Trojan Author Includes Integrated Chat, Challenges Security Researchers Digging Through His Code

from the paying-attention dept

Here’s a fascinating story, found via Boing Boing, of some malware (a password stealing trojan targeting Diablo III players) that included some sort of integrated chat function, which the researchers at AVG only noticed when the hacker reached out to them while they were searching through his code. Imagine their surprise when up popped a dialog box asking them what they were doing:

Hacker: What are you doing? Why are you researching my Trojan?

Hacker: What do you want from it?

The AVG folks continued to chat with the guy for a little while, which is how they realized just how powerful the trojan was and how much it could do. The guy controlling it demonstrated this to them by remotely shutting down their machine after talking to them for a little while.

Filed Under: , , ,
Companies: avg

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Trojan Author Includes Integrated Chat, Challenges Security Researchers Digging Through His Code”

Subscribe: RSS Leave a comment
PopeyeLePoteaux says:

Wow...just wow...

Thank Tyrael I never NEVER NEVER open any link sent to me by strangers.

I play Diablo 3 and this news is quite disturbing but useful at the same time, even when I recieve a link from my closest friends regarding Diablo 3 or any other game that requires a password to play, I ALWAYS text my friends to confirm if one of them sent me a link otherwise I ignore it completely.

Thanks for the news, keep up the good work here at TechDirt.

Mr. Applegate says:

Re: Wow...just wow...

Um… The link wasn’t in an email it was in a forum post for a ‘how to’… “– it had been originally posted to a Diablo III forum, masquerading as a how-to video –“

Do you ever click on a link on the internet? If not how do you get here?? If so you ARE at risk!!! In fact if you computer is connected to another computer it is at risk.

Anonymous Coward says:

I’ve wondered many times why the antivirus companies don’t just hire virus writers who’ve wriiten especially clever viruses/trojans etc… And many times I’ve come to the same conclusion. It would be bad for business. They thrive on fear, and the fact that clever, smart kids constantly outfox them. They never seem to fully secure any computers, there’s always the risk of being infected even if for only a few days as the antivirus companies catch up to the virus writers.

This whole back and forth is what keeps people paying their yearly antivirus bill. I’ve thought for many years that the AV companies more than likely release their own viruses into the wild just so they can claim to be the first to say they can protect you from it. Would not surprise me at all. Kind of like the stories Mike posts here about the FBI creating their own terror plots just so they can say they foiled the plot.

Anonymous Coward says:

Re: Re:


Antivirus companies actually hire a lot of hackers and so do other tech companies, which is a waste of time, the reason being that those hackers are very specialized on one area or another they don’t know the ins and outs of every system because there is nobody on earth capable of knowing them all, this is why problems happen all the time and keep popping up, no matter how big a company is, humanity is bigger and have more eyeballs looking at the code than any company does or even government can.

A thousand researchers can patch and make a system strong in a thousand points they all know very well, but a million hackers will find a million flaws in that system.

Is not a question that the companies hire dumb people is that they can’t hire every capable person who can do something.

Security in IT is like putting a door in a house without walls and trying to secure that door hoping nobody notice that there are no walls.

Some programs have millions of lines of code, use thousands of libraries and interact in unexpected ways with thousands of other programs, there is not a chance in hell that a human being will be able to chart all the possibilities, I doubt a group of people can do it and I base that on our own failure to predict the weather, there are too many unknowns and variables for anybody to be able to make sense of it all at this point in time.

The eejit (profile) says:

Re: Re: Re:

I would argue that it’s much closer to an actual ecosystem than most people think. Consider the above: there’s no doubt that there will be an evolution in detection now. However, if the hacker then changes the code to remove the vulnerability in detection, then it can go undetected again.

This is, in some ways, remarkably similar to the HIV’s chameleonic qualities.

Anonymous Coward says:

Re: Re: Re: Re:

Exactly, it evolves, systems evolve trying to adapt to new parameters and they behave in unexpected ways, with unknowns the unpredictability is real and maybe somebody comes along and throws in a mathematical proof of why there will never be a secure system in the world.

The thing is, I am starting to have an issue with statements like “why don’t they hire more smarter people?”, the reason is simple there are no smarter people to hire, there is not an infinite resource to hire anyone who has ever found a problem and most people who find those problems are one off, they probably never find another bug in their lifes after they discovered that big one, that one time. The same goes for politics the problem is not the people they are not dumb, they are smart people in their own single interests what they are not is smart in all fields.

This is why we need mechanisms to allow “evolution” to happen, no amount of “smart” people will fix an issue that is not about how smart you are, but how smart the system is, how flexible it is and how friendly to change it is.

