Warning - Keylogger Link Sent via PM

[Kamloops]

Not sure where to post this -

I recieved a PM and it wants you to go to a site, DOT NOT GO THERE

Do not go to edit by mod - it'll be a bit easier for people not to go there if you didn't post the link

I believe it will install a keylogger on your machine! I somehow got into the root of the site and was able to look at all the files, I downloaded a couple of TXT files named MK-keylog.txt and REG-160-keylog.txt. The contents of those files are information logged which looks like conversations with Tech Support at Register.com
They may have installed a keylogger there?

This is really bad, I am not sure if I have it installed on my machine but as soon as I went to that site I knew something was not right as it just says wait 10 seconds, I stopped it right away and then somehow got into the root, so I snooped around there.

This must be how the domains are been stolen! If anyone wants the TXT files let me know.

And if you have an idea on how I can check to see if I have a keylogger intstalled please PM me.

I see the member is Banned now.

This is the PM from a Member -

Atech
Banned
Trader Rating: (0)
Join Date: Mar 2008

domains about
your domains with 450$ for me
okay ?
my list istnight.com look at , 16k$ ..

 

[Smith]

why would you link the domain then??

 

[bro]

Remove www from the link and dont keep it alive for others to click.

 

[Kamloops]

To warn everyone if they see that do not go there.

How else would I warn you! This is serious stuff.

Prefer I say nothing?

 

[bro]

To warn everyone if they see that do not go there.

How else would I warn you! This is serious stuff.

Prefer I say nothing?

Do not leave live link (backlink) for that site, its enough to know the site name.

 

[Gene]

Clickable link removed.

 

[Kamloops]

Sorry I did not mean to make it clickable. Just want to get the work out thought it is very important.

 

[TheBulldog]

Darn it, now I can't click it.

I wanted a keylogger just like the cool kids.

 

[[email protected]]

Thanks for the info pal!

 

[Gene]

Darn it, now I can't click it.

I wanted a keylogger just like the cool kids.

Actually, you may click it all you want

 

[theSun]

lol =.=

 

[trsaso]

Thanks for warning

 

[lzy]

Wow, a keylogger can be loaded through a website? :o

 

[Kamloops]

Here is some of the stuff from one of the files I grabbed - can anyone translate?
These files are big, lot of info. I was going to post them but not a good idea.

yanii
alsin da sakliyordum
ama lvl düþük olun ca artik iþimize yaramayacak diye dün gece satmiþtim
uuok
sen lvl kaçsin
ok
sana malzeme bulursam ayiririm
ok
uumkasmami istermisin seni
veya bu hell cerberus nedir
h.g seba
seni kirdiðim için çok özürdilerim
mbeklermisin beni meydan da
m750000
hayir yaa
bendede var para
ben de var yaaa
500000
ok
depo doluu
girtlaða kadar büyük enerji ilee
100000

 

[cskanna]

Thanks for the info pal!

 

[Kamloops]

Holy Crap, I have been looking through these keylog files,

There is a lot of private info in thiese files!

I was not sure if it was for real and so I checked on id and password out for a yahoo mail account and it was good.

Wonder who I should let know? Yahoo? Register.com?

 

[Gene]

Holy Crap, I have been looking through these keylog files,

There is a lot of private info in thiese files!

I was not sure if it was for real and so I checked on id and password out for a yahoo mail account and it was good.

Wonder who I should let know? Yahoo? Register.com?

Notify his ISP first and foremost! Then contact any service he's collected data on.

 

[Kamloops]

What I dont get since this member was banned why did whoever ban him not send out or post a warning, we have to watch out for each other here as this crap is becoming rampant!

 

[TheBulldog]

How?

Just really how were you able to get into the root? If he is smart enough to set up a server with keyloggers to pull data, I find it a bit silly that he somehow managed to forget to lock it down like any other server.

There are other turkish sites on that server as well:
http://oversoldhost.com/?s=istnight.com&submit=Lookup

They all seem to be registered to people in Turkey so I will just assume it is all owned by the same person.

Not doubting you, just seems weird that you found these files so easily.

Not that I am going to go there and click around.

 

[Kamloops]

How?

Just really how were you able to get into the root? If he is smart enough to set up a server with keyloggers to pull data, I find it a bit silly that he somehow managed to forget to lock it down like any other server.

There are other turkish sites on that server as well:
http://oversoldhost.com/?s=istnight.com&submit=Lookup

They all seem to be registered to people in Turkey so I will just assume it is all owned by the same person.

Not doubting you, just seems weird that you found these files so easily.

Not that I am going to go there and click around.

I have no idea what I did it was strange.

I clicked on the link in the PM and it took me there. A popup came up and on the main screen it said something like wait 10 seconds with this little turning thing. I knew this was bad so I backed out, not sure what I did but then I was at the root with full access to all the files, I looked around through the directories and found some txt file which I grabbed. I knew right away it was some sore of keylogger as some files were named as such.

Some how I ended up refreshing and the regular site came up. I closed i down right away.

I am been truthful here. I figured people would be happy for the warning.

Really one of the mods knew about this and said nothing, the guy got banned for some reason. IMO that is just wrong.

 

[Gene]

Really one of the mods knew about this and said nothing, the guy got banned for some reason. IMO that is just wrong.

Now wait a minute here. Please stop making accusations. It is GREAT that you have exposed this publicly. Good job. But do you know why this member got banned? Do you really think if a mod had the facts that you have that they would not have created a similar public warning? I personally don't know why he was banned in the first place, but I suspect it was for other bad actions. We deal with hundreds of banned people every day, and if we publicly warned everybody about every important 'incident', you'd have to weed though a lot of crap every day to get to the good stuff on NamePros. RJ and crew do an outstanding job of bringing to light any threat to NP members. Perhaps he will see fit to post a public warning about this as well. Have you contacted him? I suggest you do, as you have the details he would need to make such an announcement without the threat of a lawsuit. We rely on members like you to report what you know, so we can do whatever is necessary.

 

[stscac]

You can reach this web site only with Internet Explorer Browser

-Steve

 

[copper]

You can reach this web site only with Internet Explorer Browser

-Steve

Version 6 to be exact

PM said:
If you use , it* isn't opened FFand Opera ,İE7
use İE6

And I use FF :hehe:

 

[Kamloops]

When I first used it it was with firefox, then they changed something maybe that is how I was able to see the contents

All I am saying is members are coming forward to me to say they also received the PM and they too clicked on it. The guy did not leave any posts so I can only assume that is what he was banned. So someone knew something was not right???

A warning not to go to the site would have been the right thing to do, and it is still the right thing to do. It like the city putting up a Traffic light after an accident in an intersection

This is a very serious matter but I don't think it is been taken that serious.

 

[duceman]

Thanks for the info