SwiftKit News

Swiftkit Website Issue Explained

One down side to SwiftKit being as popular and successful as it is, means that it has a giant target on its back. Today we unfortunately experienced the effect of that., which is a shame really as we only exist to offer a free helpful tool to players...It really is unfortunate. As always though, we aim to be as transparent about the situation as possible.

At around 3am this morning it came to my attention that someone had gained access to the domain register's account that hosts SwiftKit.net. This allowed them to transfer the SwiftKit.net domain off our account and onto their own. Once they did this they were then able to change the webserver the domain points at, to their own malicious site. The problem was that it took around 5 hours for the domain to be rightfully returned back to us. So during this time the SwiftKit.net domain was pointing to a malicious website. We'll definitely be moving to a different domain registrar in the near future.

How was the intruder able to gain access to our domain account? By using a fake ID, or identity document to convince the domain hosting company to reset the e-mail address to their own. Then all they had to do was perform a simple password reset. We're very concerned that this could even happen in the first place, and that it took so long to re-gain control. We'll be looking forward to getting as far away as possible from this domain host.

So what does this mean for you as a user? Not too much, SwiftKit itself wasn't affected at all, just the domain. However If you were unfortunate enough to click accept or yes on any JAVA popups that came up I suggest do you a virus scan straight away and once clean change your password. You should never accept any JAVA requests from sources you don't trust. (It states the source in the popup)

We have seen this specific malware can be detected and removed by Microsoft Security Essentials. If you believe you have loaded SwiftKit in this small window and accepted any rogue Java confirmations, then it would be a good idea to run a full system scan and perform the steps at the bottom of this post.

SwiftKit itself has several layers of protection built into the updater to prevent anyone from being able to push out bogus updates. The only way you could be harmed is if you download or accept something yourself.

As it stands we now have full control of our domains and have taken temporarily steps to prevent such a situation from occurring again. DNS changes have been successfully apllied to many users and they should now be directed to the right, normal site. If you still are redirected incorrectly, try clearing your browser's history and cache, and also by going to Start > search for "cmd", and type in "ipconfig /flushdns". This will ensure the right DNS address is obtained from the server. In the coming future we will be looking to implement some permanent changes to further prevent such an occurrence, abandoning our current and frustrating registrar is one of them.

We understand our well-earned reputation has been tarnished by this horrible incident, and we understand many are wary using our products in the future. That trust is going to have to be earned back, and I know for some it will be difficult. I want to personally let everyone know the safety and security of all of our users are our #1 priority. The entire SwiftKit staff, including support from our users and Jagex moderators have hopefully showed everyone that we are serious about security.

If you have any hesitations or questions please don't hesitate to ask.

For detection and removal instructions, click here.

Posted by Zpoon in SwiftKit News, Featured | 30/05/12 | 28 Comments


2012_Nimbus @ 06 2012 12:11 pm

Glad that SwiftKit is back on. I'm not at all upset with you guys for SwiftKit being hacked. SwiftKit always has my trust. Plus its my favorite browser for runescape. =p

nate @ 04 2012 10:59 am

so is the eye patch this safe to click yes?

Exit Reality @ 03 2012 10:58 pm

To clear things up, this is the yesterday situation: Problems with Swiftkit have been solved, but only the people with Norton as virus-scanner will still find Swiftkit being removed as 'dangereous'.

This is not the case, Swiftkit has sent a message to Symmantec to solve this problem, and it should be taken care of in the next couple of days.

x0 @ 03 2012 07:21 pm

yupp they fucked you harder than you thought even when i re-download the patcher trys to infect my computer and my anti-virus quickly removes swiftkit from my cpu.

Grijze Elf @ 03 2012 01:31 pm

Some people might not trust SwiftKit anymore, or not enough But I do trust you guys. This could happen to everyone and every website, I am happy that you regained control of the situation and I hope you will be maintaining swiftkit as long as rs is here.

I dont care about how someone else think bad about your reputation, but you have my vote and my trust.
And I sure hope that nearly everyone is with me on this statement.

Regards from three players of England, Holland and the United States !!

ile89 @ 03 2012 07:26 am

Exepatcher.exe is okay. It\'s part of files that manage the SK updates.

James @ 02 2012 06:18 pm

Is the Patcher.exe i get prompted to run when i open SK okay ?????

