ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
COMMUNITY WARNING (General Discussion)
COMMUNITY WARNING // General DiscussionbcgSep 10, 2001, 11:04pm
Hello everyone,
Yesterday and Today several worlds have been deleted using stolen passwords (I believe the current count is 6). We know that at least one of them (WAR) was deleted by a citizen named Radon, who used one of his bots which I was running to steal my AW pass from my computer. If you do not know Radon, he recently made a program called AW Ear. I myself have stopped using, and removed all of the programs created by Radon. I recommend that anyone who wants their password to be safe do so as well. BCG bcgSep 10, 2001, 11:06pm
This message is a bit outdated.... sorry everyone.... I wrote this while the
server was down, so it just posted now. BCG [View Quote] sw chrisSep 10, 2001, 11:32pm
Ok, so it's outdated, but what about AW Ear? Wouldn't my firewall (Zone
Alarm) have asked if it wanted to act as a server when I ran it IF there was a trojan in it? -- Chris Eagle Scout, Philosopher, Peacemaker, and... Kung Fu Master? http://www.winternet.com/~mikelr/flame1.html [View Quote] goober kingSep 10, 2001, 11:46pm
AW Ear isn't the problem. AW Ear is not a malicious program and actually
delivers as advertised. The programs that reportedly *are* malicious are StockQuote Bot and IntelliBot. (also made by Radon) I'm in the process of investigating this, since I've known Radon for a while, and something smells rotten in (former) Botopia... [View Quote] > Ok, so it's outdated, but what about AW Ear? Wouldn't my firewall (Zone > Alarm) have asked if it wanted to act as a server when I ran it IF there was > a trojan in it? > -- > Chris > Eagle Scout, Philosopher, Peacemaker, and... Kung Fu Master? > http://www.winternet.com/~mikelr/flame1.html > [View Quote] -- Goober King Just call him Inspector Goober... rar1 at acsu.buffalo.edu insanitySep 11, 2001, 12:22am
Zone Alarm does not always detect the actions of backdoors. It is best to use up
to date virus software from major companies like Norton and Mcafee. http://worldhosting.heartfall.com http://pathservices.heartfall.com [View Quote] > Ok, so it's outdated, but what about AW Ear? Wouldn't my firewall (Zone > Alarm) have asked if it wanted to act as a server when I ran it IF there was > a trojan in it? > -- > Chris > Eagle Scout, Philosopher, Peacemaker, and... Kung Fu Master? > http://www.winternet.com/~mikelr/flame1.html > [View Quote] sw chrisSep 11, 2001, 2:00am
I do, but virus software doens't act as a firewall. At least my Mcafee
VirusScan doesn't. Chris [View Quote] andrasSep 11, 2001, 4:16am
[View Quote]
You are mixing apples and oranges. The mentioned AV software is just as good as their signature files. None of them has the StockQuote Bot and none of it detects it's presence.
OTOH ZA deals with the action of the programs and it detects the trojan in action if properly configured. If you allow only the AW ports access for a bot the only way it can leak info is through chat or whisper. No telegrams can sent from a bot and for file transfer or email the bot will be blocked because different ports required to do those actions. Chris, If AW Ear wants to access the internet (i.e. leak some data from your puter) ZA will ask you. I see no justified action which requires internet access for AW Ear so just simply block it. So the answer to your question is YES - ZA will PROTECT you despite insanity's comment. Andras > [View Quote] jfk2 builderSep 11, 2001, 4:26am
That is why i use BlackIce AND Nortons Antivirus and run them every few
days to keep me safe from too mauch harm. "sw chris" <chrisw10 at nckcn.com> wrote in news:3b9d8c62$1 at server1.Activeworlds.com: > I do, but virus software doens't act as a firewall. At least my > Mcafee VirusScan doesn't. > > Chris > [View Quote] jfk2 builderSep 11, 2001, 5:18am
I was wondering why several more worlds are suddenly popping up in
Dreamland Park Universe and most of them on their homepage has the warning about this BOT being used in AW.... Now i know... Geesh.... Not the best way to run world owners to another universe. I just hope that whoever is doing this type of nonsense is not doing the world owners to another universe for the sake of saying Dreamland Park Universe is better than AW... Dreamland Park Universe don't need that type of help. "goober king" <rar1 at acsu.buffalo.edu> wrote in news:3B9D6ADC.8050705 at acsu.buffalo.edu: > AW Ear isn't the problem. AW Ear is not a malicious program and > actually delivers as advertised. The programs that reportedly *are* > malicious are StockQuote Bot and IntelliBot. (also made by Radon) I'm > in the process of investigating this, since I've known Radon for a > while, and something smells rotten in (former) Botopia... > [View Quote] goober kingSep 11, 2001, 9:40am
Umm... no one ever said anything about Dreamland Park. Stop talking
about things that have no relevance to the topic at hand. [View Quote] > I was wondering why several more worlds are suddenly popping up in > Dreamland Park Universe and most of them on their homepage has the > warning about this BOT being used in AW.... Now i know... Geesh.... > Not the best way to run world owners to another universe. I just hope > that whoever is doing this type of nonsense is not doing the world > owners to another universe for the sake of saying Dreamland Park > Universe is better than AW... Dreamland Park Universe don't need that > type of help. > > "goober king" <rar1 at acsu.buffalo.edu> wrote in > news:3B9D6ADC.8050705 at acsu.buffalo.edu: > > -- Goober King It's morning here... sue him! rar1 at acsu.buffalo.edu wing.Sep 11, 2001, 6:16pm
