Trojan Author Includes Integrated Chat, Challenges Security Researchers Digging Through His Code
from the paying-attention dept
Here's a fascinating story, found via Boing Boing, of some malware (a password stealing trojan targeting Diablo III players) that included some sort of integrated chat function, which the researchers at AVG only noticed when the hacker reached out to them while they were searching through his code. Imagine their surprise when up popped a dialog box asking them what they were doing:Hacker: What do you want from it?
The AVG folks continued to chat with the guy for a little while, which is how they realized just how powerful the trojan was and how much it could do. The guy controlling it demonstrated this to them by remotely shutting down their machine after talking to them for a little while.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: hacking, malware, security, trojan
Companies: avg
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wow...just wow...
I play Diablo 3 and this news is quite disturbing but useful at the same time, even when I recieve a link from my closest friends regarding Diablo 3 or any other game that requires a password to play, I ALWAYS text my friends to confirm if one of them sent me a link otherwise I ignore it completely.
Thanks for the news, keep up the good work here at TechDirt.
[ link to this | view in chronology ]
Re: Wow...just wow...
Do you ever click on a link on the internet? If not how do you get here?? If so you ARE at risk!!! In fact if you computer is connected to another computer it is at risk.
[ link to this | view in chronology ]
Re: Re: Wow...just wow...
[ link to this | view in chronology ]
Re: Re: Wow...just wow...
Now I'm starting to understand why that many users were hacked...
[ link to this | view in chronology ]
Innovation at it's finest.
they are slightly outnumbered..
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
/malewiz
[ link to this | view in chronology ]
Re:
/malemonk... And possibly this Trojan.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
This whole back and forth is what keeps people paying their yearly antivirus bill. I've thought for many years that the AV companies more than likely release their own viruses into the wild just so they can claim to be the first to say they can protect you from it. Would not surprise me at all. Kind of like the stories Mike posts here about the FBI creating their own terror plots just so they can say they foiled the plot.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Antivirus companies actually hire a lot of hackers and so do other tech companies, which is a waste of time, the reason being that those hackers are very specialized on one area or another they don't know the ins and outs of every system because there is nobody on earth capable of knowing them all, this is why problems happen all the time and keep popping up, no matter how big a company is, humanity is bigger and have more eyeballs looking at the code than any company does or even government can.
A thousand researchers can patch and make a system strong in a thousand points they all know very well, but a million hackers will find a million flaws in that system.
Is not a question that the companies hire dumb people is that they can't hire every capable person who can do something.
Security in IT is like putting a door in a house without walls and trying to secure that door hoping nobody notice that there are no walls.
Some programs have millions of lines of code, use thousands of libraries and interact in unexpected ways with thousands of other programs, there is not a chance in hell that a human being will be able to chart all the possibilities, I doubt a group of people can do it and I base that on our own failure to predict the weather, there are too many unknowns and variables for anybody to be able to make sense of it all at this point in time.
[ link to this | view in chronology ]
Re: Re:
This is, in some ways, remarkably similar to the HIV's chameleonic qualities.
[ link to this | view in chronology ]
Re: Re: Re:
The thing is, I am starting to have an issue with statements like "why don't they hire more smarter people?", the reason is simple there are no smarter people to hire, there is not an infinite resource to hire anyone who has ever found a problem and most people who find those problems are one off, they probably never find another bug in their lifes after they discovered that big one, that one time. The same goes for politics the problem is not the people they are not dumb, they are smart people in their own single interests what they are not is smart in all fields.
This is why we need mechanisms to allow "evolution" to happen, no amount of "smart" people will fix an issue that is not about how smart you are, but how smart the system is, how flexible it is and how friendly to change it is.
