Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 Before February 2015

Bash
Guest

39 Accounts Compromised in Account Collecting Scheme

Starting June 6th, 2012 there was a bot being passed around by the name of "Cyph1e bot."   In some versions it always gave an error, in other versions it functioned normally.   But in all versions, it sent a copy of your EE username and password to a specified email.

The accounts that were compromised are below:

LUKYS THREEWHEELDRIVE HAERDY123 KASSIDYTHEEDIT KURTV SMILEYGOD CBOT23 CHRISDITS GHOSTMW2 123 WHATAHOODA FAERATER BUTTERFLY06 CHATTENO CONMAN233 SURFING SUPERUBERAWSOME1027 YAMBOT COLIN11111 PHOENIX OSMAN5 CODEIS3111 XXKILLERXX JACOBDELEON3THOUSAND DUDUTXSUIO PANASONIC MATRIX ABRAR11 NVD BURAKALKAN123 FUNKYSMILY PONYBOT KONGREGATEFAN 000GHOST000 MOCHONOOB TTSKATE53 DJCLAYFACE SOTORKS YAMLIKA263

Also available on pastebin: http://pastebin.com/a3pmGkZJ

If your name is on this list, it is recommended that you change your password to protect your security.

If you know anyone on this list, it might be a nice move to contact them about this issue.

#2 Before February 2015

Persona
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Where is my name on the list.   Either way, This is how my account was hacked. //forums.everybodyedits.com/img/smilies/smile

#3 Before February 2015

Arceus64
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Wow, thanks for letting us know. The people who hacked these accounts are *******s.

#4 Before February 2015

Krazyman50
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

KONGREGATEFAN??
D:

#5 Before February 2015

main_gi
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Here is my reaction to each of those:

LUKYS - Not as lucky as you thought. THREEWHEELDRIVE - Now you'll be driving no wheels. HAERDY123 - Is this another reason this shared emerged? KASSIDYTHEEDIT - ? KURTV - You'll be on TV after you get known from this. SMILEYGOD - God mode. CBOT23 - 23x. CHRISDITS - Ditto. GHOSTMW2 - COD FAN ALERT. 123 - lol. WHATAHOODA - ? FAERATER - ? BUTTERFLY06 - ? CHATTENO - MACCARO. CONMAN233 - Yes. Yes. SURFING - No wonder. No freaking wonder. SUPERUBERAWSOME1027 - ? YAMBOT - ? COLIN11111 - ? PHOENIX - WRIGHT. OSMAN5 - ? CODEIS3111 - You're doing it wrong. XXKILLERXX - ? JACOBDELEON3THOUSAND - ? DUDUTXSUIO - What. What. PANASONIC - loltv MATRIX - Sad that this got taken. Or maybe not if the guys who made the program are awesome. ABRAR11 - Oh this guy was the most annoying person out there last I saw him. NVD - ??? BURAKALKAN123 - ??? FUNKYSMILY - Funky? I think not. PONYBOT - Wat. KONGREGATEFAN - Well, no wonder why he was acting suspicious. 000GHOST000 - Who's this. MOCHONOOB - I recognize this guy somewhere. TTSKATE53 - Why is this guy on the list? DJCLAYFACE - Who's this guy? SOTORKS - Who is this person? YAMLIKA263 - Oh crap. Greediness leads to trouble.

#6 Before February 2015

Persona
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

The thing is I know who did it, but I am questioning if I should releveal him because I don't want to be hacked..

#7 Before February 2015

planecool
Member
From: SN2006gy
Joined: 2015-02-17
Posts: 304
Website

Re: 39 Accounts Compromised in Account Collecting Scheme

I think you should rat on him it sucks to be hacked like it really sucks so my vote goes to ratting on him!! (i like your avator Persona) also i have EEditor and im pretty sure its the orginal can any one prove wheater or not it is...


* CYPH1E > YOU: [I'm] half bot pig man bear.

yEe4NdJb.jpg

50 dollars + salvaged computer parts.

