Forum :: Lounge :: NEW WORLDS

Okay, I don't quite know what's going on with it but Plasmaster told us that Sausage found a RAT virus in an HTML (i think) file in the Client's folder. Do you think this will be resolved and the server could be back up soon? It is a rather fun server and  I don't think the owner had intentionally corrupted or added a virus to the folder.

---
Gaia Name: 1NST1GN1A

Somebody may be DDoS'ing the server. That is, however, not my fault.

---
Wish upon a star!

It was definitely intentional. They used the backdoor to steal EOSource source code and the FE database from Elevations. Waiting on better confirmation before I post an official advisory.

I have no control over whether the server is up or down, I'm just blocking it from the server list.

Howdy. Here is a scan of the trojan exe I managed to extract. https://www.virustotal.com/file/9c996476abde0802e2d7efdcc77a7300a03d0ace8e8d7a323ab6e1c3ad998d49/analysis/1339335007/

This is also the keylogger log I pulled from it. http://pastebin.com/Kbz76ppu

---
Wish upon a star!

I have no idea about the source code you mentioned, however the Keylogger was just found out about and was not intentional -- Bluee had placed it there. He is now banned. Removing the Client off of my site.

http://new-worlds.forumotion.com/t148-attention-new-world#435

---
" Too much English, NOT ENOUGH CAPS! " - Wildsurvival
" Never let the fear of striking out get in your way" - Babe Ruth
Join the new EO Forum! - www.endless-forum.boards.net

We found the real culprit it was andrewbob and bluee we were un aware of the trojan which was in the client and that is our fault aswell

I want to apologize for anything with this, i just woke up to find out half are fucking players have a virus.. this is some awesome shit now.. the fuck

---
CN:BH 4 lyfe

We figured it was "Bluee" when I traced his IP address that was provided, I really hope you guys figure this out and sort things out with Sausage, Goodluck.

ye same i had no idea why *Bluee* would do it ,but even the main admins of new world had no clue about it also.i enjoy playing new world ,it's more layed back that say EE,and more fun.

---
Private server IGN :Paul,Powellop

Old main IGn :powelloppp,paulp.

Jimmy provided me with this IP address, this isn't the same as the other posted in the infected warning, there are two people working together on this one is supposely Bluee, but this other one from United states is questionable. Possibly andrewbob1

108.45.74.222 IPaddress location & more: IP address [?]: 108.45.74.222 [Whois] [Reverse IP] IP country code: US IP address country:  United States IP address state: Maryland IP address city: Gaithersburg IP postcode: 20878 IP address latitude: 39.1148 IP address longitude: -77.2462 ISP of this IP [?]: Verizon Internet Services Organization: Verizon Internet Services Host of this IP: [?]: pool-108-45-74-222.washdc.fios.verizon.net[Whois] [Trace] Local time in United States: 2012-06-10 16:32

49.144.238.137 IP address location & more:
IP address [?]:	49.144.238.137 [Whois] [Reverse IP]
IP country code:	PH
IP address country:	Philippines
IP address state:	Quezon City
IP address city:	Quezon City
IP address latitude:	14.6488
IP address longitude:	121.0509
ISP of this IP [?]:	Philippine Long Distance Telephone
Organization:	Philippine Long Distance Telephone
Host of this IP: [?]:	dsl.49.144.238.137.pldt.net [Whois] [Trace]
Local time in Philippines:	2012-06-11 00:16

Hollisterâ„¢ posted: (10th Jun 2012, 08:34 pm)

Jimmy provided me with this IP address, this isn't the same as the other posted in the infected warning, there are two people working together on this one is supposely Bluee, but this other one from United states is questionable. Possibly andrewbob1

108.45.74.222 IPaddress location & more: IP address [?]: 108.45.74.222 [Whois] [Reverse IP] IP country code: US IP address country:  United States IP address state: Maryland IP address city: Gaithersburg IP postcode: 20878 IP address latitude: 39.1148 IP address longitude: -77.2462 ISP of this IP [?]: Verizon Internet Services Organization: Verizon Internet Services Host of this IP: [?]: pool-108-45-74-222.washdc.fios.verizon.net[Whois] [Trace] Local time in United States: 2012-06-10 16:32 This was the first suspect which was figured out to be Bluee..

49.144.238.137 IP address location & more:
IP address [?]:	49.144.238.137 [Whois] [Reverse IP]
IP country code:	PH
IP address country:	Philippines
IP address state:	Quezon City
IP address city:	Quezon City
IP address latitude:	14.6488
IP address longitude:	121.0509
ISP of this IP [?]:	Philippine Long Distance Telephone
Organization:	Philippine Long Distance Telephone
Host of this IP: [?]:	dsl.49.144.238.137.pldt.net [Whois] [Trace]
Local time in Philippines:	2012-06-11 00:16

I am recieving more IPs, one moment.

108.45.74.222

A person -___- gave me three IP's

49.144.240.198 - EDIT* 49.144.240.198 & 49.144.238.137 are the same ips from the same place and same coordinates, Bluee most likely turned his router off for 2 hours and got a new IPS.

49.144.238.137 - Comfirmed that this is Bluee

108.45.74.222 - This is andrewbob1, I was talking to andrew before I left EOSource a couple months ago. He told me himself he was from Gaithersberg, Maryland.

it's a RAT, not a keylogger or backdoor.

he pretty much has control of 13+ people's PC lol. <3

also, you guys are retarded for thinking blue actually did stuff. 

Chibimon posted: (10th Jun 2012, 08:48 pm)

it's a RAT, not a keylogger or backdoor.

he pretty much has control of 13+ people's PC lol. <3

also, you guys are retarded for thinking blue actually did stuff. 

Chibimon posted: (10th Jun 2012, 08:48 pm)

it's a RAT, not a keylogger or backdoor.

he pretty much has control of 13+ people's PC lol. <3

also, you guys are retarded for thinking blue actually did stuff. 

---
If at first you don't succeed; call it version 1.0