Sign In
Register
Help
latest update regarding Rakion game (made by Softnyx)
included a malicious .dll
entitiesMP.dll
Thanks to virustotal.com i found this:
-
AntiVir 7.1.1.14 09.07.2006 TR/RKit.Delf.B.6
AVG 386 09.07.2006 BackDoor.Generic3.KYW
Fortinet 2.77.0.0 09.07.2006 W32/Delf.B!tr.rkit
F-Prot4 4.2.1.29 09.07.2006 W32/Backdoor.gen
Kaspersky 4.0.2.24 09.07.2006 Rootkit.Win32.Delf.b
Panda 9.0.0.4 09.07.2006 Suspicious file
-
this dll hides two process from the tasklist:
rakion.bin
gameguard.des
and whoknows what else it does...
is this a good way to avoid trainers or game hacks?
Softnyx company keeps answer their customers it is a BUG of our antivirus program and suggest us to unistall the AV!
We need someone authoritative who forces them to avoid the use of these unethical tools!
Please join us
I think...first..is ethical to hide processes running on a computer to his owner ?
If softnyx can...than everyone else can!
and in second time.. is it ethical to deploy this kind of update without warning the users?...or better...suggesting users to remove their own antivirus softwares??
wait for your opinions
Page 1 of 1
Rakion Game Has A Rootkit Embedded entitiesMP.dll
MultiQuote
#4
- Private
-
- Group: Members
- Posts: 9
- Joined: 13-October 04
Posted 08 September 2006 - 11:49 AM
its possible :( but im doin everything i can do to warn (not only) the gamers... i've posted this issue on a lot of security related sites like securityfocus (and GovSec of course :) )
There's no Term Of Service in the world which allow something like hijacking the normal behavior of an Operating System.....
anyway...at least a warning might have been appreciated... :angry:
There's no Term Of Service in the world which allow something like hijacking the normal behavior of an Operating System.....
anyway...at least a warning might have been appreciated... :angry:
#5
- General
-
- Group: General
- Posts: 2,004
- Joined: 13-October 05
Posted 09 September 2006 - 08:22 PM
In my opinion they should be prosecuted imediately. this IS illegal, plus they tell u to uninstall the Antivirus ?...LOL...in a few time they will be including an antivirus killer like old trojans had. for god´s sake this is ridiculous. they are worse than virus writers because at least virus is too obvious n everyone knows they are malicious n they will really harm. when virus writers are caught they get arrested...oh funny, now some jackasses writes legitim looking games (I suppose it is shareware) n people go there n BUY it, that means they pay to get a rootkit in their computer. now the question...will they get arrested ??....
'they are small n wont get much media attention' ...I do hope they get n I do hope they brake because this is pretty illegal.
'they are small n wont get much media attention' ...I do hope they get n I do hope they brake because this is pretty illegal.
Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!
#6
- Specialist
-
- Group: Specialist
- Posts: 232
- Joined: 27-October 05
Posted 09 September 2006 - 09:53 PM
I agree 100% with edu19.They SHOULD get attention attracted towards them,and thrown out of software business.
rosco,have you posted this,along with the relevant details,to digg (hxxp://digg.com/)?
I guess this would give it enough publicity,so that someone with the appropriate "backend" in laws' resources,
(sorry,don't know how to express this exactly in english),starts a procecution against them...
EDIT:
Just found these statements in their page:
hxxp://rakion.softnyx.net/news/notice_view.asp?f_index=1451
hxxp://rakion.softnyx.net/news/notice_view.asp?f_index=1446
A google search also quickly revealed that Softnyx has also a history in similar stories,
back in 2004,they were suggesting to their customers to unistall Process Guard,
a well-known security product,so that it "would not interfere with the 'Gunbound' game".
Time passes,practices remain the same,I guess?
