Author Topic: Glider Ban Wave, the second!  (Read 14944 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Glider Ban Wave, the second!
« Reply #15 on: June 12, 2007, 05:18:35 pm »
Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Glider Ban Wave, the second!
« Reply #16 on: June 12, 2007, 05:25:41 pm »
I wonder..what if you run WoW in a sandboxed environment and the hack (Glider in this case) outside the sandbox?
If Warden just theoretically scans Process Lists/Window Titles wouldn't this problem be effectively fixed?

Yeah... I thought about this. I forget why I stopped caring though.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Blaze

  • Moderator
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Glider Ban Wave, the second!
« Reply #17 on: June 12, 2007, 06:47:02 pm »
Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

You should have sent a copy our way so you could get feedback/stuff from people who use the program.  I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".
And like a fool I believed myself, and thought I was somebody else...

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Glider Ban Wave, the second!
« Reply #18 on: June 12, 2007, 06:51:17 pm »
You should have sent a copy our way so you could get feedback/stuff from people who use the program.  I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

You have to remember, though, not everyone who reads the blog plays MMO games.  It's doubtful that those who don't already know that.

Offline Blaze

  • Moderator
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Glider Ban Wave, the second!
« Reply #19 on: June 12, 2007, 06:56:06 pm »
You should have sent a copy our way so you could get feedback/stuff from people who use the program.  I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

You have to remember, though, not everyone who reads the blog plays MMO games.  It's doubtful that those who don't already know that.

I know, I was just saying before I forgot.  :)
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Glider Ban Wave, the second!
« Reply #20 on: June 12, 2007, 08:43:15 pm »
Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

You should have sent a copy our way so you could get feedback/stuff from people who use the program.  I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

I'm assuming that's a complement. I obviously did a good job! :)

We'll see if I can pull it off again

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Glider Ban Wave, the second!
« Reply #21 on: June 12, 2007, 09:22:07 pm »
That's not like x86-loader at all. But thanks for coming!

Well, it strips a program of methods of finding other programs, so sort of! :)
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Glider Ban Wave, the second!
« Reply #22 on: June 12, 2007, 10:25:38 pm »
That's not like x86-loader at all. But thanks for coming!

Well, it strips a program of methods of finding other programs, so sort of! :)

Mine does no such thing. Mine disables the ACLs that prevent injection, that's it.

Offline disco

  • Full Member
  • ***
  • Posts: 212
  • Comfortably Numb
    • View Profile
Re: Glider Ban Wave, the second!
« Reply #23 on: June 13, 2007, 03:18:43 am »
That's not like x86-loader at all. But thanks for coming!

Hah!


It's funny, this is the first I've heard of this program and I'm very tempted to use it.  You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

Offline AntiVirus

  • Legendary
  • x86
  • Hero Member
  • *****
  • Posts: 2521
  • Best
    • View Profile
Re: Glider Ban Wave, the second!
« Reply #24 on: June 13, 2007, 11:21:43 am »
It's funny, this is the first I've heard of this program and I'm very tempted to use it.  You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...
If I had more money I would probably give it a try.. but I don't.
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Glider Ban Wave, the second!
« Reply #25 on: June 13, 2007, 02:38:56 pm »
Hah!


It's funny, this is the first I've heard of this program and I'm very tempted to use it.  You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

I wouldn't say I've used it extensively, but I have made upwards of 1,000g using it (and this was back before BC when the price of everything was 50% of what it is now).  I haven't used it to level a character, but that's because I only used it on my level 60 characters.

No ban here.  It's probably a combination of luck and paranoia.  It's really important that you create your own profiles so that it isn't so obvious that you're being controlled by glider.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Glider Ban Wave, the second!
« Reply #26 on: June 13, 2007, 11:52:24 pm »
Hah!


It's funny, this is the first I've heard of this program and I'm very tempted to use it.  You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

I wouldn't say I've used it extensively, but I have made upwards of 1,000g using it (and this was back before BC when the price of everything was 50% of what it is now).  I haven't used it to level a character, but that's because I only used it on my level 60 characters.

No ban here.  It's probably a combination of luck and paranoia.  It's really important that you create your own profiles so that it isn't so obvious that you're being controlled by glider.

It'd be interesting for Mercury to say how many licensed copies of Glider are out there. But, I don't know where this is from but I've heard he's made seven figures off of them, so figuring $1,000,000 at $15 a pop, thats 66,666 copies. And wow, Glider must be Satanic.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Glider Ban Wave, the second!
« Reply #27 on: June 14, 2007, 02:23:37 pm »
http://www.symantec.com/enterprise/security_response/weblog/2007/06/cheaters_banned_from_world_of.html

And if anybody knows any other potentially-interesting stories about WoW, let me know. People seem to find WoW interesting.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Glider Ban Wave, the second!
« Reply #28 on: June 27, 2007, 02:30:55 am »
I wonder..what if you run WoW in a sandboxed environment and the hack (Glider in this case) outside the sandbox?
If Warden just theoretically scans Process Lists/Window Titles wouldn't this problem be effectively fixed?

Yeah... I thought about this. I forget why I stopped caring though.

Sorry for the bump, but most of the detection is based on "characteristics" of a bot, not the actual presence of the software.
- Running in "robotic" patterns, stopping, swiveling, and walking again.
- Jumping in a rhythmic pattern.
- Walking in small circles, if your patrol sucks.
- Walking in circles at all, if people are bored enough to watch.
- If you're farming anything worth farming, other people will probably be farming as well. They may try to interact with you, or watch you.
- Also in more populated areas, following the same patrol as another botter, especially of the other faction. That's almost a dead giveaway, every time.

What you're suggesting, sandboxing it, is sort of what Glider does.
- Glider runs WoW as a non-administrator user.
- It automagically changes it's EXE's name as well as window title, so a simple window listing or task listing can't find it.
- IIRC, it sort of regenerates itself, moving functions and whatnot around in memory at random, so a memory hash can't be a reliable fingerprint.
- Although Warden doesn't scan the hard drive (yet?), it makes it's folder hidden.
« Last Edit: June 27, 2007, 02:33:34 am by Joe[x86/64] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Glider Ban Wave, the second!
« Reply #29 on: June 27, 2007, 11:43:16 am »
it makes it's folder hidden.
Possessive pronouns don't have an apostrophe! Stop giving them one!!