| View previous topic :: View next topic |
| Author |
Message |
Rinku
Joined: 02 Feb 2003
Posts: 690
|
 Posted: Sat Nov 25, 2006 5:10 pm Post subject: SOJ HYJACKED BY UNWORLD VIRUS |
 |
|
rpgcreations.com/
For some reason the RPGCreations site (different from studioeres.com/games/) has been replaced by a spam-site. I suspect the unworld.
Worse: the file itself on castleparadox has mysteriously been replaced by a virus. Fyre's not online so I can't ask him about it, but until then nobody download SoJ from the "official" sites, including the link on CP's games list. (One site that *does* work for the game, virus-free, is http://demonews.com/download-2778.html).
_________________
Tower Defense Game |
|
| Back to top |
|
 |
Inferior Minion
Metric Ruler
Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA
|
| Posted: Sat Nov 25, 2006 5:45 pm Post subject: |
|
|
| Rinku wrote: | | Worse: the file itself on castleparadox has mysteriously been replaced by a virus. |
What do you mean?? Which file exactly? I'll be sure to look into it!
_________________
|
|
| Back to top |
|
|
Moogle1
Scourge of the Seas
Halloween 2006 Creativity Winner
Joined: 15 Jul 2004
Posts: 3377
Location: Seattle, WA
|
| Posted: Sat Nov 25, 2006 6:14 pm Post subject: |
|
|
Fyre mentioned something about forgetting to renew the domain, IIRC.
_________________
|
|
| Back to top |
|
|
Rinku
Joined: 02 Feb 2003
Posts: 690
|
|
| Back to top |
|
|
Me
HI.
Joined: 30 Mar 2003
Posts: 870
Location: MY CUSTOM TITLE CAME BACK
|
| Posted: Mon Nov 27, 2006 10:49 am Post subject: |
|
|
maybe the unworldites actually hacked into all the world's virus checkers and told them that soj was a virus to prevent it from aiding in the defeat of the unworldites
_________________
UP DOWN UP DOWN LEFT LEFT RIGHT RIGHT A B START |
|
| Back to top |
|
|
TwinHamster
♫ Furious souls, burn eternally! ♫
Joined: 07 Mar 2004
Posts: 1352
|
| Posted: Mon Nov 27, 2006 11:13 am Post subject: |
|
|
..Or perhaps the unworldites have actually hacked into Rinku's account in order to get the unsuspecting members of our community to download the virus.
I mean, how do I know that the virus won't initiate itself the moment it completes its download?
Maybe it knows that my free trial version of McAffee Security Center has been down for five months now, and will prey on me because of that.
I will not touch that install file until someone confirms that it is, indeed, a virus. |
|
| Back to top |
|
|
Bob the Hamster
OHRRPGCE Developer
Joined: 22 Feb 2003
Posts: 2526
Location: Hamster Republic (Southern California Enclave)
|
| Posted: Mon Nov 27, 2006 1:05 pm Post subject: |
|
|
| TwinHamster wrote: |
I will not touch that install file until someone confirms that it is, indeed, a virus. |
| Code: |
james@gilgamesh:~/tmp/virus$ wget -q http://fyre.castleparadox.com/jade_install.exe
james@gilgamesh:~/tmp/virus$ clamscan
/home/james/tmp/virus/jade_install.exe: Worm.Tenga.A FOUND
----------- SCAN SUMMARY -----------
Known viruses: 78648
Engine version: 0.88.6
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.13 MB
Time: 2.574 sec (0 m 2 s)
|
|
|
| Back to top |
|
|
Rinku
Joined: 02 Feb 2003
Posts: 690
|
| Posted: Mon Nov 27, 2006 3:31 pm Post subject: |
|
|
"maybe the unworldites actually hacked into all the world's virus checkers and told them that soj was a virus to prevent it from aiding in the defeat of the unworldites"
I'd considered that, but it turns out the way virus checkers work is too unsystematic for that.
