• Buddy Bots infected with trojan.

    by
    08449
    Published on 12-19-2012 01:55 PM
    14 Comments Comments
    Yesterday 18 December Buddy Bots developer Hawker announced that their build server was infected with a trojan keylogger. Hawker also mentioned that this trojan was specifically designed to attack Demonbuddy and Honorbuddy, but it infected some different builds as well.


    The products that were infected with this trojan were:
    - 1 release of Arelog
    - 1 release of GW2Buddy
    - HonorbuddyBETA release of last week
    - DemonbuddyBETA release of last week


    All users of Buddy Bot products are advised to scan their computer with Microsoft Security Essentials, which detects and destroys the trojan. Reset your World of Warcraft, Diablo 3 and/or Guild Wars 2 passwords as well, just to be safe.


    In light of the 18 December banwave, speculations have arisen that the trojan might somehow be connected to the banwaves.
    This article was originally published in forum thread: Buddy Bots infected with trojan. started by 08449 View original post
    Comments 14 Comments
    1. mgscs's Avatar
      mgscs - 12-19-2012
      I call bullshit to be honest. Wouldn't this affect WoW aswell if it truly was?

      + people using cracked versions wouldn't be connected to their servers would it? Still they got banned
    1. 08449's Avatar
      08449 - 12-19-2012
      Quote Originally Posted by mgscs View Post
      I call bullshit to be honest. Wouldn't this affect WoW aswell if it truly was?

      + people using cracked versions wouldn't be connected to their servers would it? Still they got banned
      Bullshit on the article or on the rumors? I'm not big on the rumors either and frankly don't believe them, but there is quite some talk about a connection so i had to write it down.
      If you don't believe that there was a trojan inside of the releases, i recommend you read the linked post of hawker and reconsider.
    1. mgscs's Avatar
      mgscs - 12-19-2012
      I ment the rumors. Sorry for not making that clear ! Somehow I belive Buddyteam is hiding something from us that made us all get banned
    1. Grim32's Avatar
      Grim32 - 12-19-2012
      Quote Originally Posted by mgscs View Post
      I ment the rumors. Sorry for not making that clear ! Somehow I belive Buddyteam is hiding something from us that made us all get banned
      Not everyone got banned. I've used it for 8 weeks, every day, to do my rotations no bans. Ive used it on weekends to farm. No bans. Not everyone got banned...

      -Grim
    1. Razkaz's Avatar
      Razkaz - 12-20-2012
      The more that gets banned the better.
      Death to the bots!
      (muhahahaha)
    1. chingchawng's Avatar
      chingchawng - 12-20-2012
      this is a true story my laptop actually got infected after installing HB from the official links
    1. danbirk's Avatar
      danbirk - 12-20-2012
      I wonder what have happened since this shit happend.
      Dont hope Ive got an infection....
    1. jmulhern345help's Avatar
      jmulhern345help - 12-21-2012
      i blame the dumb asses botting bgs. if you bot BGs all night and log in and your banned. good. enjoy it *******.
    1. wired420's Avatar
      wired420 - 12-22-2012
      Funny. I work for Xfinity Signature Support. All I do is remove bloatware, malware, adware, and viruses/trojans. I just went through both copies of the supposedly infected builds in a sand boxed VM and found nothing. Sounds like a smoke screen for coder error to me.
    1. JohnM's Avatar
      JohnM - 12-26-2012
      lol cant scan with MS security essentials, not geniue copy of windows

      Who the hell has a geniue copy of windows these days anyhow

      What i dont get is, they must have FUD cryptet the keylogger and uploaded it to their download servers, but how did they instruct the updater to fetch the file in the download .... sounds an awfull lot like an inside job
    1. BulletLatus's Avatar
      BulletLatus - 12-28-2012
      Quote Originally Posted by JohnM View Post
      lol cant scan with MS security essentials, not geniue copy of windows

      Who the hell has a geniue copy of windows these days anyhow

      What i dont get is, they must have FUD cryptet the keylogger and uploaded it to their download servers, but how did they instruct the updater to fetch the file in the download .... sounds an awfull lot like an inside job
      I agree, is certainly does seem like an inside job, there is a thread on thebuddyforum with someone complaining about a .MSI program which was the virus, however the moderator said 'Don't worry, It's got nothing to do with us.'... This thread was 3 months old.

      I was in-fact hacked by the keylogger, and had my password changed, however the accounts contents was untouched... Being a previous black hat myself, I found it quite amazing it was so obsolete...

      The virus:
      - Hid itself from the task manager.
      - Hid the registry start-up command.
      - Used a crypted 'dropper', and droppers are very easy to detect, so they must have used there own code (private and not public).
      - Managed to decompile the Honorbuddy installer and add the malicious code and then recompile it.

      I've only ever seen something this good at hiding, that it was made for hacking bank and stealing credit cards... Called SpyEye and it's brother, Zeus.

      I found the virus installed itself in C:\WINDOWS\system32\Installer and was a .MSI program... The name I can't remember to well, but looked like: Ae3.MSI, it was 4 characters long.

      I fear hundreds of people were hacked by this virus, I would love to speak to the person behind it!
    1. Viano's Avatar
      Viano - 01-02-2013
      This is not the first time they have serious security problems. I hate the feeling that they are not telling the whole truth and information about their customers (including credit card numbers) is somewhere in china now.
    1. lastnameiodfogewiuh's Avatar
      lastnameiodfogewiuh - 01-04-2013
      Hi buddy :


      ==== ( offer cheap sports shoes and clothes ) =====

      The website wholesale for many kinds of
      fashion shoes, like the nike,jordan,prada,****, also including the jeans,shirts,bags,hat and the decorations. All the products are free shipping, and the the price is

      competitive, and also can accept the paypal payment.,after the payment, can ship within short time.
      free shipping

      competitive price

      any size available

      accept the paypal

      jordan shoes $32

      nike shox $32

      Christan Audigier bikini $23

      Ed Hardy Bikini $23

      Smful short_t-shirt_woman $15


      ed hardy short_tank_woman $16

      Sandal $32

      christian louboutin $80

      Sunglass $15

      COACH_Necklace $27

      handbag $33

      AF tank woman $17


      puma slipper woman $30


      ==== ( offer cheap sports shoes and clothes ) =====
    1. fritobc's Avatar
      fritobc - 01-05-2013
      So, only the BETA copy of HB was infected?