DiamondCS on the other side(the company behind ProcessGuard),
also had stated that Softnyx had never contacted them,
thereby making attempt of resolving the problem.Let's wait and see..
rosco,have you posted this,along with the relevant details,to digg (hxxp://digg.com/)?
I guess this would give it enough publicity,so that someone with the appropriate "backend" in laws' resources,
(sorry,don't know how to express this exactly in english),starts a procecution against them...
EDIT:
Just found these statements in their page:
hxxp://rakion.softnyx.net/news/notice_view.asp?f_index=1451
hxxp://rakion.softnyx.net/news/notice_view.asp?f_index=1446
A google search also quickly revealed that Softnyx has also a history in similar stories,
back in 2004,they were suggesting to their customers to unistall Process Guard,
a well-known security product,so that it "would not interfere with the 'Gunbound' game".
Time passes,practices remain the same,I guess?
DiamondCS on the other side(the company behind ProcessGuard),
also had stated that Softnyx had never contacted them,
thereby making attempt of resolving the problem.Let's wait and see..
"Maybe not today,maybe not tomorrow...but soon-and for the rest of your life"
#7
- Private First Class
-
- Group: Members
- Posts: 38
- Joined: 15-October 04
Posted 11 September 2006 - 07:20 AM
A lot game companies are starting to do this. Look at what Blizzard is doing with World of Warcraft. They have a very advanced rootkit that is constantly scanning your system for active programs. Due to inaccuracies in their detection engine, legitimate software has been flagged as malicious and accounts have been banned.
If it wasn't for a recent BlackHat brief, not many people would have known about it. Blizz has defended their position saying that the rootkit is part of the game, and their IP, and they do not have to divuldge any information about it.
As always, they say it doesn't store or transmit any sensitive information regarding individual players, BUT from what I have read the system is capable of doing that... :ph34r:
If it wasn't for a recent BlackHat brief, not many people would have known about it. Blizz has defended their position saying that the rootkit is part of the game, and their IP, and they do not have to divuldge any information about it.
As always, they say it doesn't store or transmit any sensitive information regarding individual players, BUT from what I have read the system is capable of doing that... :ph34r:
#8
- General
-
- Group: General
- Posts: 2,004
- Joined: 13-October 05
Posted 14 September 2006 - 03:43 PM
UFcen2000, on Sep 11 2006, 03:20 PM, said:
A lot game companies are starting to do this. Look at what Blizzard is doing with World of Warcraft. They have a very advanced rootkit that is constantly scanning your system for active programs. Due to inaccuracies in their detection engine, legitimate software has been flagged as malicious and accounts have been banned.
If it wasn't for a recent BlackHat brief, not many people would have known about it. Blizz has defended their position saying that the rootkit is part of the game, and their IP, and they do not have to divuldge any information about it.
As always, they say it doesn't store or transmit any sensitive information regarding individual players, BUT from what I have read the system is capable of doing that... :ph34r:
If it wasn't for a recent BlackHat brief, not many people would have known about it. Blizz has defended their position saying that the rootkit is part of the game, and their IP, and they do not have to divuldge any information about it.
As always, they say it doesn't store or transmit any sensitive information regarding individual players, BUT from what I have read the system is capable of doing that... :ph34r:
the point is, any executable u open on ur system makes u run some danger. doesnt matter if it is a simple tool or a complex game installer. anything can contain some kind of malicious code, the excuses doesnt matter, what matter is that it is just like a regular virus :
it does things the user is not aware of plus it access the system n any info it likes to at any time without warning the user.
this bullshit of telling customer to uninstall antivirus is just like a trojan writer or user that tells his/her victim to shutdown the antivirus for his/her leet server to run without getting caught. the game is even worse than the trojan simply because u would never expect a game coming from trusted n serious company to contain any kind of malicious code.
what happens today is that NOTHING is trustable!
Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!
