CampStaff
04-28-2009, 11:04 AM
On my final day here on the site, just before I leave, I went to check for cheats for the DB.
I found something called Inclusive Aimbot (http://aimbots.net/counterstrike-1-6-downloads/15888-inclusive-cbaimbot.html).rar; in it was two exe's and a .ini file. So I go and disassemble/hex it and sandbox to see whats it about. Mind you.. it did not have a Readme nor credits.. but the 'author' stated he made it for CS 1.6. Below are excerpts of my followup post.
Malicious TROAJAN Detected
Being that you made no credits identifying who helped you with "your hack" i decided to disassemble it and see what it is really.
When we download it, it showed two separate EXE's. One named Aimbot, one named Reference. [..]
In your Aimbot.exe, there is no cheat functions what so ever.
Lets continue with CBReference:
http://scanner.novirusthanks.org/results/F330DB63A2AA0260E0C7AC83BB77A3DF/ASCII.txt
In your Reference.exe, there is no cheat functions what so ever. Instead, we see functions such as:
MailAddress
MailAddressCollection
get_To
get_TimeOfDay
get_Hour
get_Minute
get_Second
set_Subject
Seems it will gather the host computer's data and mail/STMP/HTTP it out.
So we followed the data on the Reference.exe and I was floored in what I had found:
Waiting for executable
londasgt
kaitlyn
smtp.gmail.com
londasgt@gmail.com
IP:72.240.103.197
Josh Albert
So, I wondering, we as a community was getting a rash of programs/cheats on the internet claiming to be hacks but are really trojan stealers by a guy named Josh ( check MPC/GamerzPlanet ). And low and behold..
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesd.png
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesf.png
Sooo.. LondasGT, when you figure out you can't get into your extensive collection of passwords and keylogs, here's why.
--
Edit: LoL.. so I followed LondasGT on Google and found him on YouTube.
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesg.png
I found something called Inclusive Aimbot (http://aimbots.net/counterstrike-1-6-downloads/15888-inclusive-cbaimbot.html).rar; in it was two exe's and a .ini file. So I go and disassemble/hex it and sandbox to see whats it about. Mind you.. it did not have a Readme nor credits.. but the 'author' stated he made it for CS 1.6. Below are excerpts of my followup post.
Malicious TROAJAN Detected
Being that you made no credits identifying who helped you with "your hack" i decided to disassemble it and see what it is really.
When we download it, it showed two separate EXE's. One named Aimbot, one named Reference. [..]
In your Aimbot.exe, there is no cheat functions what so ever.
Lets continue with CBReference:
http://scanner.novirusthanks.org/results/F330DB63A2AA0260E0C7AC83BB77A3DF/ASCII.txt
In your Reference.exe, there is no cheat functions what so ever. Instead, we see functions such as:
MailAddress
MailAddressCollection
get_To
get_TimeOfDay
get_Hour
get_Minute
get_Second
set_Subject
Seems it will gather the host computer's data and mail/STMP/HTTP it out.
So we followed the data on the Reference.exe and I was floored in what I had found:
Waiting for executable
londasgt
kaitlyn
smtp.gmail.com
londasgt@gmail.com
IP:72.240.103.197
Josh Albert
So, I wondering, we as a community was getting a rash of programs/cheats on the internet claiming to be hacks but are really trojan stealers by a guy named Josh ( check MPC/GamerzPlanet ). And low and behold..
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesd.png
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesf.png
Sooo.. LondasGT, when you figure out you can't get into your extensive collection of passwords and keylogs, here's why.
--
Edit: LoL.. so I followed LondasGT on Google and found him on YouTube.
http://campstaff.cheat-project.com/Public/p/Other/Trojanner/LondasGT_xtcgvbbnhmyjukitsydufigihgyftrehesg.png