Monopolies are the dumbest thing ever, but somehow very smart people believes IP is a good thing although it undermines the mechanism by which “evolution” of the system occurs, in that same vein stating “why they don’t hire smarter people” shows that people are looking at the wrong issue, there are nobody smarter to hire, one smart guy about one subject will be dumb on the next subject just like a programmer can’t do surgery or do astrophysics, or know about chemistry. Anybody ever tried to build a computer from scratch? is hard, is not that easy, there are literally billions of components in each computer today, granted they are small but those are billions of components, with thousands of connections trying to run million line code operating systems that control video, audio, electrical buses, interruptions, execution stacks, memory, network equipment, connections, heck just in the video stack people found an infinite source of PhD dissertations, the same occurs to the other areas of computing, so I can’t understand why people keep saying that “it is just a matter of hiring the hackers” when it is not, smart people are not the problem, the system cannot ever be secured, not because it is flawed, but because unpredictability can never be removed from that system ever we don’t have that capability and probably never will have unless we become God’s, which I doubt will happen in my lifetime, so saying “just hire the hacker” shows that people don’t understand even the basics of the problem, the problem is there are more people hacking the programs than there are people working to fix them, to change that you need an open platform, so people building the system becomes more numerous than the number of people trying to destroy it, so the number of bad hackers are outnumbered by the number of good hackers and we keep moving forward(evolving).

Also I see a threat to the “evolving” part in IP law which is a tool to exclude others from some field, which undermines the openness needed to create the right environment where good things happen more often than the bad things.

Anonymous Coward says:

Re: Re: Re:

The problem is that operating systems have gotten much much more complex. Back in the days operating systems were much simpler, it was much more difficult for viruses and malware to hide because there wasn’t very many places to hide. Now operating systems and software suits are so huge and humongous and they drop files and create changes in so many places there are a ton of places for stuff to hide in.

explicit coward (profile) says:

Is this the next bubble crushing economy in the future?

Well, this is what happens when you artificially create monetary value: Someone will try to profit from it by illegitimate means.

Diablo III differs on one essential point from its predecessors: It has no single-player-mode worth to be called such. Sure, you can play it alone, but you are forced to be always online, as the game has a client-server structure, where the client is on your machine and the server on ActiBlizzs own BattleNet-Servers.

Apart of being a quite effective DRM-measure (so far) it has been done to ensure a hack- and cheatfree environment – an essential requirement if you want to enable players to trade ingame-items for real money (while getting a share of the profit).

The trading of ingame-items for real money is nothing new, it has been done for years now over ebay and the likes. But this is the first time that the company developing the game also creates a trading-environment, effectively legitimizing and encouraging such trade. Suddenly gold- and item-farming aren’t a shady business anymore but in time could become respectable professions. At the same time the value of these ingame-items becomes more tangible – or at least it feels more tangible, because it’s value is supported and endorsed by the company responsible for it’s “creation”.

While I support the creation of new business opportunities I am troubled by the fact that ingame-items are becoming more and more a “respectable good”, especially when these items ain’t nothing but the product of a programmed chance-algorithm. The client-server-structure may hold hackers and cheaters off for now, but the more data they gather from the communication between client and server, the more likely they will find ways to deceive the system. It also makes the hijacking of anothers account (like with the trojan mentioned in this article) more valuable.

I don’t like this development. Not at all.

Anonymous Coward says:

Re: Is this the next bubble crushing economy in the future?

Those goods will be “respectable goods” until people realize, in 5-10 years, that Blizzard won’t be around forever, and that the investment is completely lost when Blizzard shuts down the servers for good.

This, much like the “real economy”, will only be good for the crooks, who will pull off some profits and bail out before the scheme comes crumbling down.

explicit coward (profile) says:

Re: Re: Is this the next bubble crushing economy in the future?

Actually, this is what most people do not realize: When they buy ingame-items they are not buying goods (as property) – they buy a time-limited license to use certain ingame-items. It is more like renting than it is buying: Ownership with an undetermined expiry-date.
The value of said items is bound to decrease over time. Either because the game loses it’s appeal or it’s popularity or because new, more powerful items become available (for instance with an expansion). Sooner or later their actual market-value will be exactly 0.

We can only hope that it remains a niche market, because otherwise it may become a real economical problem.

ChrisB (profile) says:

Re: Re: Re: Is this the next bubble crushing economy in the future?

> We can only hope that it remains a niche market, because
> otherwise it may become a real economical problem.

Failure is not an economical problem; it is the foundation of capitalism. Parting fools from their money is a good thing, because then the smart people can do something useful. Bailing out idiots is what causes problems.

explicit coward (profile) says:

Re: Re: Re:2 Is this the next bubble crushing economy in the future?

The problem arises when what once was seen as an idiocy becomes common practice. One step to make an idiocy common practice has been taken by Actiblizz by creating the real money auction house. The next step will be someone setting up a stock rated company which professionally farms items and/or gold. Further down the line banks will start to invest in such companys – until the bubble implodes…

Ninja (profile) says:

Re: Is this the next bubble crushing economy in the future?

Fortunately I got my copy via World of Warcraft Annual Pass promotion otherwise I’d ask for a refund. The fact that you must be connected to play ALONE is incredibly annoying (specially with the lag spikes most seem to experience).