Heh, a friend of mine got Radon's previous account cancelled only a few days
ago, and has now suggested to ENZO to make a personal call to the little shit's parents (As Radon is only 13-14, and though I hate to say it, an old friend) [View Quote] bcgSep 11, 2001, 6:44pm
AW has not said anything about AW Ear containing a virus at the moment. If
you have not noticed, the article about AW Ear has been removed from the newsletter, which makes one wonder. It may just be that AW does not want to condone a hacker. BCG [View Quote] sweSep 12, 2001, 12:28am
its not a virus,its a trojan,what it does(Well i think) is when u type in ur
info,it sends tells u theres a error,then tells u its e-mailing the error to radon,and what u dont know is its accully mailing him the password,but its in code,so u dont know that its sending it dont take my word for it,im not too sure [View Quote] lanezeriSep 12, 2001, 9:24am
I know how ya feel Wing.. he -was- a friend of mine back when Utopia was
around, then he thought he was god and screwed himself out of a lot of friends. I remember when he knew "everything" about VB (as he thought), then a while ago, he asked this: How do you get "bob" out of "bob:123" That made me think less of what I used to. I grammed him a little after Baron posted about the trojan, and he said "what makes you think I would do something like that?" and then I said "read the NG and you'd know you were caught." It's funny how someone thinks they can get away with things.. I agree with ya about the parents thing too. -- Lanezeri Lead Bot Programmer at Stuff-X http://aw.stuff-x.com [View Quote] bcgSep 12, 2001, 5:47pm
The program does not ask for your permission to send any info, it does so
automatically. BCG [View Quote] builderzSep 12, 2001, 9:34pm
I tested Radon's AW Ear program about two days before he released it,
yet I did not download and use his bot(s) that transmitted AW passwords. Companies do not make "anti-trust" software. It is a good rule of thumb to trust the programmer of a program you are going to run on your computer before you open it. If you do not trust the program and/or the programmer, then you need to add appropriate security measures to your system. If properly configured and working correctly, Zone Alarm/Zone Alarm Pro should alert you to any program that tries to access the Internet and/or local network (if the program is not already in ZA/ZAP's Program Settings). I believe ZA/ZAP uses MD5 checksums to differentiate between two files with the same name. I am not saying that ZoneAlarm is fool proof. The program title and .exe could be named anything, and this is where the user needs to use vigilance. You say: "It is best to use up to date virus software from major companies like Norton and Mcafee." It is a *wise* decision to use anti-virus software *such as* products made by Norton and McAfee, but that is not necessarily the *best* solution. If you want the *best* solution, in my opinion, you would run the bot on a computer disconnected from all other networks (including the Internet), running in a "sandbox" environment, with both anti-virus and anti-trojan software running in the background with the most current definition files. If you needed the Internet for the bot to function (which you probably would), I suggest having at least one software firewall running as well. Generally, the more layers of security you have, the better your overall protection. After some testing of the bot, and it has been deemed "safe," transfer it over onto another computer system you use more often for more convenient usage. Anti-virus programs will most likely *not* detect a trojan horse. That is what *anti-trojan* software is for. The two may sound similar, but try to combat two different things. Anti-virus software may indeed detect a trojan on your system, but anti-trojan software is better handled for such things. For the most part, they both depend on "fixed" definition files that contain a library of known viruses, worms, and trojans (very few do not). If the malicious code is not in that library, then the software uses its heuristic feature (if it has one) to scan for virus/worm/trojan-like activity. If it passes that stage, the code/program is allowed to execute. Builderz Stuff-X - Bot & World Hosting Services http://aw.stuff-x.com/ PGP Key ID: 0xAC0E7073 (for non-commercial use) [View Quote] jfk2 builderSep 13, 2001, 10:20am
Goober.... I'm in the Dreamland Park Universe and i see a few new
worlds start comming on line that were not there before and i go to their worlds and i see their home pages filled with warrnings about this bug or worm in AW [Active Worlds] and so i'm just mentioning that some of these people are jumping off AW and sending their worlds into Dreamland Park Universe to excape what is happening here most likely BUT dreamland Park Universe dosen't need or want that type of help to make that universe grow. If it's growing by people being that mean to others in another universe then we in Dreamland Park Universe don't want that. WE Want people who really WANT to be there not FORCED OFF by crooked means at the hands of some sick person deleting their AW Worlds. [I'm known as JFK2 In Dreamland Park Universe] "goober king" <rar1 at acsu.buffalo.edu> wrote in news:3B9DF61B.1030507 at acsu.buffalo.edu: > Umm... no one ever said anything about Dreamland Park. Stop talking > about things that have no relevance to the topic at hand. > [View Quote] kahSep 13, 2001, 4:07pm