Shadow16 @ 02 2012 11:31 am

Uhh LOL I knew this day would come :l...Everytime I try to open up SK it says " You don't need to run this, SwiftKit will do it automatically. " O_o??? plus the SK icons changed lol

Saxon @ 02 2012 08:50 am

my antivirus keeps deleting swiftkit.exe every time i redownload it and says "detected by SONAR" and severity is HIGH so ye i don't think its safe at all.

Nic @ 01 2012 10:19 pm

What's up with the forums? The update thing said to check them for more information, but I keep getting dns errors. Has that been hacked too? :o

LB @ 01 2012 09:45 pm

Is it now safe to use? My antivirus shows nothing wrong.

AnneX @ 01 2012 08:27 pm

its been nearly 6 years and NOTHING has changed. Your website and affiliates have been vulnerable for 6 years I'm surprised it took someone so long to take malicious actions. Then again I'm not really surprised, and I'm also not surprised that those pathetic idiots had to use java to try to install a RAT. I could do that through a picture nearly 6 years ago.

I guess things won't change ever here, funny enough that it came to my attention


qqq @ 01 2012 06:07 pm

I was hacked

Dream @ 01 2012 04:20 pm

I got hacked...

MvP Numb @ 01 2012 02:38 pm

Hi there was just a Patch update 8:36 Am GMT+10 2/06/12
I was wondering if it is safe to download it? it's saying i need to accept Exefixer or something

mac @ 01 2012 01:04 pm

there is new new pqtch out nao should i update 22:02 gmt

BE CAREFUL - HACKING may still be going on @ 01 2012 07:03 am

This morning - it was absolutely fine.

This afternoon (3pm GMT / 4pm UK) I was asked by swiftkit to update it. I did. Then my antivirus flagged swiftkit as extremely dangerous.

I would be VERY careful of using swiftkit in the meanwhile, until the staff say its ok to do so. BUT BASICALLY, DON'T install ANY updates for swiftkit until it is safe.

Heh @ 01 2012 06:22 am

I didn't even know about this until now but never received any Java applet windows so I guess I'm safe :p

Matthew @ 01 2012 05:52 am

I don't remember having to accept a Java screen, but I did login on that day.

Haven't been hacked though and only heard about this now on 1st of June.

Mammothskier @ 31 2012 09:42 pm

thanks, found it on my computer and deleted it :)

strider3282 @ 31 2012 04:39 pm


SwiftKit != SwiftIRC. Completely different group.

If you need to report anything for SwiftKit, contact the SwiftKit Staff. Not SwiftIRC staff.

so_saucey @ 31 2012 02:46 pm

lmfao i know people that have been targeting this shit for a while the person who got into it got lucky because if he didn\'t i know people who probley would have done it by this Saturday.

GRAMMAR @ 31 2012 01:21 pm

first sentence its* not it's*

SwitchFlip @ 31 2012 10:03 am

I was curious when the page wasn't found, but Microsoft Security Essentials did infact take care of the issue for me. apparently the intruder hadn't thought about his plan much and went for the attack as soon as he realized he could gain access. Such a shame, but these things happen on the internet, and I am proud of the way SK management handled the situation. Goodwork guys.

Bloqer @ 31 2012 08:31 am

Maaan, I heard about this off of a video maker from youtube. Luckily I didn't log onto runescape today via swiftkit!

Joebob @ 31 2012 08:12 am

That was fast =)

BV1 @ 31 2012 03:40 am

All I can say is it's been coming for a long time. The way your staff manages your network is awful.

There were warnings of this happening prior to it actually happening, I know because I was warned of it yesterday, and so were SwiftIRC administrators, they just shrugged it off.

Reminds me of two months ago when I ran a vulnerability scan on SwiftKit's site and managed to find 9 pages exploitable by Blind SQLi. I warned an IRC Op (Probably the wrong person to talk to but still...) and was banned from your network for malicious acts?

Whatever, its your site and problems, but in this scenario issues were easily avoidable, and in the upcoming scenario when these SQLi vulnerable pages are discovered, I'll be ready to say I told you so.


pJ 2012 @ 31 2012 02:23 am

Glad to hear you guys have everything under control now. If everyone has a decent anti-virus, just run a scan and clear it. Even better, restore your computer or even reformat it (in extreme cases) if something goes wrong.

Too many sad kunts in this world.

Add Comment

Remember Me | Forget Me

© 2004 - 2013 - Bluelight Dev. All rights reserved.
This site is in no way affiliated with Jagex Ltd. ToS - Find us on Google+