Sun, Nov 24, 9:49 PM CST

Renderosity Forums / Poser - OFFICIAL



Welcome to the Poser - OFFICIAL Forum

Forum Coordinators: RedPhantom

Poser - OFFICIAL F.A.Q (Last Updated: 2024 Nov 24 8:11 pm)



Subject: Trojan horse detected in my DAZ3D downloads on 9/18!!!!!


communion ( ) posted Wed, 19 September 2001 at 12:29 AM · edited Sun, 24 November 2024 at 9:41 PM

Just did a routine virus scan on my system, and found every DAZ3D executable on my machine to be infected with the following trojan horse: Backdoor.IRC.Flood.D This virus allegedly installs an mIRC client that would allow a hacker access. This was found with the latest virus signature file installed with Cheyenne Innoculan antivirus on my Windows 2000 system at work. I have sent email warning DAZ3D of this problem, though I have not been able to confirm or deny the actual presence of this virus, I want to at least make the community aware of this possible issue. I highly suggest a thorough scan of all files downloaded from DAZ3D asap. Co(V)(V)union


hauksdottir ( ) posted Wed, 19 September 2001 at 1:42 AM

Charming. Mine are all .sit files (do all art on the Mac), but I should probably check them over anyway. Thank you for the alert. Carolly


willdial ( ) posted Wed, 19 September 2001 at 2:20 AM

I scaned all my DAZ3D downloads and found nothing. It may have been a worm on your system that infected all exe files.


casamerica ( ) posted Wed, 19 September 2001 at 2:52 AM

If you do not have your scanner set to scan AS you download then you are not using all your tools. It is like defending a castle but leaving the front gate open. Additionally, it gives you a much better system of determining exactly what file(s) you may have been downloading that were infected and carriers and which ones are simply innocent victims now being blamed. It helps take the guessing out of it. All my DAZ files have checked clean, BTW. Also, with the Nimda worm on the loose, if you have not already updated you anti-virus files you are just asking for a disaster. This one is very, very nasty.


Roy G ( ) posted Wed, 19 September 2001 at 4:52 AM

For what it's worth. I updated Norton Anti Virus today and Scaned everything. It all checked clean.


angielyn ( ) posted Wed, 19 September 2001 at 5:14 AM

I also updating last night and mine came back all clean ;)


brycetech ( ) posted Wed, 19 September 2001 at 10:00 AM

DAZ stuff is most likely not the problem, you should always be sure of a statement before you broadcast like this. You could potentially hurt a business, who in no way is the problem. You have most likely got a virus that attaches itself to exe files. the nimda bug mentioned above is a nasty bug and tho it could be worse, it lives only to spread not to damage or delete. for those of you that think you are safe from it, it does NOT require you to open an attachment to get it! this bug runs by itself! It can be gotten from html pages (yeah just by browsing) and can also be gotten just by reading an email. It lives to breed, but other than just spreading all over, it does little damage. It affects earlier Internet explorer and Outlook express programs. Netscrap appears unphased. Definition of how it runs by itself is that thru a javascript call, the program is being treated as an object that normally automatically runs while browsing (like a wav file)..the MIME is being sidestepped and the browser automatically runs the exe. gotta love the simplicity of this one...and one should fully expect a dangerous payload on its next version. later BT


duanemoody ( ) posted Wed, 19 September 2001 at 10:53 AM

Curious: Microsoft's blathering about increased security in IE6. Does this one slip by 6 as well? (gotta love a browser that no longer supports plugins, Java or the Macintosh)


brycetech ( ) posted Wed, 19 September 2001 at 12:47 PM

6 is not affected duane..in fact, 6 is what saved my butt yesterday..I had no idea it would run automatically on earlier unpatched systems (servers AND pc's) ya know, we've always been told..if you dont run it yourself, it wont run..and being somewhat of a computer person, I also taught that. Never thought of lying about the MIME type. Quite frankly a very brilliant idea in its simplicity. so while this was all going on yesterday (from about 9:55 - 11:05 am eastern) I was hit >112 times by this thing. I was tracking IP's to see who it was ..but soon realized it was from everywhere all at once. So I got on the other computer where I dont care what happens.