#9
- Private First Class
-
- Group: Members
- Posts: 38
- Joined: 15-October 04
Posted 15 September 2006 - 10:24 AM
edu19
Agreed. It is complete BS the behavior of these type of programs. However, indivudal users accept the risk and responsiblity for the execution when they install said program. Damn those pesky 'Terms of Service.' However, with the media fiasco Sony encounter with their 'rootkit' might stem the tide. But, without solid legal precedence, we are screwed. As it is now, no company is required to divuldge the complete inner workings of their software.
Concerning uninstalling AV and such... it is reatrded troubleshooting step CSY use to help a user get the program working. And yes, it makes as much sense as removing your cars steering wheel in order to correct a problem with your headlights. :blink:
Agreed. It is complete BS the behavior of these type of programs. However, indivudal users accept the risk and responsiblity for the execution when they install said program. Damn those pesky 'Terms of Service.' However, with the media fiasco Sony encounter with their 'rootkit' might stem the tide. But, without solid legal precedence, we are screwed. As it is now, no company is required to divuldge the complete inner workings of their software.
Concerning uninstalling AV and such... it is reatrded troubleshooting step CSY use to help a user get the program working. And yes, it makes as much sense as removing your cars steering wheel in order to correct a problem with your headlights. :blink:
#10
- General
-
- Group: General
- Posts: 2,004
- Joined: 13-October 05
Posted 19 September 2006 - 07:39 PM
LOL .
In the case of games, I think most of the game players wont even know what a rootkit is. they will just know how to click 10 times the 'forward' button at the games install prompt. at license agreement / terms of services I doubt anyone will care to read it, they will just check the option to agree n continue installing it. then if a rootkit gets installed, oh well, they dont even know what a rootkit is plus they are anxious to start playing the game, so dont matter if the game´s executable is getting private info or even getting cam shots, they wont realise it! that´s why game companies will be putting rootkits on their games. in that case they should be punished severely, worse than a virus writer because at least the virus writer dont usually charge for infecting people :ph34r:
In the case of games, I think most of the game players wont even know what a rootkit is. they will just know how to click 10 times the 'forward' button at the games install prompt. at license agreement / terms of services I doubt anyone will care to read it, they will just check the option to agree n continue installing it. then if a rootkit gets installed, oh well, they dont even know what a rootkit is plus they are anxious to start playing the game, so dont matter if the game´s executable is getting private info or even getting cam shots, they wont realise it! that´s why game companies will be putting rootkits on their games. in that case they should be punished severely, worse than a virus writer because at least the virus writer dont usually charge for infecting people :ph34r:
Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!
#11
- Private First Class
-
- Group: Members
- Posts: 38
- Joined: 15-October 04
Posted 20 September 2006 - 05:39 AM
edu19, on Sep 19 2006, 11:39 PM, said:
LOL .
In the case of games, I think most of the game players wont even know what a rootkit is. they will just know how to click 10 times the 'forward' button at the games install prompt. at license agreement / terms of services I doubt anyone will care to read it, they will just check the option to agree n continue installing it. then if a rootkit gets installed, oh well, they dont even know what a rootkit is plus they are anxious to start playing the game, so dont matter if the game´s executable is getting private info or even getting cam shots, they wont realise it! that´s why game companies will be putting rootkits on their games. in that case they should be punished severely, worse than a virus writer because at least the virus writer dont usually charge for infecting people :ph34r:
In the case of games, I think most of the game players wont even know what a rootkit is. they will just know how to click 10 times the 'forward' button at the games install prompt. at license agreement / terms of services I doubt anyone will care to read it, they will just check the option to agree n continue installing it. then if a rootkit gets installed, oh well, they dont even know what a rootkit is plus they are anxious to start playing the game, so dont matter if the game´s executable is getting private info or even getting cam shots, they wont realise it! that´s why game companies will be putting rootkits on their games. in that case they should be punished severely, worse than a virus writer because at least the virus writer dont usually charge for infecting people :ph34r:
QFMFT
Page 1 of 1
