[WTF] Nick Plus?!? - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: Scripting (/forumdisplay.php?fid=39)
+----- Thread: [WTF] Nick Plus?!? (/showthread.php?tid=90080)
[WTF] Nick Plus?!? by SmokingCookie on 04-09-2009 at 04:52 PM
http://www.msgpluslive.nl/scripts/view/522-Nicks-plus/.
Haven't we had problems with this one before?
RE: [WTF] Nick Plus?!? by matty on 04-09-2009 at 06:33 PM
Not all versions were infected. It happened to be a reup of a script. Does the script have the same calls to the internet to download the EXE?
RE: [WTF] Nick Plus?!? by Menthix on 04-09-2009 at 09:34 PM
This one is clean. It was submitted by the original creator.
Nicks Plus existed well before the infected version appeared on the download site for a short while. The infected version was submitted by another person who got the script from the original creator's site and added in his trojan.
This version is checked and doesn't contain any trojan, and the person who submitted it doesn't have anything todo with the guy who submitted the infected version. Having that said, if you encounter any suspicious behavior with this version, please contact me. Scripts in general can download new files after they are installed, so there is no way for us to absolutely guarantee any script is harmless.
RE: [WTF] Nick Plus?!? by Quantum on 04-09-2009 at 09:57 PM
quote:
Originally posted by Menthix
This one is clean. It was submitted by the original creator.
Nicks Plus existed well before the infected version appeared on the download site for a short while. The infected version was submitted by another person who got the script from the original creator's site and added in his trojan.
This version is checked and doesn't contain any trojan, and the person who submitted it doesn't have anything todo with the guy who submitted the infected version. Having that said, if you encounter any suspicious behavior with this version, please contact me. Scripts in general can download new files after they are installed, so there is no way for us to absolutely guarantee any script is harmless.
Is there not some sort of security agaist people submitting updates (like email check or something?).
It's not like i care but i'm curious.
RE: [WTF] Nick Plus?!? by Menthix on 04-09-2009 at 10:12 PM
There is to a certain extend. But that wouldn't have helped in this case. Nicks Plus wasn't in the database yet, the person who submitted the infected version was the first to submit it.
RE: [WTF] Nick Plus?!? by SmokingCookie on 04-10-2009 at 08:18 AM
Well, I just was very reluctant about checking this script myself, I would have screwed up my PC if it were infected..
No "makeproud" functions to decode encrypted strings, no calls to URLDownloadToFile; I s'ppose it's safe?
RE: [WTF] Nick Plus?!? by blessedguy on 04-10-2009 at 03:27 PM
quote:Maybe someone could try it in a Virtual Machine...
Originally posted by SmokingCookie
Well, I just was very reluctant about checking this script myself, I would have screwed up my PC if it were infected..
No "makeproud" functions to decode encrypted strings, no calls to URLDownloadToFile; I s'ppose it's safe?
RE: [WTF] Nick Plus?!? by Menthix on 04-10-2009 at 03:42 PM
I try all submitted scripts in a VM. You could also extract the file and take a look at the code in notpad or your favourite text editor 
.
RE: [WTF] Nick Plus?!? by SmokingCookie on 04-10-2009 at 05:13 PM
That's what I've done, hence my previous post.