Demonbuddy Beta infected

[pwnyhofpl0x]

thumb.db would connect to a URL, get a picture which contained the trojan and begin catchign the users WoW, Guild Wars 2 and Diablo 3 passwords through game=%s&host=%s&user=%s&pass=%s

Heres another screenshot showing what its stealing


http://i.imgur.com/W8Zl6.png
http://i.imgur.com/TuOae.png
http://i.imgur.com/6bE7R.png

So far no "official" word other then "Our servers got hacked, we are trying to figure how this happened" Lots of potential users could have been hit by this, and accounts possibly hacked.

 

[Pikablu]

Thanks for the heads up. I just changed all my passwords.

 

[ag0ny]

Ye its really a shame that noone from the officials lost a word about it ... silence to dead!

 

[Polyester]

http://www.thebuddyforum.com/buddy-...ild-server-infected-keylogger.html#post953297
http://www.thebuddyforum.com/honorbuddy-forum/support-issues/96488-beta-db-hb-infected.html
http://www.thebuddyforum.com/demonbuddy-forum/demonbuddy-support/96486-beta-db-hb-infected.html
http://www.thebuddyforum.com/demonbuddy-forum/96427-demonbuddybeta-1-0-1219-110-infected.html

read through all these threads, it owns that you obviously know a lot more than the people posting in those threads but they all shut you down saying youre dumb. thanks for the laugh ^___________^

 

[ozzborn]

I should was instantly PM to Hawker, without creating threads

What does I should was mean? The Chinese forum users post more coherent threads than you.

 

[Pikablu]

What does I should was mean? The Chinese forum users post more coherent threads than you.

What does should this comment really necessary?

 

[greenblood]

Does the download still contain the trojan? I just upgraded to latest beta about an hour ago.

Where should i look for that thumb.db file? It's not in my db folder at least.

 

[Dbuddy]

???

 

[greenblood]

Thanks for the guide, looks like i'm not infected.

 

[alvinouch]

Thanks for the tips

 

[ogg]

http://www.thebuddyforum.com/buddy-...ild-server-infected-keylogger.html#post953297
http://www.thebuddyforum.com/honorbuddy-forum/support-issues/96488-beta-db-hb-infected.html
http://www.thebuddyforum.com/demonbuddy-forum/demonbuddy-support/96486-beta-db-hb-infected.html
http://www.thebuddyforum.com/demonbuddy-forum/96427-demonbuddybeta-1-0-1219-110-infected.html

Read all these, as Polyester said it's really quite funny how ignorant some people can be. Awesome work man, heaps of people use the beta so this wasn't a small deal.

 

[LetItRain]

"DemonbuddyBETA v1.0.1217.108" isn't infected is it?

 

[KillAllHumans]

All of the betas clean atm

 

[warbux]

There seems to be another version of this floating around. Check the following reg values

Local_Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll AMDEx3.msi
Local_Machine\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll AMDEx3.msi
Local_Machine\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll AMDEx3.msi

 

[jaymehx]

funny shit, just when the server got hacked i TOLD them something like this would happen, but some DEV just laughed telling me this would never happen. Actually, i'd like to see the Database getting hacked more often, maybe the shitty service here would change.

 

[charvin]

I used Ctrl + F to look for anything called "AMDEx3.msi" and didn't find anything nor did I see a "6to4" folder under any of the ControlSet001/002 folders. Does this mean I wasn't infected?

 

[20kilo]

This can have anything with recent waves in diablo and wow? and almost all reports been only from buddys?

 

[Tony]

This can have anything with recent waves in diablo and wow? and almost all reports been only from buddys?

nope

 

[ChuckLee]

This can have anything with recent waves in diablo and wow? and almost all reports been only from buddys?

It’d be honestly hard to say for sure, possibility however very unlikely

 

[20kilo]

It’d be honestly hard to say for sure, possibility however very unlikely

i dont want to flame or anything, but if our information was going somewhere, why they dont use it for something, like clean the accounts for profit?
i have wow account with more than 1milion gold in same as diablo that i used to bot, and its not touched, they can be gathering information for months, and sell all it for blizz maybe?