_________________
Tower Defense Game |
|
| Back to top |
|
|
FyreWulff
Still Jaded
Joined: 02 Apr 2005
Posts: 406
Location: The Internet
|
| Posted: Wed Nov 29, 2006 1:38 pm Post subject: |
|
|
The domain is because I ran out of money for the hosting, I still own the domain. Instead of putting up a "account not found" or some other page, they decided to turn it into a spamlinks site until I pay them. Nobody use Fuitadnet.
That virus thing sure is interesting though. I scanned it before it went out, and it came up clean. Does anything actually ID the virus? Can IM check the last-modified time of the file?
edit: I can't read, Tenga.A is the name of the virus. |
|
| Back to top |
|
|
Inferior Minion
Metric Ruler
Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA
|
| Posted: Wed Nov 29, 2006 2:19 pm Post subject: |
|
|
| FyreWulff wrote: | The domain is because I ran out of money for the hosting, I still own the domain. Instead of putting up a "account not found" or some other page, they decided to turn it into a spamlinks site until I pay them. Nobody use Fuitadnet.
That virus thing sure is interesting though. I scanned it before it went out, and it came up clean. Does anything actually ID the virus? Can IM check the last-modified time of the file?
edit: I can't read, Tenga.A is the name of the virus. |
Fyre, long time no see. jade_install.exe was last modified 2006-11-19 at 11:25:22
My FTP logs go back much further than that but show no upload. Not sure how that file was changed.
_________________
|
|
| Back to top |
|
|
Rinku
Joined: 02 Feb 2003
Posts: 690
|
| Posted: Wed Nov 29, 2006 7:37 pm Post subject: |
|
|
Weird -- so someone besides Fyre modified the file?
_________________
Tower Defense Game |
|
| Back to top |
|
|
Linkmax
I'm an idiot.
Joined: 03 Feb 2003
Posts: 202
Location: Oly
|
| Posted: Thu Nov 30, 2006 4:31 am Post subject: |
|
|
| Code: | Virus.Win32.Tenga.a
Aliases
Virus.Win32.Tenga.a (Kaspersky Lab) is also known as: W32/Gael (McAfee), W32.Licum (Symantec), Win32.Gael.3666 (Doctor Web), W32/Stanit (H+BEDV), Suspect File (Panda)
Detection added Jul 13 2005 15:24 GMT
Update released Jul 13 2005 16:27 GMT
Description added Jul 22 2005
Behavior Virus
Technical details
Tenga infects PE exe files. The virus can also act as a Network-Worm on machines with an unpatched DCOM RPC vulnerability. Microsoft Security Bulletin MX03-026 details the vulnerability. After launch, Tenga checks if the domain vx9.users.freebsd is available and attempts to dowload Trojan-Downloader.Win32.Small.bdc from http://**nt*.lycos.it/v**/dl.exe Tenga is a classic appending virus that increases the size of infected files by 3 KB. |
Taken from viruslist.com |
|
| Back to top |
|
|
FyreWulff
Still Jaded
Joined: 02 Apr 2005
Posts: 406
Location: The Internet
|
| Posted: Thu Nov 30, 2006 4:35 pm Post subject: |
|
|
the last-modified should definitely be in 2005. That's the last time I ever uploaded the .exe installer to castle paradox.
This is weird because if it had that when I first uploaded it, -somebody's- virus scanner should have complained and someone would have posted "hey, what the hell fyre, jade has a virus". Or sometime in the last year.
Once I get internet back at my place, I'll update my virus scanner and scan the original file again, but this is really mysterious. |
|
| Back to top |
|
|
Rinku
Joined: 02 Feb 2003
Posts: 690
|
| Posted: Thu Nov 30, 2006 7:25 pm Post subject: |
|
|
How about we figure it out later and actually revert the virus game to the real game? Dozens of people a day could be downloading this virus; a lot of places link to that file.
_________________
Tower Defense Game |
|
| Back to top |
|
|
Inferior Minion
Metric Ruler
Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA
|
| Posted: Thu Nov 30, 2006 9:29 pm Post subject: |
|
|
| Rinku wrote: | | How about we figure it out later and actually revert the virus game to the real game? Dozens of people a day could be downloading this virus; a lot of places link to that file. |
Already did that, Rinku. I revert back a June copy of the file.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
