Security issues with Fallout 0?

[Silencer]

Well, two days ago we reported about a "Fallout"-inspired game for mobiles, and one of our readers sent us this warnig:<blockquote>there is trjojanhorse in that fallout 0 jar file...</blockquote>Allegedly the file contains the Redbrow.A virus. A pretty nasty one, since it starts sending premium rate SMS-messages.

The author of the game dismisses those threats:<blockquote>It's because of the /FW string in the manifest. It's absolutely harmless.
So disable your antivirus for a while, if you're not afraid of the '*.jar' files (...) I dont know why antiviruses identify "/FW" commands as "trojans", but without them it will be impossible to save the game.</blockquote>Personally, Avast! didn't sound an alert for me, but Trend Micro Officescan did for one of our staff, please exercise caution and scan the file with your anti-virus (as I hope you're accustomed to anyway) and make your own decision whether to play it.

The game archive contains only some of the files that are characteristic of the trojan, on the other hand, so it might be unfunctional or just a partial, false match.

It should be pretty safe to play on the emulator, however, since it can't send SMS-messages.

 

[frissy]

Muahahah! THE END OF HUMANITY!!
________
MEDICAL MARIJUANA STATES

 

[Cabal]

1) I didn't put any trojans in the file.
2) I've tested the game on few m-phones, non of them was sending SMS.
3) You can enter game options/permissions (Java folder) and turn off the messaging service, if you're scared.
4) There are no viruses for mobile phones and never will be.

That's all I have to say.

 

[Sander]

1) I didn't put any trojans in the file.
2) I've tested the game on few m-phones, non of them was sending SMS.
3) You can enter game options/permissions (Java folder) and turn off the messaging service, if you're scared.
4) There are no viruses for mobile phones and never will be.

That's all I have to say.

4) is completely false, since there are and have been several viruses for mobile phones.
And I wonder if there's no virus, why several virusscanners are reporting that there is one. The fact that you didn't consciously put one in there doesn't mean there isn't one, you should know that.
As for you not noticing that some phones were sending SMS-messages, it's very plausible that the sending of the messages is not noticeable by the user.

In any case, on your forums you said it was due to the FW.class file. Could you not change the name or contents of the FW.class file so that it doesn't look like a virus?

 

[ckv]

File: Fallout0_128.zip
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 607d2604f0a48cdd1bd27a2da920f5f7
Packers detected:
-
Scanner results
AntiVir Found Java/RedBrowser.A.2
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Java.Trojan.RedBrowser.A
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Java/RedBrowser.A!tr
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

[Silencer]

Well, it seems that there is no SM.class file in the archiv, so the trojan might be incomplete or it's a false alarm. The file should be safe.

Cabal, do you think you could edit the program to rename the FW.class ?

 

[Cabal]

I'm not wasting my time on re-writing the code.
If you think BitDefender is more powerful than Norton + Kaspersky, then don't play.

 

[Sander]

I'm not wasting my time on re-writing the code.
If you think BitDefender is more powerful than Norton + Kaspersky, then don't play.

If you think Trend Micro Officescan is worse than Norton's, then don't play.

Seriously, this will put off a lot of people who use those virusscanners, and it's still not clear *at all* whether or not there is a virus there.

 

[Silencer]

Well, I think since the Trojan arrives as a JAR file containing the following files:

M.class
FW.class
FS.class
SM.class
icon.png
logo101.png
logo128.png

And of those, SM.class and FS.class aren't present in the Fallout_0 archive, as well as two of PNG files.. I think it's safe to assume there is not Trojan there.

 

[SuAside]

you kinda totally lost my trust @

4) There are no viruses for mobile phones and never will be.

i wouldn't play any of your games on my mobile after that. any programmer knows better, unless you've got malicious intend. an emulator would do fine, but i cant be arsed.

 

[Travesty]

Im with SuAside on this one, its complete bull that "there are no viruses for mobile phones. But yea its possible that Cabal did not know that there are viruses for mobiles, but its really well known fact.

 

[Strom]

You guys are way too paranoid about this thing.

