A little corner of the Empire on the web.

19 August, 2008

EVE Central Market Upload Utility Trojan Keylogger Warning

Please see the update at the bottom of this article. I no longer suspect EVE Central or it's Market Uploader utility of any wrongdoing here.

So a friend of mine found that around a £1000 of money had been siphoned from his bank account recently (all in bank transfers of under £150). After talking to the bank about he found that the attacker had got into his bank account using the web login.

The question then became, how did they get his password? Like me, he works in IT so is pretty savvy about security generally, so had no idea how anyone could have got a keylogger onto either his home or work PC.

After much searching around he finally found this blog post a Mule in EvE: Learn and live to fight again that pointed to the fact that someone else had found a Trojan keylogger (a piece of malicious software similar to a virus that logs all of your typing and sends it to someone else on the internet) hidden inside the popular Market Upload utility from EVE Central. This is a popular tool that allows players of the game EVE Online to upload data about the ingame market place to a website where analysis can be run.

He rang me to let me know (as I also play EVE and have this tool installed), and sure enough a "deep scan" by Sunbelt Software's VIPRE Antivirus found the following trojan on my PC: Trojan-Spy.Win32.KeyLogger.acm, hidden in the "evec_upload.exe" file in the "EVE-Central MarketUploader".

Not good news, so one removal, uninstall and a few hours changing passwords later, here we are warning the rest of the public about this. As EVE-Central doesn't have any kind of public forum to post in, I'm putting this up here whilst I mail the developers for comment.

Please note that I am not blaming the EVE-Central developers here at all, I have no idea whether they are simply the victims of being unwittingly hacked themselves, or whether they are doing this deliberately. Also there is the possibility that this could be a false alarm and something in the way the Market Uploader was written is accidentally triggering a false warning in the anti virus software.

I am also most definitely not blaming CCP or EVE Online. CCP have made a great game that many, many people enjoy every day, and neither myself or EVE-Central are affiliated with them.


Update 20/8/08: Having carried out further investigation and emailed back and forth with Yann of Eve-Central it seems that we were too hasty assigning blame here. I no longer suspect EVE Central or it's Market Uploader utility of any wrongdoing here. I'm sorry for any misunderstanding or distress that could have been caused by this.

An up to date version of the VIPRE Antivirus doesn't pick up the "EVE-Central.com MarketUploader" as any kind of malware (or 'bad' software) at all.

From Yann:

I've been distributing the same package file since mid 2007. Its been at some time been listed as a Trojan all these major AV products, but detection had improved so the false positives were eliminated within a few update cycles.

It seems that some fairly old virus was written by someone using the same software that Yanne used to create the Market Uploader. This means that it has ended up looking slightly similar to an old virus, and has been at one time flagged up by many of the major anti-virus products, and then cleared again a few updates later as they fine-tune their virus detection.

This is a bit like if I used the same powerdrill to put up my shelves, as some serial killer used to do nasty stuff to people. Just because we both used the same tool, and both used it to drill holes, doesn't mean that I had anything like the same intention or outcome as the murderer.

Hmm tortuous analogy!

07 March, 2008

Open Parliament

Dad's organization (OFE) are organizing a petition to convince the European Parliament Government to change their IT systems over to using open standards.

Head over to www.openparliament.eu to sign up and show your support

Citizens and stakeholder groups should not have to use the software of a single company in order to communicate with their elected officials or participate in the legislative process.

All companies should be given the chance to compete freely for contracts to supply ICT services to the European Parliament.

I am a citizen of the EU, and I want the European Parliament to adopt the use of open standards and to promote interoperability in the ICT sector.

We believe that the current situation, where the European Parliament’s ICT runs on proprietary software that is not interoperable with that of other vendors, where therefore citizens and stakeholder groups wishing to participate in the legislative process are forced to use the products of a single company, is in conflict with the first article of Chapter 1 in the Treaty of the European Union. An example of this is the live Web streaming from the European Parliament's plenary sessions – aimed at improving communication with citizens and insight into democratic processes – which will only work with Windows Media Player.

Go on, head over and sign the petition.

04 March, 2008

EveBerry

This post's been sitting in my queue for a while, sorry!

Vlad (of Mozilla and Firefox fame) posted to the EVE-Online fourms a while ago about his new EveBerry tool, that can be downloaded here: EveBerry -- a BlackBerry EVE Character Monitor:.

It's similar to EVEMon and market monitoring apps, but for your Blackberry smartphone (assuming you have one, I do) and is very, very cool and very, very useful.

That's all!

I CAN HAS BOTZ

Since my last set of Lol Bots images (featuring Red Dwarf's Kryten, Ghost in the Shell's Tachikoma and Fritz Lang's Maria), the site seemed to go quiet for quite a few months. Luckily over the last few weeks rstevens has grabbed the editorial reins back and posted a slew of new images, including two more of mine.

I started off a little late for Valentine's with Kryten and Camille:

(It really was E5 A9 08 B7, no need to spell it out)

And finally got a bit of my favourite geekery in with 3PO:

(Metal body: 1, Fragile Skin and Bones: 0)