-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/21/12 1:24 PM, Ed - 0x1b, Inc. wrote: > On Tue, Aug 21, 2012 at 9:47 AM, Peter Saint-Andre > <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 7/27/11 8:45 AM, Peter Saint-Andre wrote: >>> A program that enables you to cheat at DarkOrbit ("The >>> ultimate Browser Game space adventure") has established itself >>> on the XMPP network. In essence, you pay for a license and then >>> you are able to "chat" over IM to obtain real-time instructions >>> about how to cheat in the DarkOrbit game. Originally this bot >>> had a JID at jabber.org. I disabled the account at jabber.org >>> because it had a very large buddy list and because I don't like >>> cheaters. It then moved to wippien.com. I told the Wippien >>> admins and they shut down the bot. The bot then moved to >>> jabber.ru. It has gone through several JIDs at jabber.ru (e.g., >>> [email protected], [email protected]) but still resides at that >>> domain. I have seen many users at jabber.org who have this bot >>> in their rosters (these cheaters often seem to forget their >>> passwords), so other server admins might want to be aware that >>> such users are becoming quite common. I contacted the creators >>> of the DarkOrbit game in early March but did not receive a >>> reply from them. If you play that game or have a way to contact >>> the creators, please ping me off-list. >> >> By the way, an attack against this bot's users appears to be the >> cause of the DDoS launched against jabber.org on August 4 and >> renewed again early this morning (they are attacking jabber.org >> because the KBot cheating service tells its users to register >> XMPP accounts at jabber.org): >> >> http://www.elitepvpers.com/forum/darkorbit/2042232-announcement-ddos-attacks-all-bots.html >> >> >> The jabber.org admins are taking protective measures. >> >> Peter >> >> - -- Peter Saint-Andre https://stpeter.im/ >> > > How do you recognize the bot - is it just in the logs, or is there > a signature handshare on the wire? As an advisory alert, it would > be good to be able to describe the bot at a technical level. I am > guessing the expected impact of the bot is "many new JIDs with very > large rosters" - that and the cheating, anything else?
You can tell by the vast hordes of clueless users who have forgotten their passwords to access KBot. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAz9PcACgkQNL8k5A2w/vymLQCfdeTABMmNPGmZpazU09AEUiza eBIAnjDq4ZqlADhcxfTglXC4d+336860 =8toQ -----END PGP SIGNATURE-----
