Attention to all users that have no AV installed and downloaded HB/DB past 24 hours

To all users of HB and DB,

Our releases server, update.buddyauth.com was attacked around 24 hours ago and latest Release builds of HB and DB where infected with a trojan directly targeting us.

If you have ran a AV, it has detected the Trojan and eliminated it.

If you have not ran an AV, please do so now, and please never turn that off!

What happened:

The Release Server was targeted and infected, only DB and HB where the target. The trojan targets game accounts, like D3, WOW, GW, Runescape

We were exposed for around or less than 24 hours. All the users that downloaded HB / DB out of updates.buddyauth.com since then should now check their systems and especially the HB / DB folder for an infection.

Please excuse this failure from our side, we took countermeasures and hope that this will never happen again.

Download the latest builds from The Buddywing Update Server and extract them in a new folder.


Again we are very sorry for that attack on our systems, if you have any Anti-virus running, you would have been completely fine, if not make sure and change your Games passwords and scan your compute for trojans and or malware.

 

So this was the .555 that people downloaded after the pullback?

 

Windows 8 defneder (Microsoft Security Essentials) count as a AV right? Also I have paid version of malware bytes running in the background, that would also catch it, wouldnt it?

Thanks for the news, though.

 

No it was .557 which was modified yesterday, the actual release build.

As soon as i saw that, i removed the modified .557, which caused the Server to pull back to .555

After that we made a new build, .560, scanned it and released it. Also scanned all our servers and found the intruder and eliminated it.

 

Yes, it was nowhere near a 0day exploit or anything like that.

 

Hm alright, guess I didnt get infected even though I downloaded build 557 two times. Might just be Malware bytes actually not even letting it through, dont know.

 

Thanks for the update, i wondered what the pullback thing was when i woke up. I didn't download anything apart from the recent update so it doesnt affect me but its good to know!

 

there was a relatively small window where this could of happened. we managed to catch it fairly quickly.

 

Are there more information about location and co.?

 

Quite a shame that the severs are affected by exploits which arent 0-days. Makes me doubt the security on those machines ... If it was a 0-day I could understand ...

 

my hb isnt working now.. i've deleted the old one, installed a new version, im using kick's leveling profiles and now the bot dont work.. nice

 

then make a new thread and upload a full log as an attachment and we can help you out.

 

I downloaded a new hb from the link you provided, it continues to just crash and I'm not sure I understand what you mean by " If it crashes go to " QuestBehaviors / Developementdelete PetControl.cs " I went into the questbehaviors and couldn't find anything that matched that at all. Forgive my ignorance if this is just going right over my head : / Would love to get it working again though. ( added the logs as well )

 

if you can get an IP pls send it to me i will DDOS the idiot who attacks honorbuddy

 

Retaliation will only cause more problems afterwards.

 

Will the virus remain the in the HB directory? Because I updated like 2-3 hours ago and my AV didn't detect anything

 

Hmm this has happened twice now, maybe security needs to be stepped up... like disable the uploading of .exe unless your in IP range etc.

 

its weird how chineese people can target honorbuddy and put malware in it i changed direckly my password of my accounts but i have comodo anti viruscanner and firewall the paid one i delete the 557 honorbuddy im installing now the new version so maybe the one that was targeted crashed my internet evryonce and then came back up? i had troubles with my internet evry few minutes or hours my internet crashed then afther 5 6 seconds came back up and sometimes one of my accounts freezed wow when i did some things to not get my internet dc

 

The best thing is, that atleast 2 users reported the issue yesterday.

Tonys response was just :"false positive" and another mod just posted the link to download the infected file.

This should not happen. If more then 1 user reports such stuff, atleast the staff members should check it and not replay with a standart response.

Just my 3 cents...

 

Pretty sure what he meant was not a 0-day exploit on the client side. If they were aware of the bug to get access to download server, they would've fixed it before.