1  |   Order by index

Jan 17, 2002, 9:11pm

An executable was forwarded to me yesterday which looked suspicious to the citizen who sent it, filename AWHack33a.exe. It was supposed to be one of these "AW Hack" utilities that enable flying, object selection etc...thing is that it was more than that. When I run it (in the lab of course, isolated from my networks, packet sniffing enabled) it proved what could be seen easily in hex, it connected to oriox.com and started downloading http://www.oriox.com/awpics/test.ex* (domain name looks familiar?), saved the file as winhlp32.exe and autoexecuted it. File was identified as trojan Sub7 2.1. AWC has been informed about this with all proof of concept.

A piece of advice: Do not run *any* executable that comes from untrustworthy sources. Even when you *think* you trust someone, think twice before running their "coolbot" or "jokes" executable. When you run someone's exe he "owns" your machine, it's that simple. This might have been an easy to prevent attack but there are a lot more sophisticated methods out there. Some links that might be useful to prevent "hacker" wannabes from getting in your machine, lots of other great products out there but I can't list them all. Note that *none* of these provide 100% security, do not trust blindly your firewall and virus scanner, use of common sense is assumed.

Firewalls:
Zonealarm: http://www.zonelabs.com/zap26_za_grid.html
Sygate: http://www.sygate.com/swat/free/default.php
NIS: http://www.symantec.com/consumer_products/home-is.html
Tiny: http://www.tinysoftware.com/ (use caution, great fw but tricky to configure)

Antivirus-AntiTrojan products:
Norton AV : http://www.symantec.com/consumer_products/home-is.html
McAfee: http://mcafee.com/
F-Prot: http://www.frisk.is/f-prot/download/
The Cleaner : http://www.moosoft.com
Trojan Defense Suite 3 (TDS3): http://tds.diamondcs.com.au
BOClean: http://www.nsclean.com/boclean.html
TrojanHunter: http://www.mischel.dhs.org/trojanhunter.jsp

Maybe most important than all others is http://windowsupdate.microsoft.com/ , keep your OS updated otherwise sooner or later you'll be in trouble.

-Baron

Jan 17, 2002, 9:20pm

Robbie, passing trojans? No way. XW all over again, hm I wonder if he's
going to get brought to the US and charged under the new US hacking laws.

--Bowen--

[View Quote]

Jan 17, 2002, 9:46pm

Uhh... no :)

While I agree what he seems to have done is stupid and (likely) illegal, the
US can't prosecute someone in another country.
I think the UK has some sort of "Anti-'Hacking' " law or something... But a
trojan horse hardly takes any skill to use.

-Agent1

[View Quote]

Jan 17, 2002, 9:52pm

that site also is home of the logbot and other things....but i havent heard
of any trojan reports from those files although tha doesnt mean it couldntve
happened

[View Quote]

Jan 17, 2002, 9:57pm

> Uhh... no :)
>
> While I agree what he seems to have done is stupid and (likely) illegal,
the
> US can't prosecute someone in another country.
> I think the UK has some sort of "Anti-'Hacking' " law or something... But
a
> trojan horse hardly takes any skill to use.

Well if AW decides to prosecute him, then they probably could have him
removed from UK and brought to the US for trial. Especially since he had
the hacked XW universe :). Hacking on that scale is almost as bad as credit
fraud, which is a capital offense, and you can be pulled out. BTW you
agreed to follow "Massachusetts Law" while using this product when you hit
accept in the EULA I believe. Since the hack for the browser and the hacked
universe deal with AW's product, I bet they have every right to prosecute
him under Mass' law.

--Bowen--

Jan 17, 2002, 10:07pm

http://safety.ngfl.gov.uk/ukonline/document.php3?D=d10



[View Quote]

Jan 17, 2002, 10:12pm

I doubt that Robbie is adult, that will protect him in UK and US

[View Quote] --
"_
|
/\
\ /
__/ /_

Jan 17, 2002, 10:16pm

> I doubt that Robbie is adult, that will protect him in UK and US

Last time I talked to him he was older then I am, and I'm 17. That would
either make him 17 which is an adult in some countries, or 18 which makes
him adult almost anywhere :). He might get sent to juvinile detention, IF
he's prosecuted.

--Bowen--

Jan 17, 2002, 10:17pm

> Last time I talked to him he was older then I am, and I'm 17.

Or was it younger? Oh it's been way too long for me to remember.

--Bowen--

Jan 17, 2002, 10:24pm

Maybe you get old - the memories already slip away *g

[View Quote] --
"_
|
/\
\ /
__/ /_

Jan 17, 2002, 10:26pm

> Maybe you get old - the memories already slip away *g

LoL yeah.. you're telling me.

--Bowen--

Jan 18, 2002, 1:03am

Maybe he was younger then you at the time, but now he's older.

Fox Mc Cloud

"bowen" <bowen at omegauniverse.com> a écrit dans le message news: 3c4769b0$1 at server1.Activeworlds.com...
>
> Or was it younger? Oh it's been way too long for me to remember.
>
> --Bowen--

Jan 18, 2002, 2:28am

Um... Robbie... his AW name isn't Gamer is it? I think I have those two
confused.

SW Chris

[View Quote]

Jan 18, 2002, 10:35am

> Um... Robbie... his AW name isn't Gamer is it? I think I have those two
> confused.

Robbie is his real name.

--Bowen--

Jan 18, 2002, 10:58am

Think he's 15, possibly 16 now...

KAH

[View Quote]

Jan 18, 2002, 9:23pm

hmm, anti-hacking law in the uk? lol not that it does much,especially since
even the prisioners go on strike about "bad jail conditions" :).

