Ragnarok Online: Stopping in-game hacks

This site:
Forum
Home

Other sites:
Skill Library
Market Prices
Skill Calculator
Monster Database
Item Database
Build FAQs

Stopping Hacks
iRO Hacking
Change Password
Account Safety
Detect Keyloggers
Reporting a Hack
Chat of a Hack

Keyloggers are a form of a Trojan - malicious software that often comes disguised as a legitimate program. In the case of a keylogger, the Trojan records keystrokes and sometimes screenshots, sending them to remote attackers. As dicussed in iRO Hacking, there's real life money to be made from selling zeny and rare in-game items. Where there's money, there's bound to be criminals. And keylogging Trojans are a favorite tool in their arsenal of tricks.

How to detect a keylogger
First of all, antivirus software is not enough. This isn't to say you should not use antivirus software. You most certainly should. But for a variety of reasons outside the scope of this article, antivirus software is simply too reactive and quite often allows new threats to slip in unnoticed. Today's Trojans often disable the antivirus protection once they are on the system, so even after updates are available, it may well be too late. Here are some adjunct measures you should use to detect and remove keyloggers and other Trojans:

HijackThis: HijackThis is a free program that records running processes, startup entries, services, and other active components. It detects both legitimate and illicit applications so exercise caution when using it. For a guide to using HijackThis (and a link to download it), check out TomCoyote's HijackThis Quick Start guide.
Personal firewalls: Not all firewalls are created equal. One of the best is ZoneAlarm Personal firewall. It's free for home use and it guards against both inbound and outbound unauthorized attempts. It's great for ferreting out keyloggers - in order to compromise you, they must 'phone home'. ZoneAlarm will alert you when any application tries to access the Internet. If you don't recognize the application and you did not initiate it, you should regard the attempt as suspicious. The free ZoneAlarm can be downloaded here. A handy tutorial for installing and using ZoneAlarm can be found here. Note: If you have an Internet Security Suite installed, it already comes with a firewall (though not one as capable as ZoneAlarm). Unfortunately, you can't run two firewalls on the system, so you won't be able to use ZoneAlarm.
Antivirus software: It goes without saying that antivirus software is a must. It also needs to be kept up-to-date. Fortunately, you can get good protection from a free antivirus scanner. Three to consider: AntiVir, AVAST, and AVG. You can also use an online virus scanner if you want to get a 'second opinion' scan. (Just keep in mind that online scanners are no subsitute for installed antivirus). Two that are good (and free) include Kaspersky Online Scanner and Trend Micro's Housecall.
Rootkits: Some Trojans - particularly keyloggers - use rootkit technology to cloak their presence on the system. This can make it difficult for even antivirus software to detect. Rootkits can be revealed using SysInternal's free RootkitRevealer.

Avoiding infection
While the above free software will help you detect and/or remove a keylogging Trojan, the best cure is to prevent them in the first place.

P2P Filesharing: Tempting as it may be, using P2P networks like Kazaa, Bearshare, Gnutella, etc, is the most hazardous thing you can do to your PC. P2P networks should stand for Poison-to-Poison, because they are filled with Trojans that masquerade as game cheats, movies, music, and other coveted files. Stop using P2P and your defenses will have increased five fold.
Email and Instant Messaging: Trojans are widely spread via email and Instant Messaging. The same rules apply for both. Never, ever open attachments received unexpectedly - no matter who they appear to be from. Viruses routinely spoof the From sender, so that email attachment from your good friend is more likely being sent by a virus. Ditto for IM worms. Many even replace the IM user's away message, pointing to a link that leads to an infected website. Don't open attachments and don't click any links unless you are absolutely certain of their origin.
Pop-up ads: Spyware and adware, as well as keyloggers and other Trojans, often trick users into installing them by pretending to be free scanners, cleanup tools, registry fixers and the like. Don't click on pop-up ads. There are many free popup blockers available. One to consider is the Yahoo Toolbar.
Free servers: Free game servers may leave your system more vulnerable to compromise. Further, using free game servers is no different than shoplifting or robbing someone. Even though it may be tempting, try to resist the urge to cheat the hard working game developers who bring us iRO.

Any questions?
If you have questions or comments regarding any of the above, please post a message to our forum.