PDA

View Full Version : CieNTi spreads malware over wormnet


evilworm2
8 Aug 2006, 22:04
Hi.

I played with a guy named 'CieNTi' today.
In game he entered a URL in the chatbox and told me and the other player not to execute the executable there.

I downloaded and scanned this file and found out that it is infected by Trojan-Downloader Win32.VB.aju.

From the replay:
CieNTi: http://xxxxxxxxxxxxx
CieNTi: i have a visor. t
CieNTi: just DONT enter in that web
CieNTi: please
CieNTi: im in a server, with VNC, and there will be a vulnerability and somtimes enter someone and try to exec that

What does this mean? That, how Lex guessed, someone is typing this URL against his will or that he tries to make people to kill his VNC server with this trojan horse?

Lex
8 Aug 2006, 22:29
He told you and the other person not to execute that file? That sounds like whatever he has is typing the URL against his will, and he doesn't know how to stop it, but he wants you to be aware that you shouldn't download it.

[UFP]Ghost
8 Aug 2006, 22:58
no one is that smart, hes just being a nice citizen.... right.....:rolleyes:

Muzer
14 Aug 2006, 17:50
maybe he got a virus that means any irc-based chat he enters makes him periodically post that url. Like the MSN viruses.

Lex
15 Aug 2006, 08:07
In-game chat is not IRC-based. However, it's possible that it makes his keyboard type that string of letters periodically.

Muzer
15 Aug 2006, 11:56
"CieNTi: im in a server, with VNC, and there will be a vulnerability and somtimes enter someone and try to exec that"
Hmm... Maybe he means someone's hacking his internet connection?

MrBunsy
15 Aug 2006, 12:13
VNC? Virtual Network Computing / Connection?

Sounds like he's connected to something seriously insecure somewhere.

evilworm2
15 Aug 2006, 13:26
VNC? Virtual Network Computing / Connection?

Sounds like he's connected to something seriously insecure somewhere.

I wonder if it is even possible to play over VNC. Must be slowwww.

MrBunsy
15 Aug 2006, 17:10
I've tried over remote desktop, but I don't remember it working, somehting to do with direct X. however, with the right software and a powerful enough conncetion it should be possible.

MadEwokHerd
15 Aug 2006, 22:56
I've tried over remote desktop, but I don't remember it working, somehting to do with direct X. however, with the right software and a powerful enough conncetion it should be possible.

You could probably do it with Wine. Remote X performance would be terrible though (I think it'd have to send each frame over the network)..VNC might be better..

MrBunsy
16 Aug 2006, 13:16
I don't think I've ever got that set up in linux though, I presume that's where you mean?

Plutonic
16 Aug 2006, 17:32
trying to use radmin to play a hotseat game caused a black screen on the remote players window. menus were just the back layer but useable.

CieNTi
16 Aug 2006, 17:56
Well .. a guy on wormnet said me this post ... I have 2 PCs, my own, on my house, and my work's one ... On my work's one, i have a VNC server, to remotely manage from my house .. Im working on a ciber, and, vnc maybe have a vulnerability, cos, having any password, someone gain access to my desktop, and automatically, try to open the "execute" windows, write a URL, and execute it ... the application, isnt a virus by own, its a downloader, i followed it, and the virus is a IRC based-virus ... I changed the default port of the vnc server, and NEVER spreaded viruses on wormnet, that time was simply bad luck, that i was playing and the mf guy entered ...

As u can see on the repeat game, i said "NOT TO OPEN IT" and if u see it well, u can see the URL cutted at end, cos i was writing something else when that happened ... i think u can think before say "CIENTI SPREAD VIRUSES" ... ask someone if i said that url once more ... bah, cya, the people that know me knows that is false

CieNTi
16 Aug 2006, 17:57
And no ... from my house, trought VNC cant play worms, so slow, impossible to play nice

CyberShadow
16 Aug 2006, 19:51
Sounds like someone was making a bot network by mass-scanning for VNC vulnerabilities, and gaining access to the machine to install his software.
You should upgrade/change your VNC software, and also set the VNC or your firewall to accept connections only from a list of trusted IP addresses.

Also, get an anti-virus. It's really worth it. I recommend NOD32 (http://www.eset.com/) :D

evilworm2
17 Aug 2006, 00:46
Thanks CieNTi for clearing this up. A mod now may change the title.