Offline

#8 Before February 2015

Persona
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

I am pretty sure I will once I set up my new stuffs //forums.everybodyedits.com/img/smilies/smile

#9 Before February 2015

ThuggishPrune
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Well Maybe you shouldn't expose him. It could lead to more trouble

#10 Before February 2015

Smileygod
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Thanks for letting me know, Bass. One thing I knew there was some guy named GBBOT saying "Krock's Bot is laame!! Use Cyph1e instead." *gives link* And the next thing I knew I got hacked.
EDIT: Either Chris or any EE Admin is reading this or not: GET THE IP OF GBBOT (in game) AND BAN HIS IP ADDRESS. (Unless he is using a proxy)

Last edited by Smileygod (Jun 27 2012 11:31:10 pm)

#11 Before February 2015

iYam
Banned

Re: 39 Accounts Compromised in Account Collecting Scheme

main_gi wrote:

Here is my reaction to each of those:

LUKYS - Not as lucky as you thought. THREEWHEELDRIVE - Now you'll be driving no wheels. HAERDY123 - Is this another reason this shared emerged? KASSIDYTHEEDIT - ? KURTV - You'll be on TV after you get known from this. SMILEYGOD - God mode. CBOT23 - 23x. CHRISDITS - Ditto. GHOSTMW2 - COD FAN ALERT. 123 - lol. WHATAHOODA - ? FAERATER - ? BUTTERFLY06 - ? CHATTENO - MACCARO. CONMAN233 - Yes. Yes. SURFING - No wonder. No freaking wonder. SUPERUBERAWSOME1027 - ? YAMBOT - ? COLIN11111 - ? PHOENIX - WRIGHT. OSMAN5 - ? CODEIS3111 - You're doing it wrong. XXKILLERXX - ? JACOBDELEON3THOUSAND - ? DUDUTXSUIO - What. What. PANASONIC - loltv MATRIX - Sad that this got taken. Or maybe not if the guys who made the program are awesome. ABRAR11 - Oh this guy was the most annoying person out there last I saw him. NVD - ??? BURAKALKAN123 - ??? FUNKYSMILY - Funky? I think not. PONYBOT - Wat. KONGREGATEFAN - Well, no wonder why he was acting suspicious. 000GHOST000 - Who's this. MOCHONOOB - I recognize this guy somewhere. TTSKATE53 - Why is this guy on the list? DJCLAYFACE - Who's this guy? SOTORKS - Who is this person? YAMLIKA263 - Oh crap. Greediness leads to trouble.

It's fun how you have to give your opinion about every person in that list. I did try this bot and this way and another way I gave my account info to public. I changed my password once to a hard password but I don't know if I should change it again. Can anybody who has the list PM me my password so I know if it's the current one I have?

#12 Before February 2015

Persona
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

GBBot is what I named the zip for abrar11's guest bot.
I had nothing to do with another GBBot with a virus.

the one I was distributing was legit.

ThuggishPrune wrote:

Well Maybe you shouldn't expose him. It could lead to more trouble

And I dunno yet.

Last edited by Persona (Jun 28 2012 1:41:58 am)

#13 Before February 2015

Smileygod
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Persona wrote:

GBBot is what I named the zip for abrar11's guest bot.
I had nothing to do with another GBBot with a virus.

the one I was distributing was legit.

ThuggishPrune wrote:

Well Maybe you shouldn't expose him. It could lead to more trouble

And I dunno yet.

Eh. The guy who gave ME the bot was named GBBOT.

#14 Before February 2015

capasha
Member
Joined: 2015-02-21
Posts: 4,066

Re: 39 Accounts Compromised in Account Collecting Scheme

One more reason to lookup the program before login and run like everything is safe.

Offline

#15 Before February 2015

Bash
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

iYam wrote:

<snip>
It's fun how you have to give your opinion about every person in that list. I did try this bot and this way and another way I gave my account info to public. I changed my password once to a hard password but I don't know if I should change it again. Can anybody who has the list PM me my password so I know if it's the current one I have?

I can confirm that your password no longer matches the one you entered.

#16 Before February 2015

5lin65h07
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Cyph1e bot = ILLEGAL. ban this bot now!!!!

this will happen if this keeps going:

Cyph1e bot = accounts hacked = more accounts being hacked = admins being hacked = soon ALL accounts are hacked = chris has no money now that his account has been hacked by Cyph1e bot = EE is dead thanks to Cyph1e bot.

Last edited by 5lin65h07 (Jun 28 2012 10:11:25 am)

#17 Before February 2015

Gaming_Guy
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

And this is why you don't go downloading bots like a maniac.