praxis22 ( ) posted Wed, 19 September 2001 at 12:52 PM

Hi, It's a tribute to Microsoft's PR department that these "viruses" are still called that, instead of the far more accurate, (though damaging) "Microsoft viruses" (which is what they actualy are) since they only "infect" systems allready infected with Microsoft software :) When it only affects you if you're running IE or Outlook, then you know where to point the finger, right? :) Having said that, the latest bug, will infect any MAPI capable mail tool (but this is a MS "standard" so...) and you don't have to run the included binary, just reading the mail is good enough, you can thank MS for that "innovation" too :) As for "does it slip..." Yup, it infects the IIs web server, and from there it can infect any MS browser that connects to the infected web server. Neat huh? It also makes use of any backdoors left behind by "Code Red" Caveat Emptor... later jb


communion ( ) posted Wed, 19 September 2001 at 5:51 PM

Looks like their installer has a piece of code that is being improperly detected as a virus. Please disregard the notice. Co(V)(V)union


BladeWolf ( ) posted Thu, 20 September 2001 at 1:37 AM

these bugs aren't designed by MS, but by idiots who know what the world is running on, Windows, which is made by MS. MS has made it both easy and a pain in the ass to hack. Easy to crack older systems, but much harder to crack the newer ones... I know, I had a buddy of mine who knows how to crack/hack/phreak systems try on my Win2k with Service Pack 2 and the updated security packs, and he spent 3 hours trying to get through and nothing. Right after that, we tried our art departments computer, which is a Mac G4 Cube, running OS X, and he was inside in 10 minutes. Go figure.


praxis22 ( ) posted Thu, 20 September 2001 at 3:39 AM

Hi, What I mean was that you can't really call them "computer viruses" since they don't work on any type of computer, only on those running MS's OS or apps, you can't even call them "email viruses" anymore since this new one, (and the past few) only work/spread through the insecurites of Outlook... It's more a matter of semantics/anthropology than an apportioning of blame :) later jb


Freon ( ) posted Thu, 20 September 2001 at 1:03 PM

Doesnt take much to modify the viruses to attack other systems.. But why bother? Doing it for Windows ensures fast and wide spreading due to the massive user and server base. Their goal is to see networks shut down, and they often get the results they desire. You could probably make the same type of virus for the MAC. But when they make up less than 1% of web servers, and support no major backbones or networks, who is going to care?


BladeWolf ( ) posted Thu, 20 September 2001 at 2:02 PM

all the little mac addicts that whine all over the net :)


praxis22 ( ) posted Fri, 21 September 2001 at 1:10 PM

Hi, Actually, you'd be suprised, the object of the excercise is notoriety and control, if you nuke the machine, you don't get to travel... QED The same can be said of the syn flood bots, that are used to nuke places like yahoo and amazon, the whole point of those is to spread quitely to make use of the machine without drawing attention to the perp :) Personally having been a reader of 40Hex in the past, I have to say that I do admire a well written virus. As a pure expression of programming prowess some of them are amazing! Dark angel used to produce some killer code, then the state of the art moved on to include polymorhic shielding, encryption, etc. all in a sub 3K package, designed to "live thrive and survive" totally autonomous, in a hostile environment, on almost any kind of PC hardware, these things are works of art. Sadly the same cannot be said for the current crop of virii making the papers, these "programs" (and I use the word advisedly :) that make use of well documented holes in application programs, are crap. They're are nothing better than glorified scripts. Lets face it, if outlook or IIS were better programs with a more coherent security model we wouldn't be having this conversation :) Right, I shall now go and ramble at length elsewhere :) later jb


mheldt ( ) posted Fri, 21 September 2001 at 8:27 PM

Anyone who writes a virus and infects a computer in the US with it is attacking our economy and should be located and dealt with. Since we are in a somewhat of a state of war and virii are a covert act, summary execution is warrented.