I understand why wow has to be online only and if Blizzard decides to shut it down I’ve had my fun already but Diablo? This (DRM, whatever the form) is the reason I’m moving away from gaming. In the end it’s good for me as I’ll have more time for other stuff.

explicit coward (profile) says:

Re: Re: Is this the next bubble crushing economy in the future?

To me gaming is my prefered form of entertainment (I wonder if the MPAA ever considered that decreasing sales might be caused by a shift of preferences…).

Up to Starcraft II Blizzard was my favourite game-producer and I bought every game unseen and untested. But with Diablo III this has changed. While the game per se is good there are too many things like the always-on-requirement, the real-money-auction-house and a few smaller complaints that changed my mind.

With the release of Diablo III Actiblizz has lost a lot of it’s most valuable asset with me: reputation.

Ninja (profile) says:

Re: Stick to the matter at hand

Aw, I’m flattered you are aiming your troll-blaster at me. I do agree the comment was kind off topic considering the article but not if you consider the comment I replied too (which was pretty much on topic).

Also: Pot, meet Kettle. “waa waa IP theft, waa waa Pirate Mike, waa waa I dunno why I still visit techdirt!”

Cheers. And happy trolling 😉

Anonymous Coward says:

Re: I don't get it

Geez, that’s priceless.

Can you imagine if a malware/trojan/worm writer actually tried taking an antivirus company to court for reverse engineering and implementing sections into their product for detection purposes? Better yet, add DRM to the malware too and claim they are breaking the DCMA or similar laws.

Jeffrey Nonken (profile) says:

Re: I don't get it

“Why is this on techdirt?”

Because Mike decided to blog about it. Sorry if he did it without your permission. … Oh wait, I’m not sorry. Forget I said that.

You know what I do when Mike writes an article I don’t find interesting? I write comments whining about it and complain that it’s not relevant and try to explain why Mike owes me a better blog. … Oh wait, no I don’t. I STFU AND MOVE ON TO THE NEXT DAMNED ARTICLE.

Mike and his minions will occasionally write an article you don’t care for. Just pick up the broken pieces of your shattered life and move on.

Pangolin (profile) says:

Re: Re: I don't get it

I expected a few flames from the post. I actually agree with Tech Dirt on most everything and find the blog enlightening and insightful. Even this post. I tried humor. Maybe it’s why I’m not a comic. At any rate, the initial part was the “setup” and the “punch line” was the copyright issue. Why wouldn’t a malware author go after an Anti virus company for copyright infringement? Illegal Activity? That aspect hasn’t stopped some people in the past. It was meant to be slightly sarcastic and funny. Guess I missed the sarcasm tag.

Eponymous Coward (profile) says:

Big Brass Ones

Serious stones on the creator here. It’s one thing to bury a pseudonym signature in the code, quite another to enable real-time taunting of the infected.

This level of communication/access could potentially allow the creator to modify his trojan in real-time. Imagine a face-off between black and white hats, furiously coding to outwit the other. It’s like all the shitty “OMG, hackers!” scenes in tv shows, only for real.

Anonymous Coward says:

Re: Who "researches" malware w/an internet connected machine?

Well of course it’s connected to the internet; how else do you expect them to get a clear picture of what the software does when it’s on a machine in the wild?

Just because the testing machine is connected to the internet, doesn’t mean AVG has mission critical (or even trivial) data on it (or any other machine/device connected to it).

Anonymous Coward says:

Re: Re: Who "researches" malware w/an internet connected machine?


No wonder it’s so easy for them to stay ahead of us. If they can’t understand what a program is trying to do without being connected to the Internet then maybe they are in the wrong business.

*kicks the grass*

Kids these days….back in my day, we looked at the logs and read the packets and we liked it!

Anonymous Coward says:

This is new? Bullshit when I was kicking it on d2 my clans goal was similar. We infected people and stole their account,email,paypal and anything else of value. “Yeah this was years ago” I was young and bored. We could see infected computers webcam,screenshot, and log their keys plus a bunch of other little tools.

The screenshot option was kinda shitty for one reason back then dialup was still popular lol so taking a bunch of screenshots would have been a slow process.

Playing with the webcam was my favorite thing to do lol.

Me: Stop scratching your head ffs.
Victim: “Looks around like wtf?”
Me: Stop looking around I can see you from outside.
Victim: “Terrified look”
Me: I’m gonna get you! Turn around one more time! I dare you!
Victim: “Still too terrified to type anything yet.”
At this point I was laughing so hard and the look on their face made me feel bad so I ended it.
Me: I’m just kidding.. You downloaded my virus in a duping program.
Me: I’m not watching you from outside lol.. I’m spying on your webcam. I was gonna rob your account but the entertainment you provided me made me decided against it.
Victim: Really? “Still pretty confused looking”
At this point I was dumping shit into a mule. Yeah yeah I know I am a pushover lol.
Me: Open your d2 and log to this account.
So I see d2 popup and a min or two later he replied.
Victim: OMFG! Why…
Me: I felt bad that I shook you up so bad.
Victim: You can fuck with me every week if it turns out like this.

At that point I was laughing uncontrollably again >.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...