[Operators] DarkOrbit cheater bot

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 21 20:52:07 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/21/12 1:24 PM, Ed - 0x1b, Inc. wrote:
> On Tue, Aug 21, 2012 at 9:47 AM, Peter Saint-Andre
> <stpeter at stpeter.im> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 7/27/11 8:45 AM, Peter Saint-Andre wrote:
>>> A program that enables you to cheat at DarkOrbit ("The
>>> ultimate Browser Game space adventure") has established itself
>>> on the XMPP network. In essence, you pay for a license and then
>>> you are able to "chat" over IM to obtain real-time instructions
>>> about how to cheat in the DarkOrbit game. Originally this bot
>>> had a JID at jabber.org. I disabled the account at jabber.org
>>> because it had a very large buddy list and because I don't like
>>> cheaters. It then moved to wippien.com. I told the Wippien
>>> admins and they shut down the bot. The bot then moved to
>>> jabber.ru. It has gone through several JIDs at jabber.ru (e.g.,
>>> kbot499 at jabber.ru, kbotik at jabber.ru) but still resides at that
>>> domain. I have seen many users at jabber.org who have this bot
>>> in their rosters (these cheaters often seem to forget their
>>> passwords), so other server admins might want to be aware that
>>> such users are becoming quite common. I contacted the creators 
>>> of the DarkOrbit game in early March but did not receive a
>>> reply from them. If you play that game or have a way to contact
>>> the creators, please ping me off-list.
>> 
>> By the way, an attack against this bot's users appears to be the
>> cause of the DDoS launched against jabber.org on August 4 and
>> renewed again early this morning (they are attacking jabber.org
>> because the KBot cheating service tells its users to register
>> XMPP accounts at jabber.org):
>> 
>> http://www.elitepvpers.com/forum/darkorbit/2042232-announcement-ddos-attacks-all-bots.html
>>
>>
>> 
The jabber.org admins are taking protective measures.
>> 
>> Peter
>> 
>> - -- Peter Saint-Andre https://stpeter.im/
>> 
> 
> How do you recognize the bot - is it just in the logs, or is there
> a signature handshare on the wire? As an advisory alert, it would
> be good to be able to describe the bot at a technical level. I am
> guessing the expected impact of the bot is "many new JIDs with very
> large rosters" - that and the cheating, anything else?

You can tell by the vast hordes of clueless users who have forgotten
their passwords to access KBot.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAz9PcACgkQNL8k5A2w/vymLQCfdeTABMmNPGmZpazU09AEUiza
eBIAnjDq4ZqlADhcxfTglXC4d+336860
=8toQ
-----END PGP SIGNATURE-----


More information about the Operators mailing list