One down side to SwiftKit being as popular and successful as it is, means that it has a giant target on its back. Today we unfortunately experienced the effect of that., which is a shame really as we only exist to offer a free helpful tool to players...It really is unfortunate. As always though, we aim to be as transparent about the situation as possible.
At around 3am this morning it came to my attention that someone had gained access to the domain register's account that hosts SwiftKit.net. This allowed them to transfer the SwiftKit.net domain off our account and onto their own. Once they did this they were then able to change the webserver the domain points at, to their own malicious site. The problem was that it took around 5 hours for the domain to be rightfully returned back to us. So during this time the SwiftKit.net domain was pointing to a malicious website. We'll definitely be moving to a different domain registrar in the near future.
How was the intruder able to gain access to our domain account? By using a fake ID, or identity document to convince the domain hosting company to reset the e-mail address to their own. Then all they had to do was perform a simple password reset. We're very concerned that this could even happen in the first place, and that it took so long to re-gain control. We'll be looking forward to getting as far away as possible from this domain host.
So what does this mean for you as a user? Not too much, SwiftKit itself wasn't affected at all, just the domain. However If you were unfortunate enough to click accept or yes on any JAVA popups that came up I suggest do you a virus scan straight away and once clean change your password. You should never accept any JAVA requests from sources you don't trust. (It states the source in the popup)
We have seen this specific malware can be detected and removed by Microsoft Security Essentials. If you believe you have loaded SwiftKit in this small window and accepted any rogue Java confirmations, then it would be a good idea to run a full system scan and perform the steps at the bottom of this post.
SwiftKit itself has several layers of protection built into the updater to prevent anyone from being able to push out bogus updates. The only way you could be harmed is if you download or accept something yourself.
As it stands we now have full control of our domains and have taken temporarily steps to prevent such a situation from occurring again. DNS changes have been successfully apllied to many users and they should now be directed to the right, normal site. If you still are redirected incorrectly, try clearing your browser's history and cache, and also by going to Start > search for "cmd", and type in "ipconfig /flushdns". This will ensure the right DNS address is obtained from the server. In the coming future we will be looking to implement some permanent changes to further prevent such an occurrence, abandoning our current and frustrating registrar is one of them.
We understand our well-earned reputation has been tarnished by this horrible incident, and we understand many are wary using our products in the future. That trust is going to have to be earned back, and I know for some it will be difficult. I want to personally let everyone know the safety and security of all of our users are our #1 priority. The entire SwiftKit staff, including support from our users and Jagex moderators have hopefully showed everyone that we are serious about security.
If you have any hesitations or questions please don't hesitate to ask.
For detection and removal instructions, click here.
To clear things up, this is the yesterday situation: Problems with Swiftkit have been solved, but only the people with Norton as virus-scanner will still find Swiftkit being removed as 'dangereous'.
This is not the case, Swiftkit has sent a message to Symmantec to solve this problem, and it should be taken care of in the next couple of days.
Some people might not trust SwiftKit anymore, or not enough But I do trust you guys. This could happen to everyone and every website, I am happy that you regained control of the situation and I hope you will be maintaining swiftkit as long as rs is here.
I dont care about how someone else think bad about your reputation, but you have my vote and my trust.
And I sure hope that nearly everyone is with me on this statement.
Regards from three players of England, Holland and the United States !!
its been nearly 6 years and NOTHING has changed. Your website and affiliates have been vulnerable for 6 years I'm surprised it took someone so long to take malicious actions. Then again I'm not really surprised, and I'm also not surprised that those pathetic idiots had to use java to try to install a RAT. I could do that through a picture nearly 6 years ago.
I guess things won't change ever here, funny enough that it came to my attention
This morning - it was absolutely fine.
This afternoon (3pm GMT / 4pm UK) I was asked by swiftkit to update it. I did. Then my antivirus flagged swiftkit as extremely dangerous.
I would be VERY careful of using swiftkit in the meanwhile, until the staff say its ok to do so. BUT BASICALLY, DON'T install ANY updates for swiftkit until it is safe.
I was curious when the page wasn't found, but Microsoft Security Essentials did infact take care of the issue for me. apparently the intruder hadn't thought about his plan much and went for the attack as soon as he realized he could gain access. Such a shame, but these things happen on the internet, and I am proud of the way SK management handled the situation. Goodwork guys.
All I can say is it's been coming for a long time. The way your staff manages your network is awful.
There were warnings of this happening prior to it actually happening, I know because I was warned of it yesterday, and so were SwiftIRC administrators, they just shrugged it off.
Reminds me of two months ago when I ran a vulnerability scan on SwiftKit's site and managed to find 9 pages exploitable by Blind SQLi. I warned an IRC Op (Probably the wrong person to talk to but still...) and was banned from your network for malicious acts?
Whatever, its your site and problems, but in this scenario issues were easily avoidable, and in the upcoming scenario when these SQLi vulnerable pages are discovered, I'll be ready to say I told you so.
Glad to hear you guys have everything under control now. If everyone has a decent anti-virus, just run a scan and clear it. Even better, restore your computer or even reformat it (in extreme cases) if something goes wrong.
Too many sad kunts in this world.