Glider Ban Wave, the second!

iago · June 12, 2007, 05:18:35 PM

Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

Newby · June 12, 2007, 05:25:41 PM

Quote from: Warriorx86] link=topic=9610.msg121904#msg121904 date=1181682604]
I wonder..what if you run WoW in a sandboxed environment and the hack (Glider in this case) outside the sandbox?
If Warden just theoretically scans Process Lists/Window Titles wouldn't this problem be effectively fixed?

Yeah... I thought about this. I forget why I stopped caring though.

Blaze · June 12, 2007, 06:47:02 PM

Quote from: iago on June 12, 2007, 05:18:35 PM
Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

You should have sent a copy our way so you could get feedback/stuff from people who use the program. I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

Sidoh · June 12, 2007, 06:51:17 PM

Quote from: Blaze on June 12, 2007, 06:47:02 PM
You should have sent a copy our way so you could get feedback/stuff from people who use the program. I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

You have to remember, though, not everyone who reads the blog plays MMO games. It's doubtful that those who don't already know that.

Blaze · June 12, 2007, 06:56:06 PM

Quote from: Sidoh on June 12, 2007, 06:51:17 PM
Quote from: Blaze on June 12, 2007, 06:47:02 PM
You should have sent a copy our way so you could get feedback/stuff from people who use the program. I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

You have to remember, though, not everyone who reads the blog plays MMO games. It's doubtful that those who don't already know that.

I know, I was just saying before I forgot. :)

iago · June 12, 2007, 08:43:15 PM

Quote from: Blaze on June 12, 2007, 06:47:02 PM
Quote from: iago on June 12, 2007, 05:18:35 PM
Well, I wrote a blog about this which should publish tomorrow or Thursday, and I tiptoes around the issues that I didn't understand. I wonder what PR will say... :)

You should have sent a copy our way so you could get feedback/stuff from people who use the program. I showed your smog article to some WoW people and they pretty much said "Yeah, everyone knows that already".

I'm assuming that's a complement. I obviously did a good job! :)

We'll see if I can pull it off again

Joe · June 12, 2007, 09:22:07 PM

Quote from: iago on June 12, 2007, 04:45:55 PM
That's not like x86-loader at all. But thanks for coming!

Well, it strips a program of methods of finding other programs, so sort of! :)

iago · June 12, 2007, 10:25:38 PM

Quote from: Joex86/64] link=topic=9610.msg121925#msg121925 date=1181697727]
Quote from: iago on June 12, 2007, 04:45:55 PM
That's not like x86-loader at all. But thanks for coming!

Well, it strips a program of methods of finding other programs, so sort of! :)

Mine does no such thing. Mine disables the ACLs that prevent injection, that's it.

disco · June 13, 2007, 03:18:43 AM

Quote from: iago on June 12, 2007, 04:45:55 PM
That's not like x86-loader at all. But thanks for coming!

Hah!

It's funny, this is the first I've heard of this program and I'm very tempted to use it. You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

AntiVirus · June 13, 2007, 11:21:43 AM

Quote from: disco on June 13, 2007, 03:18:43 AM
It's funny, this is the first I've heard of this program and I'm very tempted to use it. You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

If I had more money I would probably give it a try.. but I don't.

Sidoh · June 13, 2007, 02:38:56 PM

Quote from: disco on June 13, 2007, 03:18:43 AM
Hah!

It's funny, this is the first I've heard of this program and I'm very tempted to use it. You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

I wouldn't say I've used it extensively, but I have made upwards of 1,000g using it (and this was back before BC when the price of everything was 50% of what it is now). I haven't used it to level a character, but that's because I only used it on my level 60 characters.

No ban here. It's probably a combination of luck and paranoia. It's really important that you create your own profiles so that it isn't so obvious that you're being controlled by glider.

Joe · June 13, 2007, 11:52:24 PM

Quote from: Sidoh on June 13, 2007, 02:38:56 PM
Quote from: disco on June 13, 2007, 03:18:43 AM
Hah!

It's funny, this is the first I've heard of this program and I'm very tempted to use it. You'd think the fact that I learned about it in a thread about the mass bannings that it's lead to would throw me off...

I wouldn't say I've used it extensively, but I have made upwards of 1,000g using it (and this was back before BC when the price of everything was 50% of what it is now). I haven't used it to level a character, but that's because I only used it on my level 60 characters.

No ban here. It's probably a combination of luck and paranoia. It's really important that you create your own profiles so that it isn't so obvious that you're being controlled by glider.

It'd be interesting for Mercury to say how many licensed copies of Glider are out there. But, I don't know where this is from but I've heard he's made seven figures off of them, so figuring $1,000,000 at $15 a pop, thats 66,666 copies. And wow, Glider must be Satanic.

iago · June 14, 2007, 02:23:37 PM

http://www.symantec.com/enterprise/security_response/weblog/2007/06/cheaters_banned_from_world_of.html

And if anybody knows any other potentially-interesting stories about WoW, let me know. People seem to find WoW interesting.

Joe · June 27, 2007, 02:30:55 AM

Quote from: Newby on June 12, 2007, 05:25:41 PM
Quote from: Warriorx86] link=topic=9610.msg121904#msg121904 date=1181682604]
I wonder..what if you run WoW in a sandboxed environment and the hack (Glider in this case) outside the sandbox?
If Warden just theoretically scans Process Lists/Window Titles wouldn't this problem be effectively fixed?

Yeah... I thought about this. I forget why I stopped caring though.

Sorry for the bump, but most of the detection is based on "characteristics" of a bot, not the actual presence of the software.
- Running in "robotic" patterns, stopping, swiveling, and walking again.
- Jumping in a rhythmic pattern.
- Walking in small circles, if your patrol sucks.
- Walking in circles at all, if people are bored enough to watch.
- If you're farming anything worth farming, other people will probably be farming as well. They may try to interact with you, or watch you.
- Also in more populated areas, following the same patrol as another botter, especially of the other faction. That's almost a dead giveaway, every time.

What you're suggesting, sandboxing it, is sort of what Glider does.
- Glider runs WoW as a non-administrator user.
- It automagically changes it's EXE's name as well as window title, so a simple window listing or task listing can't find it.
- IIRC, it sort of regenerates itself, moving functions and whatnot around in memory at random, so a memory hash can't be a reliable fingerprint.
- Although Warden doesn't scan the hard drive (yet?), it makes it's folder hidden.

iago · June 27, 2007, 11:43:16 AM

Quote from: Joex86/64] link=topic=9610.msg123225#msg123225 date=1182925855]
it makes it's folder hidden.

Possessive pronouns don't have an apostrophe! Stop giving them one!!

Clan x86

News:

Glider Ban Wave, the second!

iago

Newby

Blaze

Sidoh

Blaze

iago

Joe

iago

disco

AntiVirus

Sidoh

Joe

iago

Joe

iago