Castle Paradox Forum Index Castle Paradox

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 Gamelist   Review List   Song List   All Journals   Site Stats   Search Gamelist   IRC Chat Room

SOJ HYJACKED BY UNWORLD VIRUS
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Castle Paradox Forum Index -> The Arcade
View previous topic :: View next topic  
Author Message
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Sat Nov 25, 2006 5:10 pm    Post subject: SOJ HYJACKED BY UNWORLD VIRUS Reply with quote

rpgcreations.com/

For some reason the RPGCreations site (different from studioeres.com/games/) has been replaced by a spam-site. I suspect the unworld.

Worse: the file itself on castleparadox has mysteriously been replaced by a virus. Fyre's not online so I can't ask him about it, but until then nobody download SoJ from the "official" sites, including the link on CP's games list. (One site that *does* work for the game, virus-free, is http://demonews.com/download-2778.html).
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Inferior Minion
Metric Ruler



Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA

PostPosted: Sat Nov 25, 2006 5:45 pm    Post subject: Reply with quote

Rinku wrote:
Worse: the file itself on castleparadox has mysteriously been replaced by a virus.


What do you mean?? Which file exactly? I'll be sure to look into it!
_________________
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Moogle1
Scourge of the Seas
Halloween 2006 Creativity Winner
Halloween 2006 Creativity Winner



Joined: 15 Jul 2004
Posts: 3378
Location: Seattle, WA

PostPosted: Sat Nov 25, 2006 6:14 pm    Post subject: Reply with quote

Fyre mentioned something about forgetting to renew the domain, IIRC.
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Sat Nov 25, 2006 6:27 pm    Post subject: Reply with quote

THAT IS THE VIRUS >> http://fyre.castleparadox.com/jade_install.exe

Test it with a virus checker and see for yourself.
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Me
HI.




Joined: 30 Mar 2003
Posts: 871
Location: MY CUSTOM TITLE CAME BACK

PostPosted: Mon Nov 27, 2006 10:49 am    Post subject: Reply with quote

Rinku wrote:
THAT IS THE VIRUS >> http://fyre.castleparadox.com/jade_install.exe

Test it with a virus checker and see for yourself.


maybe the unworldites actually hacked into all the world's virus checkers and told them that soj was a virus to prevent it from aiding in the defeat of the unworldites
_________________
UP DOWN UP DOWN LEFT LEFT RIGHT RIGHT A B START
Back to top
View user's profile Send private message AIM Address
TwinHamster
♫ Furious souls, burn eternally! ♫




Joined: 07 Mar 2004
Posts: 1352

PostPosted: Mon Nov 27, 2006 11:13 am    Post subject: Reply with quote

..Or perhaps the unworldites have actually hacked into Rinku's account in order to get the unsuspecting members of our community to download the virus.
I mean, how do I know that the virus won't initiate itself the moment it completes its download?
Maybe it knows that my free trial version of McAffee Security Center has been down for five months now, and will prey on me because of that.
I will not touch that install file until someone confirms that it is, indeed, a virus.
Back to top
View user's profile Send private message Send e-mail AIM Address
Bob the Hamster
OHRRPGCE Developer




Joined: 22 Feb 2003
Posts: 2526
Location: Hamster Republic (Southern California Enclave)

PostPosted: Mon Nov 27, 2006 1:05 pm    Post subject: Reply with quote

TwinHamster wrote:

I will not touch that install file until someone confirms that it is, indeed, a virus.


Code:

james@gilgamesh:~/tmp/virus$ wget -q http://fyre.castleparadox.com/jade_install.exe
james@gilgamesh:~/tmp/virus$ clamscan
/home/james/tmp/virus/jade_install.exe: Worm.Tenga.A FOUND

----------- SCAN SUMMARY -----------
Known viruses: 78648
Engine version: 0.88.6
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.13 MB
Time: 2.574 sec (0 m 2 s)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Mon Nov 27, 2006 3:31 pm    Post subject: Reply with quote

"maybe the unworldites actually hacked into all the world's virus checkers and told them that soj was a virus to prevent it from aiding in the defeat of the unworldites"

I'd considered that, but it turns out the way virus checkers work is too unsystematic for that.
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
FyreWulff
Still Jaded




Joined: 02 Apr 2005
Posts: 406
Location: The Internet

PostPosted: Wed Nov 29, 2006 1:38 pm    Post subject: Reply with quote

The domain is because I ran out of money for the hosting, I still own the domain. Instead of putting up a "account not found" or some other page, they decided to turn it into a spamlinks site until I pay them. Nobody use Fuitadnet.