praxis22 ( ) posted Sun, 23 September 2001 at 1:37 PM

Hmmm, A bit of an over reaction I think, but given the current state of the world, it wouldn't suprise me :) Though on a related note, it would appear I was, (shock, horror! :) wrong, about the Nimda virus. On closer inspection, and following a discussion with a friend it would appear that Nimda is actually quite a piece of work :) Not only is it polymorphic, (never has the same signature twice, makes it impossible to track that way) but it's also multiplatform too! It makes use of both the Solaris sadm exploit, and can propogate itself via unpatched Cisco routers too, (which is fairly flash :) Word has it, that it originated in India, which the US has just lifted trade sanctions against :) There are those that say this was a blatant payoff for Pakistan for letting them use thier airspace, and they can't pay Pakistan and not do the same to India, I refuse to be drawn on the matter myself... :P Though the US economy was screwed long before the sorry events of September the 11th played themselves out on CNN, which is why the Dow, etc. took a dive after they came back. This was simply more bad news and uncertainty to add to the existing global economic gloom. The world's second biggest economy, (Japan) is a basket case, and it was looking to the world's largest economy, (the USA) to help it export it's way out of trouble, that is now unliklier to happen than ever it was, and the Japanese are repatriating capital so fast that the Japanese central bank is being forced to intervene to supress the value of the Yen against the Dollar. All of which does not bode well for the US economy which currently consumes 74% of global direct investment, and needs to consume more to fund it's growing current account defecit. Without which, it too will plunge into recession, regardless of whether or not rates drop again, or hedge funds get patriotic and don't "short" the market. I've seen one estimate that says that the S&P 500 is due for a 50% fall in the next three years and it's not going to stop untill the P/E of the entire index reaches 10 with a 6% growth yield, (currently it's got a P/E of about 20 with an implied earnings yield of about 14-20%) if you factor in the equity risk premium that investors are going to require, especially when the prospect of a sustained war beckons, then the outlook is only going to get worse. Unfortunately there are larger forces at work here than those susceptible to summary execution. later jb


mheldt ( ) posted Sun, 23 September 2001 at 2:48 PM

I disagree. You pay attention to a somewhat organized group that propagates these virii. Since the CIA are too timid to do anything about it, I believe that it is time for the NSA to step in and eliminate those involved. The NSA have long been the world power of the computer industry. There is no room here for cyber terrorism. If you or your friends are participating, I think you should be considering unplugging your computers. Pretty soon, cyber attacks will probably be considered treason.


praxis22 ( ) posted Mon, 24 September 2001 at 9:01 AM

Hi, "somewhat organised" huh? I think you've been watching to many movies, most of the virus crowd are fairly solitary types, the have E-zines,etc. but due to the covert nature of thier work, they don't tend to announce themselves openly. They're also not my friends, I don't know anyone who writes virii, and I'm not sure I'd be too well disposed toward them if I did. It is possible to admire the work but abhor the use it's put to, you know. A good virus is much like an F-16, or a cat, which may be cut and lovable to humans, but to a mouse, it's hell on wheels. As for the crap about the NSA, get real, they, like most of the other US domestic intelligence agencies, simply don't have the staff that could infiltrate any such "somewhat organsied group" (even if one existed) the over relience on technology rather than more "human" forms of intelligence is what led the USA into the false sense of security from which it has be so rudely awakened. Granted the NSA may be a power in the computing world when it comes to espionage, encryption, and evesdropping, but I doubt they could succeed where the CIA have failed, especially when most of the virus writers come from developing countries. I believe "Dark Angel" was Bulgarian, the Mellissa virus was written by a Aisan, and Nimda is supposed to be written by an Indian, I can't see a spook from a suburb of Langely fitting in well in any of these locations, even if they could speak the language. I would unplug my computer, but the bank won't let me :) You see, you assume that because I know about this stuff I must be "involved" when in reality I know about this stuff because I get paid to prevent such problems from occuring. Word has it that Nimda killed the whole "Bank of America" (UK) network on Thursday/Friday, we were getting frantic messages via email, (I work at a different bank) telling us where to get updates, etc. Today we're getting email asking if certain of our systems are compliant, and the back-chat and related banter are both amusing and enlightening. Though I think you'll find that charges of treason will be remarkably hard to impose on a citizen of a sovereign country. Granted they could impound any assets/employees on US soil, but unless you're willing to go in with guns blazing and occupy the country, (which is working real well for the Israelis/Russians at the moment :) then I think your chances of a successfull "prosecution" are remarkably slight to non-existant. But each to his own I guess. later jb


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.