work as it's not just turned off by software, but I cleaned everything in the PC about it up to the point where Windows doesn't even detect that I got a webcam in the laptop.![Razz :P](./images/smilies/icon_tongue.gif)
Just in case... if it wasn't a keylogger or the database being hacked, it could simply be a kind of password analytic system.
I can't tell if there's anything kind of security measure on the forum when it comes to having an massive amount of failing attempt to login.
If an admin can have access to such things as the amount of failed attempt to login with an account on the forum, we could rule out this possibility.
What's a password analytic system? It's a software that tries many variation of password to enter another system.
To be honest, when I decided of a password for my account on this forum, I took a really simple password with no symbols nor number. Just minuscules letters. The weakest kind obviously. A word I have though on the spot. If you were to use a password analytic system and tryout combination of only the letters, it could easily be cracked on a system that doesn't have anything against repetitive failures to log in. This forum uses a really basic and unprotected system that can easily be countered. (I tried it by entering my account and a wrong password.)
I don't want people to stress over all of this.
If this only happens to me, this means that it truly is a keylogger from another source or maybe from one of the PM I have received in here.
I did made things relatively simple for anyone with a bit of a brain to be able to do it: writing about my freelance job and having a simple password.
Makes it easy to get access to my business email address.
In a way, that's why I didn't care as making things unique each time allows me to easily retrace things.
Of course, I have already changed my password on the forum. It's now much more complex, but still unique and different from all my other password.
Wonder if another scammer will try to ask for money with that new password?
I really hate to do this kind of stuff, but better announce it now and letting people be prepared than to shut up about it and see it pop-up for others.
What's following is only an assumption, but all the hints I could gather points toward this.
I got some kind of bad news for some of you.
Seems like some kind of system/software/virus/whatever might have been placed in one way or another which act as a keylogger.
I haven't done a lot in the recent week in terms of checking stuff online so it's not that hard for me to get an idea of where things might have gone wacky.
Today, I have received an email from a prick telling me that he know one of my password (he does give it out).
That password is the password I use on this forum and it's different from my other passwords.
(Usually, when I join a forum or other kind of system that has a database that can be cracked open more easily than something like the server of a bank system, I use an unique password. After all, a forum like this uses a relatively "open" system that can be cracked open like an eggs relatively easily if you know what you have to do.)
This is what makes me warn you as I'm usually using the Private mode whenever I'm on the web (especially forums) as it clear the cache after closing it automatically. (Making it more secure if, next time, something tries to get access to that cache.)
Now, I'm not saying that the forum itself is affected, but more that there's potentially something on it that do act as a keylogger.
Here's the 3 potentials sources which could have "acted" as keyloggers:
• The forum itself. If there's some code inserted into it while the administration wouldn't be aware of it.
I doubt that this is the case because it would have surfaced like a plague.
• An advertisement API being exploited by an exterior party.
For those who doesn't understand, basically an ads also act as a local keylogger. For sure, if the keylogger would have been installed outside of the browser, it wouldn't be as easy and many would have been receiving some notice that something is fishy by their PC security (be it anti-virus, web security, etc.)
This means that it could be a passive thing that only affect the forum's website such as a keylogger that only scan while it's on the page and only scan activity in the forum's page. (Basically, registering all inputs done while the page with the funky ads is loaded.)
• Through a Vimeo's video, the keylogger could have been loaded.
In the last week, the only kind of stuff that has been "loaded" through my PCs are YouTube and Vimeo. The thing though is that, in relation to this forum, I only have watched embedded Vimeo videos up to now in my private message. I'm not pointing fingers and I won't share the name of those who have PM me just out of fear.
For now, I did have replied to the scammer as there are many things that doesn't make sens in his demand while, at least, the Password was actually the password of this forum and it's not a word you find in a dictionary. Basically, he contacted me through a different email from the one I have used for the forum. He did it through one of the most easiest one to find which is on my Freelance Website. (If you know the name of my freelance business which I have already displayed around on the forum, it's not hard to find it in the next minute.)
People who would have access to more than the forum information would mostly have contacted me through another email, knowing that it's more "hidden" and less public. Funny enough, I guess this is due to the fact that the email I have used for this forum hasn't been shared yet on the forum. The guy haven't done a really good job at hunting up my info.
There's also another point that made me wonder... and that's the fact that the amount requested out of me was relatively higher than the usual scamming amount, if I look at other example online. The scammer asked me for $7,000 to be paid in Bitcoins. Usually, this kind of scam doesn't aim so high and goes for around $500 to $600 as it's clearly not everyone who has so much money as $7,000 in their bank account. This means that the scammer has an idea that I may be able to afford such a price (which I am not btw). I shouldn't have to remind that the subject of this forum is primarily products that range at grand (1,000) as a entry-level.
There's the possibility that the scammer might be one of us or someone who has access to the forum's database up to a point.
Still, there are the points that point toward the forum as the source:
• Unique password that is only used on the Forum.
• The scammer is aware that I "might" be able to afford $7,000
• $7,000 is an amount that could be easily linked to Real Size Dolls' purchases.
• The scammer was able to link this account to my business which, to be honest, can't easily be done unless I have stated it.
I haven't wrote that I'm a freelance and haven't given my business name for quite a while, prior to this forum. You could say that this forum is the most "up-to-date" source of information on it with the exception of Facebook which I use 1-2 times per month.
If the scammer ever reply to me as I asked me for more proof that a single password that's only used on 1 forum on the web, I'll give you an update.
In case you wonder what he "will do" if I don't pay him...
Basically he supposedly have recorded me going onto porn website and have recorded it with my webcam and If I didn't pay him back in 24 hours or if I replied to him, he would have send the video to my 9 contacts. (Who are those 9 mysterious contacts? I don't know.)
By the way, funny fact is that my only webcams are the ones on my phone and tablet as well as the one on my laptop. I haven't visited this website with neither my phone nor tablet so there shouldn't be any kind of trace related to the password I was used on this forum. The laptop webcam... well... if he did was able to make it run, that means he would have done quite a lot to make it work as it's not just turned off by software, but I cleaned everything in the PC about it up to the point where Windows doesn't even detect that I got a webcam in the laptop.
![Razz :P](./images/smilies/icon_tongue.gif)
Just in case... if it wasn't a keylogger or the database being hacked, it could simply be a kind of password analytic system.
I can't tell if there's anything kind of security measure on the forum when it comes to having an massive amount of failing attempt to login.
If an admin can have access to such things as the amount of failed attempt to login with an account on the forum, we could rule out this possibility.
What's a password analytic system? It's a software that tries many variation of password to enter another system.
To be honest, when I decided of a password for my account on this forum, I took a really simple password with no symbols nor number. Just minuscules letters. The weakest kind obviously. A word I have though on the spot. If you were to use a password analytic system and tryout combination of only the letters, it could easily be cracked on a system that doesn't have anything against repetitive failures to log in. This forum uses a really basic and unprotected system that can easily be countered. (I tried it by entering my account and a wrong password.)
I don't want people to stress over all of this.
If this only happens to me, this means that it truly is a keylogger from another source or maybe from one of the PM I have received in here.
I did made things relatively simple for anyone with a bit of a brain to be able to do it: writing about my freelance job and having a simple password.
Makes it easy to get access to my business email address.
In a way, that's why I didn't care as making things unique each time allows me to easily retrace things.
Of course, I have already changed my password on the forum. It's now much more complex, but still unique and different from all my other password.
Wonder if another scammer will try to ask for money with that new password?