• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Attention to all users that have no AV installed and downloaded HB/DB past 24 hours

    Discussion in 'Archives' started by bossland, May 7, 2013.

    1. bossland

      bossland Administrator

      Joined:
      Jan 15, 2010
      Messages:
      14,883
      Likes Received:
      259
      Trophy Points:
      146
      To all users of HB and DB,

      Our releases server, update.buddyauth.com was attacked around 24 hours ago and latest Release builds of HB and DB where infected with a trojan directly targeting us.

      If you have ran a AV, it has detected the Trojan and eliminated it.

      If you have not ran an AV, please do so now, and please never turn that off!

      What happened:

      The Release Server was targeted and infected, only DB and HB where the target. The trojan targets game accounts, like D3, WOW, GW, Runescape

      We were exposed for around or less than 24 hours. All the users that downloaded HB / DB out of updates.buddyauth.com since then should now check their systems and especially the HB / DB folder for an infection.

      Please excuse this failure from our side, we took countermeasures and hope that this will never happen again.

      Download the latest builds from The Buddywing Update Server and extract them in a new folder.


      Again we are very sorry for that attack on our systems, if you have any Anti-virus running, you would have been completely fine, if not make sure and change your Games passwords and scan your compute for trojans and or malware.
       
      Last edited by a moderator: May 9, 2013
    2. handnavi

      handnavi Well-Known Member Buddy Store Developer

      Joined:
      Jan 15, 2010
      Messages:
      2,489
      Likes Received:
      59
      Trophy Points:
      48
      So this was the .555 that people downloaded after the pullback?
       
    3. TreeEskimo

      TreeEskimo Member

      Joined:
      Apr 22, 2013
      Messages:
      105
      Likes Received:
      0
      Trophy Points:
      16
      Windows 8 defneder (Microsoft Security Essentials) count as a AV right? Also I have paid version of malware bytes running in the background, that would also catch it, wouldnt it?

      Thanks for the news, though.
       
    4. bossland

      bossland Administrator

      Joined:
      Jan 15, 2010
      Messages:
      14,883
      Likes Received:
      259
      Trophy Points:
      146
      No it was .557 which was modified yesterday, the actual release build.

      As soon as i saw that, i removed the modified .557, which caused the Server to pull back to .555

      After that we made a new build, .560, scanned it and released it. Also scanned all our servers and found the intruder and eliminated it.
       
    5. bossland

      bossland Administrator

      Joined:
      Jan 15, 2010
      Messages:
      14,883
      Likes Received:
      259
      Trophy Points:
      146
      Yes, it was nowhere near a 0day exploit or anything like that.
       
    6. TreeEskimo

      TreeEskimo Member

      Joined:
      Apr 22, 2013
      Messages:
      105
      Likes Received:
      0
      Trophy Points:
      16
      Hm alright, guess I didnt get infected even though I downloaded build 557 two times. Might just be Malware bytes actually not even letting it through, dont know.
       
    7. gippy

      gippy Member

      Joined:
      Jan 15, 2010
      Messages:
      224
      Likes Received:
      3
      Trophy Points:
      18
      Thanks for the update, i wondered what the pullback thing was when i woke up. I didn't download anything apart from the recent update so it doesnt affect me but its good to know!
       
    8. CodenameG

      CodenameG New Member

      Joined:
      Jan 15, 2010
      Messages:
      38,369
      Likes Received:
      231
      Trophy Points:
      0
      there was a relatively small window where this could of happened. we managed to catch it fairly quickly.
       
    9. Varity

      Varity Member

      Joined:
      Jul 3, 2012
      Messages:
      91
      Likes Received:
      0
      Trophy Points:
      6
      Are there more information about location and co.?
       
    10. nomnomnom

      nomnomnom Well-Known Member

      Joined:
      Feb 18, 2011
      Messages:
      1,506
      Likes Received:
      73
      Trophy Points:
      48
      Quite a shame that the severs are affected by exploits which arent 0-days. Makes me doubt the security on those machines ... If it was a 0-day I could understand ...
       
    11. taz

      taz New Member

      Joined:
      Feb 2, 2012
      Messages:
      6
      Likes Received:
      0
      Trophy Points:
      0
      my hb isnt working now.. i've deleted the old one, installed a new version, im using kick's leveling profiles and now the bot dont work.. nice
       
    12. CodenameG

      CodenameG New Member

      Joined:
      Jan 15, 2010
      Messages:
      38,369
      Likes Received:
      231
      Trophy Points:
      0
      then make a new thread and upload a full log as an attachment and we can help you out.
       
    13. m86

      m86 New Member

      Joined:
      Apr 5, 2013
      Messages:
      79
      Likes Received:
      0
      Trophy Points:
      0

      I downloaded a new hb from the link you provided, it continues to just crash and I'm not sure I understand what you mean by " If it crashes go to " QuestBehaviors / Developementdelete PetControl.cs " I went into the questbehaviors and couldn't find anything that matched that at all. Forgive my ignorance if this is just going right over my head : / Would love to get it working again though. ( added the logs as well )
       

      Attached Files:

      Last edited: May 7, 2013
    14. Tempritscher

      Tempritscher New Member

      Joined:
      Sep 26, 2010
      Messages:
      23
      Likes Received:
      0
      Trophy Points:
      1
      if you can get an IP pls send it to me i will DDOS the idiot who attacks honorbuddy ;)
       
    15. nomnomnom

      nomnomnom Well-Known Member

      Joined:
      Feb 18, 2011
      Messages:
      1,506
      Likes Received:
      73
      Trophy Points:
      48
      Retaliation will only cause more problems afterwards.
       
    16. geels12

      geels12 New Member

      Joined:
      Dec 18, 2012
      Messages:
      10
      Likes Received:
      0
      Trophy Points:
      0
      Will the virus remain the in the HB directory? Because I updated like 2-3 hours ago and my AV didn't detect anything
       
    17. Giwin

      Giwin Well-Known Member Buddy Store Developer

      Joined:
      Dec 3, 2011
      Messages:
      3,431
      Likes Received:
      49
      Trophy Points:
      48
      Hmm this has happened twice now, maybe security needs to be stepped up... like disable the uploading of .exe unless your in IP range etc.
       
    18. Mario27

      Mario27 Banned

      Joined:
      Jan 15, 2010
      Messages:
      6,336
      Likes Received:
      4
      Trophy Points:
      0
      its weird how chineese people can target honorbuddy and put malware in it i changed direckly my password of my accounts but i have comodo anti viruscanner and firewall the paid one i delete the 557 honorbuddy im installing now the new version so maybe the one that was targeted crashed my internet evryonce and then came back up? i had troubles with my internet evry few minutes or hours my internet crashed then afther 5 6 seconds came back up and sometimes one of my accounts freezed wow when i did some things to not get my internet dc
       
      Last edited: May 7, 2013
    19. handnavi

      handnavi Well-Known Member Buddy Store Developer

      Joined:
      Jan 15, 2010
      Messages:
      2,489
      Likes Received:
      59
      Trophy Points:
      48
      The best thing is, that atleast 2 users reported the issue yesterday.

      Tonys response was just :"false positive" and another mod just posted the link to download the infected file.

      This should not happen. If more then 1 user reports such stuff, atleast the staff members should check it and not replay with a standart response.

      Just my 3 cents...
       
    20. Nolla

      Nolla New Member

      Joined:
      May 7, 2013
      Messages:
      1
      Likes Received:
      0
      Trophy Points:
      0
      Pretty sure what he meant was not a 0-day exploit on the client side. If they were aware of the bug to get access to download server, they would've fixed it before.
       

    Share This Page