Photo with Trojan!

1. Photo with Trojan
A Trojan has been detected, in a commercial product for processing
graphic software, that destroys files on the Windows system directory

Kaspersky Labs reports the detection of a Trojan horse, FireAnvil,
embedded in a commercial product from US company, Firehand Technologies
Corporation.

"Firehand Ember Millennium" is a software program for viewing and
editing graphic files and is sold via Internet on the site
www.firehand.com. Trojan subprograms have been detected in two files of
the product: Ember32.exe - the main file of the product fireutil.dll -
library

The program is activated when the text "czy czy" is entered in the
field
"Registered User ID".

Registered User ID: [_________]
Registration Key: [_________]

As the Trojan program is activated the following message is displayed:

CrAcKiNg SoFtWaRe! PlEaSe WaIt!

Then FireAnvil searches for the Windows system directory and writes the
following text into the registry of all of the files within the
directory:

CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!

As a result of the program's destructive function, when activated, all
of the files of the Windows system directory are destroyed with no
possibility of restoring them.

"Unfortunately, this is not the only instance where a software product
has been marketed without checking it thoroughly for hidden "trojans".
On the other hand, this is additional proof for the perfidy of the
latest generation malware, which is sometimes very hard to detect.
Hopefully, this incident will force all software developers to pay more
attention to the security problems of their users," says Eugene
Kaspersky, Head of Anti-Virus Research of Kaspersky Labs.

source: http://www.avp.ru



Technodrome

 

That's a little confusing. Czy is a cracking group. So, is Firehand Ember crashing the machine when it detects the czy crack? Thats what it looks like to me.
About two years ago, Firehand Ember was one of the first to try to totally disable machines when a crack attempt was tried. I thought they got caught and weren't doing it anymore.
So, anyway, where does the graphic come in?
Please excuse my ignorance.

 

Troj/FireAnv-A

Troj/FireAnv-A
Aliases
FireAnvil, Trojan.Win32.FireAnvil

Type
Trojan


At the time of writing Sophos has received no reports from users affected by this Trojan. However, we have issued this advisory following enquiries to our support department from customers.


Description
Troj/FireAnv-A is a Trojan that attempts to overwrite the beginning of every file on the hard disk with the text "CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!".

There have been reports that Troj/FireAnv-A has been distributed in a commercial product, but at the time of writing Sophos believes that this download has been replaced with a clean version.

More information about Troj/FireAnv-A can be found at
http://www.sophos.com/virusinfo/analyses/trojfireanva.html

 

Real did it too! destroying win.ini and sys.ini and whne you'er online they check you all time for possible wrong keys so very soon........ no more windows! Thought they as well were told to stop that activity, but.........

In the case of that FireAnvil, is it only activated when a user types that czy? If people know they have not a complete paid version they would probably avoid typing that? Or am i now too innocent?

 

Hi Jooske, yes, legitimate uses would be ok, I think.
I'm just guessing but I imagine that czy came up with a serial number for the program. Now, what happens a lot of times is serials are coded by the registered users name, so czy may have produced a crack that used something like czy Cracking Crue, ser no. 123456. Then when Firehand Ember sees that - boom, your history.
I am aware of very few programmers that have taken such a drastic approach at protecting their copyrights.
In the US, a good Attorney would have their arsis in about ten minutes in court. But then, people with cracked software on their machines are not likely to pursue that option, although they would probably get by with it.

 

I find it odd it's labeled as a Trojan, it's really more of a virus, It destroys, so this is a virus. I know it's called a Trojan because it's hidden inside the program, and is only activated when a certain code is entered. But from what I have read, no information is stolen, and no connection to the internet is made. It just destroys, so to me it's a virus, and all virus programs need to detect it. Good Job KAV, for detecting it and making the report public.

 

will i was going to post a huge feed back on this and what most likely happend but lets just say that fire hand is the bad guy in this and is it relly my fault that they dont put any real security on there software

is it considered pirating if i guess the registration number

im sorry but these guys put serial codes like this in 11111111 and its just that easy and its sad

what should be consider pirating is redistributing fully fuctional copyright software on your servers with the serial
number that to me is pirating

but when you typ in names randomely and numbers like this

Registered User ID: [HA HA HA HA Heh_________]
Registration Key: [017598-21-??_________]

thats just your stupit fault for not securing your product

personaly im amazed at this

if you want to stop pirating is perty dang simple

a. Do not put share ware on your sites put demos with lots of stuff missing so thers no way to crack it or fill it so its fully fuctional.

b.only online ordering and updates each dowenload of legal registerd software has a binded unequal code of the credit card number hidden in the software so when you update they know exactly who it is

note puting manual updates is a no no any avrage jo can use an illigal copy get the manual update and not have to wory about being traced or disabled

c if you find illigal copys of your software distributed black list the serial number and wait when the main person complaines about his software disabled and it must be a mistake give him a new key if that key shows up being distrbuted sue that guy you now have proof make sure to document all the illigal attempts and add that to lost of money in your law suite then make an example of him.

d.make actual keys and a data base only leting legal copys update other copys that are illigal black listed or dont exsist keys software gets disabled.

do not load trojans or harmful things in your software regardless you are responsiable for damages of that nature
for a good example is tds they just make the software useless
rather then damage a 5000 dollar computer

two wrongs dont make a right lol
if you want more information on stoping pirating of your software get ahold of me my consulting fee only requires if i helped you that you gimme a leagal registerd copy of the software you want protected for my personal use
and legaly registerd to me.

i can give you advice on how to stop pirating of your software.

if you want me to track dowen illigal copys so you can black list them or change the security in your keys that will actualy cost you

as doing that for you is tidiuose work time and effort

im only an ideal man but one with good ideals on how to stop it that may save you thousands or millions

 

Pssst! MrBlaze, no need to tell it was your photo with something from your anonimous collection.

 

lol lmao no no no im not from that crew or that company lol

no i just know and i can actualy say this i know literly how ever ,crack.patch serializer, short cut ,reg,patch ,hack,serial generator perty much work lol the albove mostly stops all that lol

galvin & waynes is the best method of stoping piraters from illigaly useing software

by deploying the same seccurityon your products you save 1000 thousands of dollars to millions.

three of the toghst program to crack fully to where you can update and still run are as follows.

TDS
ANIMATION MASTER
POSER PRO SRI SR2 PACK Althogh it is posiable to crack poser each upgrade defeats it meaning you get alway with one but the others will defeat the crack anytime you up date to the most updated verstion

tds is best so far if i was companys id go to galvin and wayne and pay them money to secure my application from being pirated.

im not encouraging pirating in any way this is a security forum and as such im telling you how to stop pirating.

and what are the best methodes.

so if your a vendor youll take my advice

i love this bord so i respect it i know this subject is right there on that very edge of the line but its only for security purposes

this is last time ill say anything on the subject as i dont want to give newbs bad ideals it is dangeriouse i sugest you dont do it

buy your software as if you dont youll end up with trojans worms viruses and even your hard drive wiped out.

stay alway from pirate sites