Asking for opinions on possible social engineering.

Discussion in 'malware problems & news' started by Carbonyl, Mar 9, 2011.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Many years ago, I used to play an online game that I enjoyed very much. It was pretty popular at the time, but as the years drew out the number of people playing it waned, and eventually the official servers that hosted the game shut down. Such is life, of course. Recently, however, I've become aware that there are fan run servers that have apparently brought the game 'back to life' so to speak. At least, that's what they promise.

    I was delighted at first, and planning to give it a whirl again, but there are a few things that make me VERY suspicious about the entire thing.

    The webpage for the game is very elaborate, but the support page is perhaps the most commonly referred to and directed to on their forums. If the game doesn't work correctly, they almost always advise people to shut down their antivirus and firewall completely. Well, that set off some alarm bells in my head. Wanting to play it safe, I grabbed the downloadable packages and patches on a Linux machine and ran it through Wine to install - And then uploaded the pertinent executables to Virus Total. The result was mixed. At one time a few months ago, as many as 9 engines found the executable to be a trojan. Today, only three do.

    I can find scattered comments on the forums for the game from whoever developed the fan patch that these are false-positives, due to the way the official executable was modified to redirect to the new fan servers. He claims that "Anyone with a disassembler, x86 assembler experience, and an afternoon could reverse engineer the DLLs added and verify there is nothing remotely malicious in them." I'm not sure what to make of that, though, since I don't have such experience.

    What I'm curious about is whether or not I'm being paranoid about their bizarre requests for users to disable firewall and antivirus (combined with suspicious VT results), or if the fan developers are right and this is all harmless. Any opinion on the matter would be greatly appreciated! Thanks.

    Oh, and in case anyone's curious, the game I'm talking about is Tribes: Next, a revival of Tribes 2. The homepage is located at tribesnext.com
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What they should advise instead is how to allow Tribes through firewall and or exclude its folders in AV (although I doubt there is any need for that)

    So bad advice really
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    To be fair, they do mention that in some cases on their forums. Of course, if there's malware in their executables it doesn't really matter if you disable AV and firewall completely, or just add an exception - you're still letting the nasties through. They frequently follow up their 'exception' advice, though, with recommendations to uninstall AV or disable the firewall. They seem particularly concerned that users do not run anything that will monitor or block http access, strangely. In all my time of gaming (quite a few years), I've always been running an AV suite, and many of those years were with a firewall too. I've never had cause to even add an exception for any of them, which only makes this situation all the stranger.

    I admit that this could all be for a perfectly legitimate reason. I don't deny the fact that they might have tweaked the executables of the game in an harmless way, but I'm trying to be wary before proceeding.

    The combination of their advice to poke holes through the user's security, when combined with the VT scans verifying some vendors finding malware in their executables, is unsettling. But is that just me, or is it something actually serious?
     
Thread Status:
Not open for further replies.