And about anti-virus quality, F-Secure for example thinks most encrypted code is a virus. Kaspersky is the only one that can deal with non-standard packed/encrypted/obfuscated code, but is also far from perfect. What I'm saying here is that with todays advanced technologies good viruses are really hard to detect and many many anti-virus makers are taking the easy road and detecting all weird code as a virus.
(I personally use nod32 because it's speed is unmatched.)

 

[Silencer]

If by "easy road" you mean "err on the side of caution", then yes. It's better to have a flse positive than let a trojan slip by.

 

[Roshambo]

I'm not wasting my time on re-writing the code.

You might want to, when the "/FW string that is needed to save the games" seems to be breaking as well, resulting in the inability to save games.

Then most people with a virus scanner aren't going to bother setting up multiple permissions and more when it's pretty much a waste of their time to compensate with a questionable code release and quite possibly questionable trademark legal status to play a bishōjo game on a mobile phone. Granted it's perhaps one of the few in English and with that setting, but I doubt people are going to jump through that many hoops just to make sure they don't have any problems from their antivirus software and from the game, when it looks like the developer doesn't care to address the problem.

It's going to be more like "Download, Scan, Delete infected cabinet files, avoid developer like the plague." In particular when they notice the downloads are all simply forum attachments from a Russian site, which requires registration before you can even view the forum entries themselves.

4) There are no viruses for mobile phones and never will be.

Bullshit. Even the description of the virus points you to be a clueless liar. So does about 3k other virii. With that kind of cluelessness, I wouldn't want your binary garbage on my phone, either.

So, again, why should someone download and install something on their phone, ignore the virus alerts by their scanners, and then start fiddling with things to compensate the laziness of a doubley-clueless developer, when the main trait of a good trojan is to keep changing the associated filenames and formats to hide the trojan from virii scanners the next time around?

Trashware.

 

[Cabal]

Roshambo, I'm not lazy. I just don't think noobs like you are worth my time.

 

[Silencer]

Roshambo, I'm not lazy. I just don't think noobs like you are worth my time.

{230}{}{Yup, that's one big chip on yer shoulder. Why don't you come back when that chip isn't quite so big? You have a nice day, and watch out for that door on yer way out.}

 

[Roshambo]

Roshambo, I'm not lazy.

Prove otherwise, lazy.

I just don't think noobs like you are worth my time.

Amusing that you'd try to call me a noob. Kid, chances are I have source code around that is older than you. Chances are, some of the commercial games I've worked on are likely older than you as well.

And given that YOU are the clueless wonder that believes virii can't exist for mobile phones or ever will*, that frankly means that we're done with your clueless ass, and this will likely be the last we'll ever post about your noobish "software release" except for comedic details.

Hell, my vote's on scrubbing this turd from the news section entirely, if not for the virus warning.

* - Which, given the blatant lie in regards to a virus being found of a particular sort and with the proof of mobile virii right there, tends to infer malicious, not ingorant, intent.

Let's just take a look at things a bit more closely, to be fair.
1. Fallout 0 is released.
2. A mobile virus is suspected to be present given the results of multiple scanners.
3. The developer of Fallout 0 comes along and says that it isn't a virus, it's normal, they're too lazy to bother fixing it so that it DOESN'T resemble a virus, claiming that the method for saving has it pegged as a virus, and that there's no such thing as a virus for mobile phones nor will there ever be, despite #2 and the info pages regarding said virus.
4. Developer calls me a noob, as well as anyone else who finds a virus report from a forum file attachment on a Russian forum.
5. I note the amazing "coincidence" that the author says mobile virii don't exist, and yet this is exactly the kind of virii reported. Not some unrelated virii, as bogus reports mostly result in, but a virus that specifically affects...mobile phones. Big question here. If the method to save was required and pegged by virii scanners as a virus...then how come there's "no such thing as mobile phone virii"? Oops.

Too many coincidences and steaming piles of bullshit for my liking.