Monopolies are the dumbest thing ever, but somehow very smart people believes IP is a good thing although it undermines the mechanism by which "evolution" of the system occurs, in that same vein stating "why they don't hire smarter people" shows that people are looking at the wrong issue, there are nobody smarter to hire, one smart guy about one subject will be dumb on the next subject just like a programmer can't do surgery or do astrophysics, or know about chemistry. Anybody ever tried to build a computer from scratch? is hard, is not that easy, there are literally billions of components in each computer today, granted they are small but those are billions of components, with thousands of connections trying to run million line code operating systems that control video, audio, electrical buses, interruptions, execution stacks, memory, network equipment, connections, heck just in the video stack people found an infinite source of PhD dissertations, the same occurs to the other areas of computing, so I can't understand why people keep saying that "it is just a matter of hiring the hackers" when it is not, smart people are not the problem, the system cannot ever be secured, not because it is flawed, but because unpredictability can never be removed from that system ever we don't have that capability and probably never will have unless we become God's, which I doubt will happen in my lifetime, so saying "just hire the hacker" shows that people don't understand even the basics of the problem, the problem is there are more people hacking the programs than there are people working to fix them, to change that you need an open platform, so people building the system becomes more numerous than the number of people trying to destroy it, so the number of bad hackers are outnumbered by the number of good hackers and we keep moving forward(evolving).
Also I see a threat to the "evolving" part in IP law which is a tool to exclude others from some field, which undermines the openness needed to create the right environment where good things happen more often than the bad things.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Is this the next bubble crushing economy in the future?
Diablo III differs on one essential point from its predecessors: It has no single-player-mode worth to be called such. Sure, you can play it alone, but you are forced to be always online, as the game has a client-server structure, where the client is on your machine and the server on ActiBlizzs own BattleNet-Servers.
Apart of being a quite effective DRM-measure (so far) it has been done to ensure a hack- and cheatfree environment - an essential requirement if you want to enable players to trade ingame-items for real money (while getting a share of the profit).
The trading of ingame-items for real money is nothing new, it has been done for years now over ebay and the likes. But this is the first time that the company developing the game also creates a trading-environment, effectively legitimizing and encouraging such trade. Suddenly gold- and item-farming aren't a shady business anymore but in time could become respectable professions. At the same time the value of these ingame-items becomes more tangible - or at least it feels more tangible, because it's value is supported and endorsed by the company responsible for it's "creation".
While I support the creation of new business opportunities I am troubled by the fact that ingame-items are becoming more and more a "respectable good", especially when these items ain't nothing but the product of a programmed chance-algorithm. The client-server-structure may hold hackers and cheaters off for now, but the more data they gather from the communication between client and server, the more likely they will find ways to deceive the system. It also makes the hijacking of anothers account (like with the trojan mentioned in this article) more valuable.
I don't like this development. Not at all.
[ link to this | view in chronology ]
Re: Is this the next bubble crushing economy in the future?
This, much like the "real economy", will only be good for the crooks, who will pull off some profits and bail out before the scheme comes crumbling down.
[ link to this | view in chronology ]
Re: Re: Is this the next bubble crushing economy in the future?
The value of said items is bound to decrease over time. Either because the game loses it's appeal or it's popularity or because new, more powerful items become available (for instance with an expansion). Sooner or later their actual market-value will be exactly 0.
We can only hope that it remains a niche market, because otherwise it may become a real economical problem.
[ link to this | view in chronology ]
Re: Re: Re: Is this the next bubble crushing economy in the future?
> otherwise it may become a real economical problem.
Failure is not an economical problem; it is the foundation of capitalism. Parting fools from their money is a good thing, because then the smart people can do something useful. Bailing out idiots is what causes problems.
[ link to this | view in chronology ]
Re: Re: Re: Re: Is this the next bubble crushing economy in the future?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Is this the next bubble crushing economy in the future?
Source:
Diablo 3 - RMAH ToU
[ link to this | view in chronology ]
Re: Is this the next bubble crushing economy in the future?
I understand why wow has to be online only and if Blizzard decides to shut it down I've had my fun already but Diablo? This (DRM, whatever the form) is the reason I'm moving away from gaming. In the end it's good for me as I'll have more time for other stuff.
[ link to this | view in chronology ]
Re: Re: Is this the next bubble crushing economy in the future?
Up to Starcraft II Blizzard was my favourite game-producer and I bought every game unseen and untested. But with Diablo III this has changed. While the game per se is good there are too many things like the always-on-requirement, the real-money-auction-house and a few smaller complaints that changed my mind.
