On Tue, Aug 21, 2012 at 9:47 AM, Peter Saint-Andre <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 7/27/11 8:45 AM, Peter Saint-Andre wrote: >> A program that enables you to cheat at DarkOrbit ("The ultimate >> Browser Game space adventure") has established itself on the XMPP >> network. In essence, you pay for a license and then you are able to >> "chat" over IM to obtain real-time instructions about how to cheat >> in the DarkOrbit game. Originally this bot had a JID at jabber.org. >> I disabled the account at jabber.org because it had a very large >> buddy list and because I don't like cheaters. It then moved to >> wippien.com. I told the Wippien admins and they shut down the bot. >> The bot then moved to jabber.ru. It has gone through several JIDs >> at jabber.ru (e.g., [email protected], [email protected]) but still >> resides at that domain. I have seen many users at jabber.org who >> have this bot in their rosters (these cheaters often seem to forget >> their passwords), so other server admins might want to be aware >> that such users are becoming quite common. I contacted the creators >> of the DarkOrbit game in early March but did not receive a reply >> from them. If you play that game or have a way to contact the >> creators, please ping me off-list. > > By the way, an attack against this bot's users appears to be the cause > of the DDoS launched against jabber.org on August 4 and renewed again > early this morning (they are attacking jabber.org because the KBot > cheating service tells its users to register XMPP accounts at jabber.org): > > http://www.elitepvpers.com/forum/darkorbit/2042232-announcement-ddos-attacks-all-bots.html > > The jabber.org admins are taking protective measures. > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ >
How do you recognize the bot - is it just in the logs, or is there a signature handshare on the wire? As an advisory alert, it would be good to be able to describe the bot at a technical level. I am guessing the expected impact of the bot is "many new JIDs with very large rosters" - that and the cheating, anything else?
