| [WTF] Nick Plus?!? |
| Author: |
Message: |
SmokingCookie
Senior Member
Posts: 815
Reputation: 15
30 /  / 
Joined: Jul 2007
|
|
| 04-09-2009 04:52 PM |
|
 |
matty
Scripting Guru
Posts: 8336
Reputation: 109
39 / / 
Joined: Dec 2002
Status: Away
|
|
RE: [WTF] Nick Plus?!?
Not all versions were infected. It happened to be a reup of a script. Does the script have the same calls to the internet to download the EXE?
|
|
| 04-09-2009 06:33 PM |
|
|
Menthix
forum admin
Posts: 5537
Reputation: 102
40 / /
Joined: Mar 2002
|
|
RE: [WTF] Nick Plus?!?
This one is clean. It was submitted by the original creator.
Nicks Plus existed well before the infected version appeared on the download site for a short while. The infected version was submitted by another person who got the script from the original creator's site and added in his trojan.
This version is checked and doesn't contain any trojan, and the person who submitted it doesn't have anything todo with the guy who submitted the infected version. Having that said, if you encounter any suspicious behavior with this version, please contact me. Scripts in general can download new files after they are installed, so there is no way for us to absolutely guarantee any script is harmless.
This post was edited on 04-09-2009 at 09:36 PM by Menthix.
|
|
| 04-09-2009 09:34 PM |
|
|
Quantum
Disabled Account
Away.
Posts: 1055
Reputation: -17
31 / / 
Joined: Feb 2007
|
RE: [WTF] Nick Plus?!?
quote:
Originally posted by Menthix
This one is clean. It was submitted by the original creator.
Nicks Plus existed well before the infected version appeared on the download site for a short while. The infected version was submitted by another person who got the script from the original creator's site and added in his trojan.
This version is checked and doesn't contain any trojan, and the person who submitted it doesn't have anything todo with the guy who submitted the infected version. Having that said, if you encounter any suspicious behavior with this version, please contact me. Scripts in general can download new files after they are installed, so there is no way for us to absolutely guarantee any script is harmless.
Is there not some sort of security agaist people submitting updates (like email check or something?).
It's not like i care but i'm curious.
|
|
| 04-09-2009 09:57 PM |
|
|
Menthix
forum admin
Posts: 5537
Reputation: 102
40 / /
Joined: Mar 2002
|
|
RE: [WTF] Nick Plus?!?
There is to a certain extend. But that wouldn't have helped in this case. Nicks Plus wasn't in the database yet, the person who submitted the infected version was the first to submit it.
|
|
| 04-09-2009 10:12 PM |
|
|
SmokingCookie
Senior Member
Posts: 815
Reputation: 15
30 / /
Joined: Jul 2007
|
|
O.P. RE: [WTF] Nick Plus?!?
Well, I just was very reluctant about checking this script myself, I would have screwed up my PC if it were infected..
No "makeproud" functions to decode encrypted strings, no calls to URLDownloadToFile; I s'ppose it's safe?
|
|
| 04-10-2009 08:18 AM |
|
|
blessedguy
Skinning Contest Winner
Posts: 1762
Reputation: 25
31 / / 
Joined: Jan 2008
|
RE: [WTF] Nick Plus?!?
quote:
Originally posted by SmokingCookie
Well, I just was very reluctant about checking this script myself, I would have screwed up my PC if it were infected..
No "makeproud" functions to decode encrypted strings, no calls to URLDownloadToFile; I s'ppose it's safe?
Maybe someone could try it in a Virtual Machine... |
|
| 04-10-2009 03:27 PM |
|
|
Menthix
forum admin
Posts: 5537
Reputation: 102
40 / /
Joined: Mar 2002
|
RE: [WTF] Nick Plus?!?
I try all submitted scripts in a VM. You could also extract the file and take a look at the code in notpad or your favourite text editor  . |
|
| 04-10-2009 03:42 PM |
|
|
SmokingCookie
Senior Member
Posts: 815
Reputation: 15
30 / /
Joined: Jul 2007
|
|
O.P. RE: [WTF] Nick Plus?!?
That's what I've done, hence my previous post.
|
|
| 04-10-2009 05:13 PM |
|
|
|
|
![[Image: Empty.png]](http://blessedguy.com/grabs/Empty.png)