So, in essence, I'd consider this virus warning quite a valid one, and it's now been upgraded to "Likely" with this kind of idiotic spin-doctoring of yours. That it doesn't immediately send SMS messages is irrelevant, It might have a delayed payload like many other virii. The methods used to defend these virii allegations have been, so far, quite laughable and ignorant to the point of expecting others to believe that ignorance. Again, malicious has my vote based upon that.

 

[K.C. Cool]

Oh, wait, here's another coincidence... according to this site:

"Redbrow is a Trojan horse, which means it can't spread under its own steam. This, combined with the fact that it is written entirely in Russian and only works on the Russian mobile phone network, means that most people are extremely unlikely to ever encounter it. However, during the last year we have seen more and more malware being written for profit, and this is further evidence of that growing trend."

A mobile phone game on a Russian site? A Russian mobile phone virus? yeah, that's looking pretty bad for the developer...

If I made a free game that targets cirtain fans, fueled by the ambition that the fans actually enjoy it... I'd go an extra mile and make sure that technical issues were resolved. Hell, if there is some kind of suspicion of a virus in my code, I'd atleast tweak it so my fans would have a safe peace of mind rather than saying "Screw you, the people I made the game for! The Fallout 'noobs' arent worth my time for allowing them peace of mind!"

I have a hard time respecting people that use the slang 'noob' i'm afraid...

I'm pretty sure there isnt a virus on here, however your responses alone made me go head and uninstall it. All we want to do is play your game and enjoy it with peace of mind, if you refuse with attitude, then wtf dude?

 

[Roshambo]

Oh, wait, here's another coincidence... according to this site:

"Redbrow is a Trojan horse, which means it can't spread under its own steam. This, combined with the fact that it is written entirely in Russian and only works on the Russian mobile phone network, means that most people are extremely unlikely to ever encounter it. However, during the last year we have seen more and more malware being written for profit, and this is further evidence of that growing trend."

A mobile phone game on a Russian site? A Russian mobile phone virus? yeah, that's looking pretty bad for the developer...

The bad thing about thinking a few moves in advance is that someone else might make that move themselves. This was going to be the fourth piece of evidence I was going to bring to the table, after having dealt with "the only way to save is like, um...make it look like a virus", "there are no such things as mobile phone virii", "only SOME scanners find it...so there's no virus" despite that many scanners find the same virus, and the ultimate, "disable your antivirus".

Ah, well, onto the next one I was going to bring up after that.

More amusing tidbits.

p.s. The only way to "find" the "virus" is to send an e-mail containing this file. Personally I think it's just a stupid bug. But if you guys still don't believe me, you could go into Fallout 0 settings on your mobile (game list), enter "permissions" and disable everything there just to be sure.

So...it's now a bug? Also, the explained way to discover the virus is a bit...well, stupid. Others were able to find traces of that particular virus (amazing how those who claim to find a virus come to the same conclusion, huh?) by scanning the archive files for it.

Then it goes from "a stupid bug", to linking to this thread as proof there's no virus. Then, suddenly, no mobile phone virii exist or ever will.

I'm pretty sure there isnt a virus on here, however your responses alone made me go head and uninstall it.

With the responses, the clownshoes way this "developer" tries to spin bullshit on his own forum and this forum, and the details of the virus itself, my warning is to assume that the game has a version of the trojan, and if not that version reported, then perhaps a version coded to try and hide from virus scanners. With the "no-SMS" claim, I'd suggest that it has a delayed payload, unknown effect at this time, and doubtful if changing any of the "permissions" that the author claims will work, as other virii have demonstrated, will mean anything.

Assume that these files are infected until the "developer" pulls their head from their ass.

 

[Cabal]

If I made a free game that targets cirtain fans, fueled by the ambition that the fans actually enjoy it...

Try making one. All enthusiasm is flushed away the moment you realise "fans" are insolent, unthankful sob-s.

The Fallout 'noobs' arent worth my time for allowing them peace of mind!"

I wasn't talking about you. That was about this pre-Enclave deathclaw here and guys like him, who don't understand anything in programming, but who want to look smart, so they would write huge posts of bullcrap (Thats what I call noobs).