maybe you should check your facts first, heh? AW Ear obviously DOES NOT
TRANSFER PASSWORDS. I have **checked**. And i agree with Goober King, something DOES seem to be very strange with this whole Radon stealing PWs deal... KAH [View Quote] goober kingSep 13, 2001, 4:53pm
Unfortunately, as I'm sure you noticed in my article about all this at
AWNews.com, it's all true. Radon has succeeded in turning into another idiot script kiddie who did it for the hell of it. What really disturbs me about all this is that he believed he would be *rewarded* for his actions, because Gavaroche got a free world after hacking Nekranox. He apparently doesn't understand that Gavaroche did what he did to help AWC tighten up their security, while what Radon did was just outright vandalism and destruction. [View Quote] > maybe you should check your facts first, heh? AW Ear obviously DOES NOT > TRANSFER PASSWORDS. I have **checked**. And i agree with Goober King, > something DOES seem to be very strange with this whole Radon stealing PWs > deal... > > KAH > [View Quote] -- Goober King Prays Radon will grow out of this and understand what he has done is wrong... rar1 at acsu.buffalo.edu kryptonSep 13, 2001, 9:02pm
A script kiddie? lol What's that mean? Didn't the Radon actually program the
StockQuoteBot himself? Not use scripts like xelagots. [View Quote] > Unfortunately, as I'm sure you noticed in my article about all this at > AWNews.com, it's all true. Radon has succeeded in turning into another > idiot script kiddie who did it for the hell of it. What really disturbs > me about all this is that he believed he would be *rewarded* for his > actions, because Gavaroche got a free world after hacking Nekranox. He > apparently doesn't understand that Gavaroche did what he did to help AWC > tighten up their security, while what Radon did was just outright > vandalism and destruction. > [View Quote] wing.Sep 13, 2001, 9:23pm
Builderrrrrrrrz, you hafta remember, only some of us have the appropriate
resources and skills to operate a full scale security testing situation such as what you described. I FIRMLY believe that 90% of the time, all virii infections are caused by overhyped software, such as Win2k and this WORTHLESS stock quote bot. ZA/ZAP is also overhyped, which is a decent deterrent to the damaging overhyped software and the shortcoming of other overhyped software (OS's) The same goes for virus detection software. If you're careful, you don't need it. [View Quote] wing.Sep 13, 2001, 10:43pm
A script kiddie is a wannabe hacker that think that they're a real hacker.
Examples of scriptes include executables in that context. And a kiddie denotes that they're a wannabe. By definition, a script kiddie is one who uses any targetside script or DDoS attack to do harm to a targetted system. A cracker is similar, except all scripts are done infiltration side, and a hacker is similar to that, though they often know everything that is to be known about computers and how they function, and rarely have malicious intents about breaking into systems. [View Quote] bcgSep 14, 2001, 12:02am
If actually READ what I typed, you would notice that I never once said that
AW Ear transfered passwords. BCG [View Quote] builderzSep 14, 2001, 5:29pm
Wing, I know not everyone has the knowledge and resources to implement
and use the security environment I described in my last post. Heck, I know many people who don't even know what a firewall or anti-virus program is, let alone use one. I was just trying to get the point across that Insanity used a bad choice of word when saying "best." I think Andras' post was, too. Call me extremely picky or very opinionated if you'd like, but Insanity should know better than that being the man behind a hosting provider like Heartfall. About ZA/ZAP being over hyped, I'm somewhat indifferent about that. Sure, they may go a little overboard sometimes, but I've tested both ZA and ZAP on numerous systems, and both programs do exactly what they say. If it is free, why *not* over hype it? Sure, they want you to buy ZAP, but still. If the hyping gets more people to download and install a firewall on their computer system, then we are that much more closer to securing another system connected to the gigantic network we call the Internet. Builderz Stuff-X - Bot & World Hosting Services http://aw.stuff-x.com/ PGP Key ID: 0xAC0E7073 (for non-commercial use) [View Quote] griffin pageSep 16, 2001, 12:19am
Yeah he used to my friend too... in fact he was the one who blamed you
for the vandalism in Utopia huh? Ill bet he did it himself to frame you.. the bastard (this is Legolas/Griffin 2101) [View Quote] sw chrisSep 16, 2001, 12:28am
I wouldn't put it past Wing if he did it earlier than a year ago. So don't
say Radon framed Wing, because it's possible that Wing could have done it. But only Radon and Wing know. :) SW Chris [View Quote] |