OT: SPYWARE/TROJAN and Off Topic!

[Norfleet]

While trying out the new patch, I was very unpleasantly surprised when while trying to play a SINGLE PLAYER test game, with only myself and an AI opponent, I was unpleasantly jerked to the desktop with a security alert! Dominions II was trying to phone home, and my firewall had intercepted a suspicious request.

What on earth is 82.182.97.69 30729?

I cannot identify this port or protocol. Reverse-DNS identifies this IP as "1-1-2-16a.msp.mlm.bostream.se".

Has somebody managed to slip some sort of odd spyware trojan into the new Dom2 patch?

[ April 10, 2004, 03:44: Message edited by: Zen ]

[Gandalf Parker]

That is home.

Totally guesswork but I suspect that the "CD keys are only checked in multiplayer games" might be getting tackled. Along with a way to update the list of CD keys that are Banned. Or maybe the list got too long to include inside the game so now it checks it at home.

[ April 07, 2004, 16:04: Message edited by: Gandalf Parker ]

[Norfleet]

So it's ILLWINTER'S Spyware, phoning home. How evil. What little faith I had in them is now destroyed. It saddens me to see them resort to spyware tactics, phoning home with all of the information about your computer. I have no idea what's in these mystery packets, but given the surreptitious nature of such an inclusion, it is obviously a Bad Thing. No software on MY computer phones home. Period.

[Norfleet]

Hmm. The more odd thing is that it doesn't happen consistently: It doesn't occur every time you try to play. Some people are unable to get it to occur at all, and it doesn't happen in every game, network or SP.

Maybe it's an update checker? I'm trying to be generous and hoping that Illwinter did not, in fact, include something so obviously malware as something that phones home every time you try to play, allowing them to track your playing habits and computer data, and that this is something more benign, like an update-checker...maybe.

[Norfleet]

Is there an official statement on this matter, or only guilty silence?

[tinkthank]

Small question here, since I really dont understand what all of this means: How can a game make your computer call "home", and what does that mean? I mean, will it make my modem dial something and then transfer information even if I dont want that to be?

[Anglachel]

Would the nature of this spyware be a tracking cookie? Kind of illiterate on spyware. If not then the ad-aware spyware remover I just ran only found tracking cookies and I removed them. There were seven of them.

[Norfleet]

No, tracking cookies are not the only thing: The program appears to call home (according to Gandalf, that's an Illwinter server), on a nonstandard port, and sends unknown data. Normal Spyware/Adware removal programs won't detect this behavior, since it occurs inside of a normal (and new) program.

Basically, this little added feature has the ability to do all of that, and your spyware checkers will not be able to detect it right now, and probably never, because it's unlikely that this will be added to their detection profiles.

However, I have no idea why this program would suddenly phone home in a change not mentioned in the patch update, so I can only assume that it is no good. Otherwise, they would have told us about it.

[Nephelim]

And the behaviour if it is unable to phone home is...?

not everyone has an always-on connection.. And some of us like to black-hole route things that try to phone home.

[Norfleet]

Quote:

Originally posted by Nephelim:
And the behaviour if it is unable to phone home is...?

not everyone has an always-on connection.. And some of us like to black-hole route things that try to phone home.

Like me, yes. I black-hole anything that tries to use the Internet without permission as a general rule.

The behavior that occurs when unable to phone home is, as far as I can tell, absolutely nothing.

What I don't know is what the behavior for being ABLE to phone home is, given that I will not allow such a thing! If anyone can tell me what THAT is, I'd be curious.