That virus thing sure is interesting though. I scanned it before it went out, and it came up clean. Does anything actually ID the virus? Can IM check the last-modified time of the file?

edit: I can't read, Tenga.A is the name of the virus.
Back to top
View user's profile Send private message Visit poster's website AIM Address
Inferior Minion
Metric Ruler



Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA

PostPosted: Wed Nov 29, 2006 2:19 pm    Post subject: Reply with quote

FyreWulff wrote:
The domain is because I ran out of money for the hosting, I still own the domain. Instead of putting up a "account not found" or some other page, they decided to turn it into a spamlinks site until I pay them. Nobody use Fuitadnet.

That virus thing sure is interesting though. I scanned it before it went out, and it came up clean. Does anything actually ID the virus? Can IM check the last-modified time of the file?

edit: I can't read, Tenga.A is the name of the virus.


Fyre, long time no see. jade_install.exe was last modified 2006-11-19 at 11:25:22

My FTP logs go back much further than that but show no upload. Not sure how that file was changed.
_________________
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Wed Nov 29, 2006 7:37 pm    Post subject: Reply with quote

Weird -- so someone besides Fyre modified the file?
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Linkmax
I'm an idiot.




Joined: 03 Feb 2003
Posts: 202
Location: Oly

PostPosted: Thu Nov 30, 2006 4:31 am    Post subject: Reply with quote

Code:
Virus.Win32.Tenga.a

Aliases
Virus.Win32.Tenga.a (Kaspersky Lab) is also known as: W32/Gael (McAfee),   W32.Licum (Symantec),   Win32.Gael.3666 (Doctor Web),   W32/Stanit (H+BEDV),   Suspect File (Panda)
Detection added    Jul 13 2005 15:24 GMT
Update released    Jul 13 2005 16:27 GMT
Description added    Jul 22 2005
Behavior    Virus
Technical details
Tenga infects PE exe files. The virus can also act as a Network-Worm on machines with an unpatched DCOM RPC vulnerability. Microsoft Security Bulletin MX03-026 details the vulnerability. After launch, Tenga checks if the domain vx9.users.freebsd is available and attempts to dowload Trojan-Downloader.Win32.Small.bdc from http://**nt*.lycos.it/v**/dl.exe Tenga is a classic appending virus that increases the size of infected files by 3 KB.

Taken from viruslist.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
FyreWulff
Still Jaded




Joined: 02 Apr 2005
Posts: 406
Location: The Internet

PostPosted: Thu Nov 30, 2006 4:35 pm    Post subject: Reply with quote

the last-modified should definitely be in 2005. That's the last time I ever uploaded the .exe installer to castle paradox.

This is weird because if it had that when I first uploaded it, -somebody's- virus scanner should have complained and someone would have posted "hey, what the hell fyre, jade has a virus". Or sometime in the last year.

Once I get internet back at my place, I'll update my virus scanner and scan the original file again, but this is really mysterious.
Back to top
View user's profile Send private message Visit poster's website AIM Address
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Thu Nov 30, 2006 7:25 pm    Post subject: Reply with quote

How about we figure it out later and actually revert the virus game to the real game? Dozens of people a day could be downloading this virus; a lot of places link to that file.
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Inferior Minion
Metric Ruler



Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA

PostPosted: Thu Nov 30, 2006 9:29 pm    Post subject: Reply with quote

Rinku wrote:
How about we figure it out later and actually revert the virus game to the real game? Dozens of people a day could be downloading this virus; a lot of places link to that file.


Already did that, Rinku. I revert back a June copy of the file.
_________________
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Castle Paradox Forum Index -> The Arcade All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group