1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All RapidShare premium account holders, please read

Discussion in 'BlackHat Lounge' started by minute80, Feb 13, 2010.

  1. minute80

    minute80 Regular Member

    Joined:
    Dec 3, 2008
    Messages:
    310
    Likes Received:
    81
    I have reasons to believe that using a JDownload will get your passwords stolen, or that Rapidshare was hacked. I need you to check your Rapidshare premium accounts and reply in this thread, if your accounts have been shared by third parties.
    Please, continue reading.

    I received an email from Rapidshare telling me that my account has been shared. And yes, logs (access them from your account settings, view logs) showed activity originating from Indian IPs (I am not from India), downloading all kinds of stuff. After that I started my analysis.
    Just few things to be clear before I continue:

    1. I bought my own, never shared Rapidshare account.
    2. I never used my login and pass on any site besides original Rapidshare one. I always check the url of browser before entering my credentials.
    3. I used JDownload to automate my downloads.
    4. I download on fully patched, original Windows XP machine behind OpenWRT Linux router and firewall, with free Avast Anti-virus installed.

    Since I am in IT field for real, I immediately started repairing the possible and potential damage:

    1. Since I couldn't put my trust into Avast, I downloaded NOD32.
    2. From my developer Linux fully updated machine, running behind yet another firewall, I changed all my password, on all sites.

    This actions resulted in following results:

    1. After NOD32 scan, no malware has been detected.
    2. Only my Rapidshare account was used by other entities. I use around 20 other services that require valid credentials (emails, hosting, VPNs, forums, money transfer services etc.), and none of them logged any suspicious activity or access from IPs not originating from my country.
    3. After I changed my Rapidshare password, no other IPs have been using my account.

    So, I can say that I pinpointed the problem to only two causes:

    1. Rapidshare was hacked.
    2. JDownload shares Rapidshare credentials.

    Since I don't have time to dissect Jdownload and see what traffic does it send out, I would like that those who read this, check their View log stats on their Rapidshare account page and tell me if they see anything that shouldn't be there. Also in your reply write if you use JDownload or not. Thank you!
     
  2. minute80

    minute80 Regular Member

    Joined:
    Dec 3, 2008
    Messages:
    310
    Likes Received:
    81
    Anyone?
     
    Last edited: Feb 13, 2010
  3. Gradimir Stankovic

    Gradimir Stankovic Power Member

    Joined:
    Jan 10, 2010
    Messages:
    737
    Likes Received:
    845
    Location:
    404 not found
    I used Jdownloader with premium before and never had any problems.
    Check your computer with Malwarebytes.
     
  4. Nitros

    Nitros Power Member

    Joined:
    Jan 30, 2009
    Messages:
    573
    Likes Received:
    295
    where did you download jdownloader ?
     
  5. minute80

    minute80 Regular Member

    Joined:
    Dec 3, 2008
    Messages:
    310
    Likes Received:
    81
    From sf.net. My account is also over a year old, and never had problems till today. Judging by Traffic log this has been going on for sometime, and until yesterday I have never received any msg from rapidshare. That is the reason why I ask others to check their rapidshare traffic logs.
    Another point that you are missing is that after I changed my password and stopped using JDownload, no suspicious access was logged. Malware would immediately send data to the user, and it would probably continue with the same actions.
     
    Last edited: Feb 13, 2010
  6. dexan

    dexan Newbie

    Joined:
    Aug 11, 2009
    Messages:
    2
    Likes Received:
    0
    there are tons of rapidshare leech sites around. i was wondering from where they pop up so quickly. it is imposible for them to use a few accounts to provide such a service. you maybe right, rapid and other file servers are hacked and accounts are published on some forum, but which one i am not sure...
     
  7. MrSmith

    MrSmith Newbie

    Joined:
    Sep 15, 2009
    Messages:
    43
    Likes Received:
    88
    It's just like porn-pass forums...How do those guys get those passes? It must be some sort of botnet that just collects rapidshare info and sends back to author who sells it to those sites for XX-money. Otherwise those sites can't run around!
     
  8. helgeschneider

    helgeschneider Registered Member

    Joined:
    May 15, 2009
    Messages:
    89
    Likes Received:
    65
    I was in that szene a while 1.5 years ago. Simple phishing sites and accounts sold for 2$ for 1k account.

    Regarding JDownloader I never had any problems, too. Problem must be on your site.