Photo with Trojan!

Discussion in 'malware problems & news' started by Technodrome, Sep 10, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    1. Photo with Trojan
    A Trojan has been detected, in a commercial product for processing
    graphic software, that destroys files on the Windows system directory

    Kaspersky Labs reports the detection of a Trojan horse, FireAnvil,
    embedded in a commercial product from US company, Firehand Technologies
    Corporation.

    "Firehand Ember Millennium" is a software program for viewing and
    editing graphic files and is sold via Internet on the site
    www.firehand.com. Trojan subprograms have been detected in two files of
    the product: Ember32.exe - the main file of the product fireutil.dll -
    library

    The program is activated when the text "czy czy" is entered in the
    field
    "Registered User ID".

    Registered User ID: [_________]
    Registration Key: [_________]

    As the Trojan program is activated the following message is displayed:

    CrAcKiNg SoFtWaRe! PlEaSe WaIt!

    Then FireAnvil searches for the Windows system directory and writes the
    following text into the registry of all of the files within the
    directory:

    CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!

    As a result of the program's destructive function, when activated, all
    of the files of the Windows system directory are destroyed with no
    possibility of restoring them.

    "Unfortunately, this is not the only instance where a software product
    has been marketed without checking it thoroughly for hidden "trojans".
    On the other hand, this is additional proof for the perfidy of the
    latest generation malware, which is sometimes very hard to detect.
    Hopefully, this incident will force all software developers to pay more
    attention to the security problems of their users," says Eugene
    Kaspersky, Head of Anti-Virus Research of Kaspersky Labs.

    source: http://www.avp.ru



    Technodrome
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    That's a little confusing. Czy is a cracking group. So, is Firehand Ember crashing the machine when it detects the czy crack? Thats what it looks like to me.
    About two years ago, Firehand Ember was one of the first to try to totally disable machines when a crack attempt was tried. I thought they got caught and weren't doing it anymore.
    So, anyway, where does the graphic come in?
    Please excuse my ignorance. :rolleyes:
     
  3. FanJ

    FanJ Guest

    Troj/FireAnv-A

    Troj/FireAnv-A
    Aliases
    FireAnvil, Trojan.Win32.FireAnvil

    Type
    Trojan


    At the time of writing Sophos has received no reports from users affected by this Trojan. However, we have issued this advisory following enquiries to our support department from customers.


    Description
    Troj/FireAnv-A is a Trojan that attempts to overwrite the beginning of every file on the hard disk with the text "CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!".

    There have been reports that Troj/FireAnv-A has been distributed in a commercial product, but at the time of writing Sophos believes that this download has been replaced with a clean version.

    More information about Troj/FireAnv-A can be found at
    http://www.sophos.com/virusinfo/analyses/trojfireanva.html
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Real did it too! destroying win.ini and sys.ini and whne you'er online they check you all time for possible wrong keys so very soon........ no more windows! Thought they as well were told to stop that activity, but.........

    In the case of that FireAnvil, is it only activated when a user types that czy? If people know they have not a complete paid version they would probably avoid typing that? Or am i now too innocent?
     
  5. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi Jooske, yes, legitimate uses would be ok, I think.
    I'm just guessing but I imagine that czy came up with a serial number for the program. Now, what happens a lot of times is serials are coded by the registered users name, so czy may have produced a crack that used something like czy Cracking Crue, ser no. 123456. Then when Firehand Ember sees that - boom, your history.
    I am aware of very few programmers that have taken such a drastic approach at protecting their copyrights.
    In the US, a good Attorney would have their arsis in about ten minutes in court. But then, people with cracked software on their machines are not likely to pursue that option, although they would probably get by with it.
     
  6. Vampirefo

    Vampirefo Guest

    I find it odd it's labeled as a Trojan, it's really more of a virus, It destroys, so this is a virus. I know it's called a Trojan because it's hidden inside the program, and is only activated when a certain code is entered. But from what I have read, no information is stolen, and no connection to the internet is made. It just destroys, so to me it's a virus, and all virus programs need to detect it. Good Job KAV, for detecting it and making the report public.
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Good point; fully agreed.

    regards,

    paul
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will i was going to post a huge feed back on this and what most likely happend but lets just say that fire hand is the bad guy in this and is it relly my fault that they dont put any real security on there software

    is it considered pirating if i guess the registration number

    im sorry but these guys put serial codes like this in 11111111 and its just that easy and its sad

    what should be consider pirating is redistributing fully fuctional copyright software on your servers with the serial
    number that to me is pirating

    but when you typ in names randomely and numbers like this

    Registered User ID: [HA HA HA HA Heh_________]
    Registration Key: [017598-21-??_________]

    thats just your stupit fault for not securing your product

    personaly im amazed at this

    if you want to stop pirating is perty dang simple

    a. Do not put share ware on your sites put demos with lots of stuff missing so thers no way to crack it or fill it so its fully fuctional.

    b.only online ordering and updates each dowenload of legal registerd software has a binded unequal code of the credit card number hidden in the software so when you update they know exactly who it is

    note puting manual updates is a no no any avrage jo can use an illigal copy get the manual update and not have to wory about being traced or disabled

    c if you find illigal copys of your software distributed black list the serial number and wait when the main person complaines about his software disabled and it must be a mistake give him a new key if that key shows up being distrbuted sue that guy you now have proof make sure to document all the illigal attempts and add that to lost of money in your law suite then make an example of him.

    d.make actual keys and a data base only leting legal copys update other copys that are illigal black listed or dont exsist keys software gets disabled.

    do not load trojans or harmful things in your software regardless you are responsiable for damages of that nature
    for a good example is tds they just make the software useless
    rather then damage a 5000 dollar computer

    two wrongs dont make a right lol
    if you want more information on stoping pirating of your software get ahold of me my consulting fee only requires if i helped you that you gimme a leagal registerd copy of the software you want protected for my personal use
    and legaly registerd to me.

    i can give you advice on how to stop pirating of your software.

    if you want me to track dowen illigal copys so you can black list them or change the security in your keys that will actualy cost you

    as doing that for you is tidiuose work time and effort

    im only an ideal man but one with good ideals on how to stop it that may save you thousands or millions
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Pssst! MrBlaze, no need to tell it was your photo with something from your anonimous collection.
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol lmao no no no im not from that crew or that company lol

    no i just know and i can actualy say this i know literly how ever ,crack.patch serializer, short cut ,reg,patch ,hack,serial generator perty much work lol the albove mostly stops all that lol

    galvin & waynes is the best method of stoping piraters from illigaly useing software

    by deploying the same seccurityon your products you save 1000 thousands of dollars to millions.

    three of the toghst program to crack fully to where you can update and still run are as follows.

    TDS
    ANIMATION MASTER
    POSER PRO SRI SR2 PACK Althogh it is posiable to crack poser each upgrade defeats it meaning you get alway with one but the others will defeat the crack anytime you up date to the most updated verstion

    tds is best so far if i was companys id go to galvin and wayne and pay them money to secure my application from being pirated.

    im not encouraging pirating in any way this is a security forum and as such im telling you how to stop pirating.

    and what are the best methodes.

    so if your a vendor youll take my advice

    i love this bord so i respect it i know this subject is right there on that very edge of the line but its only for security purposes

    this is last time ill say anything on the subject as i dont want to give newbs bad ideals it is dangeriouse i sugest you dont do it

    buy your software as if you dont youll end up with trojans worms viruses and even your hard drive wiped out.

    stay alway from pirate sites
     
Loading...
Thread Status:
Not open for further replies.