SWE
hey, im only 15 :)
www.emptyco.com

[View Quote]

Jan 18, 2002, 9:25pm

accully hes bout 15, bout the same age as me i think.
[View Quote]

Jan 18, 2002, 10:03pm

Greetings:)

>hmm, anti-hacking law in the uk? lol not that it does much,especially since
>even the prisioners go on strike about "bad jail conditions" :).
>
> SWE
>hey, im only 15 :)
>www.emptyco.com

agreed this has been the case up til now, but late last year,
hacking was reclassified and was moved from a criminal bill in the uk
which was of little use, into a subsection of the anti terrorism act
2000.

the new section was added stating...

Action falls within this subsection if it is designed to interfere
with or disrupt an electronic system.

Because it is now part of the terrorism laws of the UK, it encompases
a lot more than it used to.

including :-

a) action taken by a resident of the UK but occuring outside the UK.

b) to any person or to property wherever situated,

c) to the public of a country other than the United Kingdom

d) to any government of the United Kingdom, of a Part of the United
Kingdom or of a country other than the United Kingdom.


Because it falls under the terrorist act, it now includes arrest
without warrant, unlimited search of possesions and unlimited search
of persons, purely on suspision.

With regards to overseas, it includes any offence in any country which
if commited in the UK would fall into this section of the law.

It also allows for extradition of any citizen convicted under the act
to the country in which they comitted the offence. .

It is also now possible, under this Bill for a US company to prosecute
a UK citizen upon application to the UK courts either under UK law, or
by extradition to the US and then under US laws.

Maximum sentence on inditement under UK law is 14 years and fines,

The minimum age limit for this because it is now classified as
terrorism is 14 years.

No-one has yet been prosecuted under this new act, but some are
pending.

Moria

Jan 19, 2002, 2:17am

Hmm... ok. Prosecute then for all I care. That little escapade with that
user limit hack should have been his only warning.

SW Chris

[View Quote]

Jan 19, 2002, 11:12am

lol! You cna be so ignorant when you want to be Chris.

-Gamer

[View Quote]

Jan 19, 2002, 3:04pm

ahhhh...to much thinking needed! my head hurts! stop using all those words
and phrases! :)

SWE
hey, im only 15 :)
www.emptyco.com


[View Quote]

Jan 19, 2002, 8:08pm

Please, elaborate.

You claimed credit for that user hack, although you didn't do it. That
means you also claimed responsibility. Then your server was used to host a
sub-7 infected EXE, which may be forgivable, but even then you started up
the XW Universe, cheating Active Worlds out of several ten thousands of
dollars. And that's just the short list of things that I am aware of.

So, why shouldn't they prosecute?

SW Chris

[View Quote]

Jan 19, 2002, 9:25pm

And then - on a company owned and operated private news group, this MORON is
stupid enough to post that "they" are deleting the citizen records of a
pirated uniserver, indicating administrative level control of this
uniserver. Talk about a smoking gun - I have no law degree, and I could
present a reasonably solid case of criminal intent based on that information
alone. Do yourself, and your parents a favor - shut up.

[View Quote]

Jan 20, 2002, 10:56am

Uhh...

Specifically, hosts an whatnot will tell you their policies and usually
(unless they're desperate, crazy, or creepy) will take any users files
uploaded as your responsibility.
Sure... he had the whole user hack thing, XW, and whutever else you
mentioned... but this file has nothing to do with AW... not really, anyway.

Baron... dude just, whut, got tgrammed the URL or something? Thats much
different. If someone had uploaded the file and had it spammed over GZ or
something, that'd been different.

It wasn't really any of AW's business... Sub7 has these big *official*
sites, and if someone tells them to someone on AW, d'you really think they
get in much trouble? I wouldn't think that.

Unless it had some major effect on AW, they can't do anything. 'an Gamer...
I wouldn't say you weren't a juvenile, if I were you. Being a minor is all
that could get you outta trouble if they ever hauled you to the US.

Does anyone think that after XW, the user limit thing, an whutelse more,
someone would turn to Sub7? Gee...

All in all, its no offense or anything... its Sub7. Even McAffee can pick it
up :)
I don't see whut the big deal is.

-FrEk


[View Quote]

Jan 20, 2002, 6:29pm

You're absolutely right. That little violation is possibly forgivable, like
I said. :) The big deal is about the other stuff he's pulled.

SW Chris

[View Quote]

Jan 21, 2002, 2:11pm

Perhaps its just you all hate me or somthing...but your picking through
every damn thing I've ever done and trying to use it against me...gimme a
break...some of you guys done even think about the hours of work I put into
AWTeen every week...helping with events, building...helping people...and
writting bots (that usually dont work, lol...but never contain virus' and
never will). I never asked for someone to abuse my server...and I'll you all
to stop with this Anti-Gamer thread, damnit I'm not Lanezeri....

-Gamer

Jan 21, 2002, 6:44pm

We're not against you, Gamer. What's frustrating to me and perhaps many
others is that you seem to think that that thing with the hacked user limit
and the XW Uniserver you started up, you were actually helping out the
average Joe. And while I'm all for that, doing it illegally is not good.
Running a hacked universe is a far more serious offense than you may have
been aware of, and you're very lucky with all these other illegal uniservers
popping up AWC didn't decide to prosecute.

SW Chris

[View Quote]

Jan 22, 2002, 4:12pm

lol, AW are prob too damn lazy to prosecute a 15yr old, since they dont have
much of a case anyway. since they will have to prove it which wont be easy
:), and lol how much can u get from a 15 year old (no offence gamer, since
im also 15). lol, i doubt they even have a lawyer!

SWE
God created me with ignorance in mind :)
www.emptyco.com (the still empty site)

[View Quote]

1  |   Order by index