Quantcast Malicious code in Atlas - ESOUI
Thread Tools Display Modes
12/04/14, 12:10 AM   #1
Cairenn
Credendo Vides
 
Cairenn's Avatar
Premium Member
WoWInterface Admin
Join Date: Mar 2004
Posts: 430
Malicious code in Atlas

[Edit] The new author has responded and stated that it was in there for testing purposes only, and that he has returned all the money he received. In the nature of giving people the benefit of the doubt and a second chance - if anyone who was bitten by this 'test' could let me know if they have actually received the money back by the author (not a GM), I'd appreciate it. Thanks.


Just to make sure everyone is aware:

The 'new' author of Atlas changed some code in it to make it so that you mailed all of your money to his character. If you got the version posted by the new author, version # 1.3.2 (download may show 1417671638), you need to get rid of it immediately. We have pulled that version from the site and restored the last version that CrazyDutchGuy had posted. You want version 1.30a. If you had not updated to the new version by the new author and are still using version 1.30, you are fine and don't need to do anything.

If you did use the version by the new author and did lose all of your money, send in a ticket to the GMs, letting them know that you'd been hacked by the addon. They are aware of the situation and will restore your money (once they've verified it on their end).

Sorry this happened folks. :/

Last edited by Cairenn : 12/04/14 at 01:49 AM.
  Reply With Quote
12/04/14, 02:41 AM   #2
CrazyDutchGuy
 
CrazyDutchGuy's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 89
Unfortunately this has happened, and I have always have know there was the possibility to do so. I never understood why ZOS never removed this option or added an additional confirmation to it. Maybe they will do that in a future patch.

Anyways, these are not the things i like to see when I wake up and read my mail. Cairenn has dealt with the issue, and if you have been hit by this, contact a GM to get it restored.

If there are any other questions, I am always available by mail Happy Gaming !
__________________
Your Crazy Dutch Addon Developer : ATLAS - Lost Treasure - Show Loot - Bank Stack - ATLAS Boss Logger

Donations : paypal
  Reply With Quote
12/04/14, 04:03 AM   #3
TribeofOne
Join Date: Mar 2014
Posts: 41
thanks guys for handling this. Hopdfully this ability will be blocked by ZOS.
Until then how can the coding ignorant protect themselves, besides suspect all addons?
  Reply With Quote
12/04/14, 05:45 AM   #4
BornDownUnder
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 59
I really do hope Zeni & you guys have banned him/her permanently and sent out notifications right across the affiliated sites of this person.

Originally Posted by TribeofOne
Until then how can the coding ignorant protect themselves, besides suspect all addons?
Best rule of thumb is to always wait a few days and read comments, etc. on the site where you get the addons. Unless of course you know the author of the addon is decent/genuine.

That being said this type of thing will never be rid of completely, just like lies in real life

Last edited by BornDownUnder : 12/04/14 at 05:48 AM. Reason: Typo in manual [I]quote[/I]
  Reply With Quote
12/04/14, 06:18 AM   #5
Garkin
 
Garkin's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2014
Posts: 853
Originally Posted by Cairenn View Post
The 'new' author of Atlas changed some code in it to make it so that you mailed all of your money to his character. If you got the version posted by the new author, version # 1.3.2 (download may show 1417671638), you need to get rid of it immediately. We have pulled that version from the site and restored the last version that CrazyDutchGuy had posted. You want version 1.30a. If you had not updated to the new version by the new author and are still using version 1.30, you are fine and don't need to do anything.
The last version of ATLAS uploaded by CrazyDutchGuy was 1.31, not 1.30. I still have this version installed. In version 1.31 was fix for a typo in XML file which was reported by spoqster in addon comments 09/21/2014. If you want, I can share this version.
__________________
@Garkin (retired from ESO)
My addons: SkyShards, LoreBooks, Dustman, Map Coordinates, No, thank you!, ... (full list)
  Reply With Quote
12/04/14, 08:55 AM   #6
Cairenn
Credendo Vides
 