#18 Before February 2015

Krock
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

oh good, I'm not on this list.
then I also have the orginal cyph1e bot...nice to know //forums.everybodyedits.com/img/smilies/smile

to all peoplas who suspect me: I just can say, I'm not ggbot

Last edited by Krock (Jun 28 2012 10:50:23 am)

#19 Before February 2015

Gaming_Guy
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

Krock wrote:

oh good, I'm not on this list.
then I also have the orginal cyph1e bot...nice to know //forums.everybodyedits.com/img/smilies/smile

to all peoplas who suspect me: I just can say, I'm not gbbot

At first I thought they said GGBot, but it turned out to be false.

#20 Before February 2015

Undead04
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

doh wrote:

One more reason to lookup the program before login and run like everything is safe.

#21 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: 39 Accounts Compromised in Account Collecting Scheme

In reality the user 'gbbot' doesnt exist, however 'ggbot' does.

It's a new account that was created 8/05/2012 2:51:05 AM~

It has only visited 24 worlds, however for some reason it doesn't list the IDs of the worlds
which it normally would. Oh well.

If anyone has the rigged program send it to my email in my signature. :3

EDIT: I have obtained the program from a source, I'll start looking at the PE information and
obtaining some reliable information. Let's see how this goes.

The EEDitor was obfuscated, an obvious intention of hiding something. I de-obfuscated it and decompiled it, so far I see nothing about collecting accounts.

The .RAR included krock's bot also, which may have what I'm looking for.

The GBOT was obfuscated as well with Skater.NET obfuscator, time to look at its source. :3

Last edited by ?tilla (Jun 28 2012 12:28:55 pm)


signature.png
*u stinky*

Offline

#22 Before February 2015

Zakleo
Guest

Re: 39 Accounts Compromised in Account Collecting Scheme

How the **** do you know that...?

#23 Before February 2015

lrussell
Member
From: Saturn's Titan
Joined: 2015-02-15
Posts: 843
Website

Re: 39 Accounts Compromised in Account Collecting Scheme

Zakleo wrote:

How the **** do you know that...?

An undisclosed source has given us the bot in question, and we are now examining it. Please wait while we check for anything that might give us a clue of who is behind this.

Last edited by lrussell (Jun 28 2012 12:30:25 pm)

Offline

#24 Before February 2015

capasha
Member
Joined: 2015-02-21
Posts: 4,066

Re: 39 Accounts Compromised in Account Collecting Scheme

?tilla wrote:

In reality the user 'gbbot' doesnt exist, however 'ggbot' does.

It's a new account that was created 8/05/2012 2:51:05 AM~

It has only visited 24 worlds, however for some reason it doesn't list the IDs of the worlds
which it normally would. Oh well.

If anyone has the rigged program send it to my email in my signature. :3

EDIT: I have obtained the program from a source, I'll start looking at the PE information and
obtaining some reliable information. Let's see how this goes.

The EEDitor was obfuscated, an obvious intention of hiding something. I de-obfuscated it and decompiled it, so far I see nothing about collecting accounts.

The .RAR included krock's bot also, which may have what I'm looking for.

It shouldnt be in EEditor. It should be named "Cyph1e bot".
We have already decompiled it before. Thats how bass found out the logger.
It wasn't obfuscated or anything. Coded in C# I guess.

Offline

#25 Before February 2015

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: 39 Accounts Compromised in Account Collecting Scheme

Yeah, I see now that after examining it, it doesn't contain anything harmful.
Aha, okay. So. The first bot obtained was false, now we have the real one I'm pretty sure.

Alright, the email scam was sent to "<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="e68788898896948390838892a6818b878f8ac885898b">[email  protected]</a><script cf-hash='f9e31' type="text/javascript"> /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */</script>"

The password to the email was changed 32 hours ago. And the real life name of the person who made
the scam is Austin.

Last edited by ?tilla (Jun 28 2012 12:46:06 pm)


signature.png
*u stinky*

Offline

Bash 142391289748535

Board footer

Powered by FluxBB

[ Started around 1731790764.8619 - Generated in 0.076 seconds, 12 queries executed - Memory usage: 1.71 MiB (Peak: 1.94 MiB) ]