With the release of Diablo III Actiblizz has lost a lot of it's most valuable asset with me: reputation.
[ link to this | view in chronology ]
Re: Re: Re: Is this the next bubble crushing economy in the future?
[ link to this | view in chronology ]
Re: Re: Is this the next bubble crushing economy in the future?
[ link to this | view in chronology ]
Stick to the matter at hand
Whiney comments off topic by you get no sympathy. Always the same "waa waa, DRM, waa waa, servers shut down, waa waa, I'm moving away from gaming..."
A broken record. Good. Go. Leave the gaming to those wanting to have fun.
[ link to this | view in chronology ]
Re: Stick to the matter at hand
[ link to this | view in chronology ]
Re: Stick to the matter at hand
Also: Pot, meet Kettle. "waa waa IP theft, waa waa Pirate Mike, waa waa I dunno why I still visit techdirt!"
Cheers. And happy trolling ;)
[ link to this | view in chronology ]
I don't get it
Why is this on techdirt?
Did he enforce a copyright claim against AVG?
[ link to this | view in chronology ]
Re: I don't get it
Can you imagine if a malware/trojan/worm writer actually tried taking an antivirus company to court for reverse engineering and implementing sections into their product for detection purposes? Better yet, add DRM to the malware too and claim they are breaking the DCMA or similar laws.
[ link to this | view in chronology ]
Re: I don't get it
[ link to this | view in chronology ]
Re: I don't get it
Because Mike decided to blog about it. Sorry if he did it without your permission. ... Oh wait, I'm not sorry. Forget I said that.
You know what I do when Mike writes an article I don't find interesting? I write comments whining about it and complain that it's not relevant and try to explain why Mike owes me a better blog. ... Oh wait, no I don't. I STFU AND MOVE ON TO THE NEXT DAMNED ARTICLE.
Mike and his minions will occasionally write an article you don't care for. Just pick up the broken pieces of your shattered life and move on.
[ link to this | view in chronology ]
Re: Re: I don't get it
[ link to this | view in chronology ]
Big Brass Ones
This level of communication/access could potentially allow the creator to modify his trojan in real-time. Imagine a face-off between black and white hats, furiously coding to outwit the other. It's like all the shitty "OMG, hackers!" scenes in tv shows, only for real.
[ link to this | view in chronology ]
Who "researches" malware w/an internet connected machine?
[ link to this | view in chronology ]
Re: Who "researches" malware w/an internet connected machine?
Just because the testing machine is connected to the internet, doesn't mean AVG has mission critical (or even trivial) data on it (or any other machine/device connected to it).
[ link to this | view in chronology ]
Re: Re: Who "researches" malware w/an internet connected machine?
No wonder it's so easy for them to stay ahead of us. If they can't understand what a program is trying to do without being connected to the Internet then maybe they are in the wrong business.
*kicks the grass*
Kids these days....back in my day, we looked at the logs and read the packets and we liked it!
[ link to this | view in chronology ]
The screenshot option was kinda shitty for one reason back then dialup was still popular lol so taking a bunch of screenshots would have been a slow process.
Playing with the webcam was my favorite thing to do lol.
Me: Stop scratching your head ffs.
Victim: "Looks around like wtf?"
Me: Stop looking around I can see you from outside.
Victim: "Terrified look"
Me: I'm gonna get you! Turn around one more time! I dare you!
Victim: "Still too terrified to type anything yet."
At this point I was laughing so hard and the look on their face made me feel bad so I ended it.
Me: I'm just kidding.. You downloaded my virus in a duping program.
Me: I'm not watching you from outside lol.. I'm spying on your webcam. I was gonna rob your account but the entertainment you provided me made me decided against it.
Victim: Really? "Still pretty confused looking"
At this point I was dumping shit into a mule. Yeah yeah I know I am a pushover lol.
Me: Open your d2 and log to this account.
So I see d2 popup and a min or two later he replied.
Victim: OMFG! Why...
Me: I felt bad that I shook you up so bad.
Victim: You can fuck with me every week if it turns out like this.
At that point I was laughing uncontrollably again >.
[ link to this | view in chronology ]