Cairenn's Avatar
Premium Member
WoWInterface Admin
Join Date: Mar 2004
Posts: 430
Thanks Garkin, that would be great. Please email it to me? [email protected]
  Reply With Quote
12/04/14, 12:22 PM   #7
Sasky
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
Originally Posted by TribeofOne View Post
thanks guys for handling this. Hopdfully this ability will be blocked by ZOS.
Until then how can the coding ignorant protect themselves, besides suspect all addons?
Here's a few things you can do, roughly in-order of difficulty/hassle:
1. Do nothing. The GMs have been very prompt in restoring any lost gold from this. If ZOS had issues responding it'd be more of a concern, but if something does happen it won't cause you to lose anything.
2. Keep the bulk of your gold in your bank. It can't be mailed from there.
3. Wait a few days before installing any addon update.
4. Search for the string "SendMail" in addons. If you see it, wait a few days and/or post to see if it's valid. Some addons do need to use it.

We'll see if there are any systematic changes -- ZOS might add a gold send confirmation (or prevent addons sending mail, which would be unfortunate...). Also, it might be possible to create an addon that adds a confirmation dialog to any sent mail with gold attached or something along the lines of this bugfix to prevent all gold mailing.
  Reply With Quote
12/04/14, 01:23 PM   #8
rkuhnjr
 
rkuhnjr's Avatar
AddOn Author - Click to view addons
Join Date: Nov 2014
Posts: 26
Originally Posted by Cairenn View Post
[Edit] The new author has responded and stated that it was in there for testing purposes only, and that he has returned all the money he received. In the nature of giving people the benefit of the doubt and a second chance - if anyone who was bitten by this 'test' could let me know if they have actually received the money back by the author (not a GM), I'd appreciate it. Thanks
Only thing he was testing was to see if he could get away with it
__________________
And the fourth angel poured out his vial upon the sun
and power was given unto him to scorch men with fire
  Reply With Quote
12/04/14, 06:42 PM   #9
merlight
AddOn Author - Click to view addons
Join Date: Jul 2014
Posts: 679
Originally Posted by Sasky View Post
Also, it might be possible to create an addon that adds a confirmation dialog to any sent mail with gold attached...
The real challenge for such add-on would be ensuring that a malicious add-on can't disable its function.
  Reply With Quote
12/04/14, 08:04 PM   #10
Sasky
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
Originally Posted by merlight View Post
The real challenge for such add-on would be ensuring that a malicious add-on can't disable its function.
For an addon showing a dialog, it'd actually come down to load order for whether it's possible. If the malicious addon loads first and stores a clean version of the hooked function, it doesn't work. If the prevent addon loads first, it's good. It can keep the real SendMail() stored away privately, keep all functions private, and randomize the name of the control shown.

For zeroing gold, not sure. You might be able to hook something the add function to prevent gold being added, tie into an event to zero immediately after, etc.

From a more practical standpoint, ZOS is looking at this thread for feedback about how to block this. Since ZOS obviously gets to load code first, it's definitely possible.
  Reply With Quote
12/09/14, 04:41 PM   #11
farangkao
 
farangkao's Avatar
AddOn Author - Click to view addons
Join Date: May 2014
Posts: 59
Just an Idea, until ZOS fixes this ,we could write an Addon that is preventing this,
by redefing the Function used to send automatic mail.

So anyone who installed that Addon will not have to worry about it.

It may however break some useful auto-mailer addons if installed (are there such addons?).

But then if an Addon author is using that function in his code, it should be detected if possible
directly by ESOUI.com, because if someone is using functions like that he might also try other tricks not yet known by the community.
__________________
@farangkao on EU Servers. My Addon: Mobile Bank Extended, For Developers: ZeroBrane Studio - ESOAddonDev Plugin
  Reply With Quote
12/12/14, 01:40 PM   #12
mattmillus
AddOn Author - Click to view addons
Join Date: May 2014
Posts: 13
Writing an addon to prevent this is technologically impossible. Addon load order is not guaranteed, and there is no manifest option to force a load before all other addons.
  Reply With Quote
12/13/14, 01:02 AM   #13
Sasky
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
Originally Posted by mattmillus View Post
Writing an addon to prevent this is technologically impossible. Addon load order is not guaranteed, and there is no manifest option to force a load before all other addons.
Yeah, it's not even possible to guarantee that your addon's loaded. Consider that you can automatically disable addons from code (see http://www.esoui.com/downloads/info4...nProfiles.html for one example). So a malicious addon could just disable your addon if it's there, which would preempt any attempts to guard the send or attach functions.

Simply put, it's something that ZOS needs to do, because they can have private functions that addons can't touch.
  Reply With Quote
01/12/15, 01:31 PM   #14
Sasky
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
1.5.8 patch notes:
UI
Mail
  • You will now receive a confirmation box when sending mail that includes an attached item or gold.
  Reply With Quote
01/12/15, 02:18 PM   #15
Baertram
 
Baertram's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2014
Posts: 2,295
I hope the mail return bots still work with this "confirmation box"
  Reply With Quote
01/13/15, 07:07 AM   #16
Garkin
 
Garkin's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2014
Posts: 853
Originally Posted by Sasky View Post
1.5.8 patch notes:
There is a new event:
EVENT_CONFIRM_SEND_MAIL (to, subject, body, numAttachments, attachedMoney)

And new private function:
ConfirmSendMail(to, subject, body)
__________________
@Garkin (retired from ESO)
My addons: SkyShards, LoreBooks, Dustman, Map Coordinates, No, thank you!, ... (full list)
  Reply With Quote
01/15/15, 02:43 PM   #17
Raeyan
Join Date: Jan 2015
Posts: 1
Angry Yeah dude needs to get beat with a banstick fahreelz

Originally Posted by rkuhnjr View Post
Only thing he was testing was to see if he could get away with it
As a programmer, yeah I can verify that even without seeing the code. The fact that it mailed ALL your gold means he was detecting the exact amount of gold you had and then sending that amount. If a developer wanted to test a mailing feature like that, you'd use a constant value of 1 for the gold amount, not a check to see how much gold you had and send ALL your gold. Sending 1 gold makes it so you don't have to reset by mailing it back to yourself each time you "test" the functionality in game.

ZoS should ban him and you guys should probably do the same. I'm sure he's not going to be stupid enough to try a stunt like this again, but it's the principle of it. You don't get to try to rip off tons of people and keep on playing. That being said, I'd love to find the addon zip file somewhere so I could see the bit of code he stuck in there. $20 says it doesn't even remotely look "accidental" and by that I mean it's probably right smack dab in the middle of a function in which it's completely out of context.
  Reply With Quote
01/16/15, 06:31 AM   #18
Wykkyd
Are you Wykkyd Gaming?
 
Wykkyd's Avatar
WoWInterface Super Mod
AddOn Author - Click to view addons
Join Date: Feb 2014
Posts: 112
There's no justifiable reason for Atlas to be sending gold to the author, even as a test.
  Reply With Quote
01/16/15, 07:29 PM   #19
BornDownUnder
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 59
Originally Posted by Raeyan View Post
ZoS should ban him and you guys should probably do the same. I'm sure he's not going to be stupid enough to try a stunt like this again, but it's the principle of it.
I full agree, there should be no place at all for people like that in any community, in the real world it is called fraud. There should be no difference in stance at all in any format just because this happened in a game.

Out of curiosity, what was the decision made and actions taken as a result of this incident?
  Reply With Quote
01/16/15, 07:46 PM   #20
Cerulean2013
Join Date: Mar 2014
Posts: 25
I know people are complaining to this forum that he should be banned, but has anyone reported him to Zenimax?

If not people who were effected should report them.
  Reply With Quote

ESOUI » Site Forums » News » Malicious code in Atlas

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off