IIRC, at day 1, UE was paid only. This is probably the main reason unity is more popular today. I think that, after seeing unity success, UE started changing its ways.
Last edited:
Unity is merging with ironSource a know malware provider
- Thread starter jkj54
- Start date
- Jun 10, 2017
- 10,376
- 15,289
And if, for whatever reason, a corrupted version is uploaded, it will not stay long ; the community is really reactive when it come to this issue. I've seen it happen twice, perhaps three times, in five years, and really every time the links were removed in less than one hour.
Add to this one's own anti-virus plus, like you said, TotalVirus, and also one's firewall/IP filter. What more could one ask for ?
Even if I was trusting myself enough to catch a malware subtly hidden in it, I'll not review the source code, then compile it, every single time I download an adult game. And I doubt that anyone would do it.
If anyone is that paranoid, they could run porn games (or any software which might be remotely sus) in a VM.
- Jun 10, 2017
- 10,376
- 15,289
If the exploit works, then the target deserve to have been compromised.
And I'm aware that there's a shit tons of none updated computers all around the world. I found a code red signature in my firewall logs, hmm, it was in December if I remember correctly. This shit is 21 years old !
But it's like zero day exploits, that worth too much to be used on a generic attack.
This being said, there's an incoherence in your logic. If VirusTotal do not detect it anymore, it mean that it disappeared from all anti-virus database. Therefore, you don't need to make a single change in the exploit, using the original is enough.
Except that, if the exploit is still usable on your target, it mean that its user/admin don't care to keep things up to date... what include the database of its anti-virus. What mean that you can't be sure that you'll not be detected and stopped.
And finally, if your alteration is enough to make it not detected by its not updated anti-virus, then you don't need to wait for the original to disappear from the databases.
And, obviously, yes, virus total isn't used just by good guys. Bad guys also use it to see if their own variation is detected or not. But, like I said, this worth a lot and will rarely be used on a generic attack.
I wonder. If anyone is that paranoid, why is he on a pirate forum "full" of ads ? It's a well known fact that nowadays ads are used to spreads malware. Most ransomware are spread that way ; you look an innocent flash advertisement, and the second after your computer is locked.
- May 24, 2020
- 196
- 204
You must be registered to see the links
Edit: I'm dumb, I still think the same concepts apply even in malware written for mass distribution but I dont know enough about writing it in general
Last edited:
- Jun 10, 2017
- 10,376
- 15,289
You aren't dumb, you are (still) short in knowledge regarding this topic, what is different.
The link you gave don't really address the point you made, but it, with what you crossed out, permit me to understand what you wanted to say. And you aren't wrong, but aren't right either.
The principle is used by bad guys, but like I said it worth as much as zero day exploits and will generally not be used on massive scale.
To summarize, the bad guys will probe their target, found some vulnerabilities, then use an undetected variation of an exploit to... well, to exploit them while taking less risks to be detected by the anti-virus. I say less risk, because nowadays they don't just rely on a signature database, and you can't really change a suspicious behavior.
I know that I said that if the computer isn't patched, the anti-virus probably isn't, but it's just half true ; it only apply massively exploited vulnerabilities. It's a shame to say it, but admins don't always patch their system and the computer under their care. Else they would pass most of their time doing it. Instead, they balance the risk, and wait for the next update if it seem low.
What mean that you can found computers that will have a (relatively speaking) old vulnerability, but an up to date anti-virus.
All this being said, the risk don't just come from older vulnerabilities and malwares that have been removed from anti-virus database. There's new virus everyday, and they are as dangerous as the old ones that aren't detected anymore.
It's always a question of benefit-risk balance, as well as trust on both the source where you get the software, and your own level of security. At one time you've to say, "ok, it's a good enough security for what I'll do". Else, you end with a military grade security, and it's just not bearable.
Use an anti-virus, keep it up to date, and never forget that you aren't and will never be protected at 100%. And you'll be safe, perhaps even all your life.
- Aug 6, 2020
- 57
- 110
- Jun 10, 2017
- 10,376
- 15,289
Oh my good, this is so true...
I'll not give names, but a high ranked admin, from a middle range company for which I worked, once e-mailed part of the password database to an external mailing list. It was funny to receive an e-mail saying (I summarize) "please, can you change your password, preferably right now, just in case..."
The weakest link in the security chain, is always the human factor. And you are the human factor when it come to your computer.
Once you've the basis (anti-virus, firewall/IP filter, possibly a sandbox but it's not mandatory with a good anti-virus) and try to be careful in what you do, you're protected against most treats that can target you.
You (readers) are a nobody. Don't feel offended, I'm talking from the eyes of bad guys. There's still perhaps 1% of you (readers) that is possible worthy, because in a key position in this or that society. But if it's not your case, then no one will ever try to break specifically into your own computer. What the $1,000 you've in your bank account are, in comparison of the millions they can get by breaking into a CEO computer and, from there, compromise all the network of his company ?
This mean that the treats you're facing are all generic, and therefore there's 99.99% chance that your anti-virus is already ready to catch them. Just be careful, and keep your anti-virus up to date.
For anyone interested, "right click>run in a sandbox" is all you need to do if you have a software like sandboxie plus. (I always do that when virustotal gets some hits)
- May 24, 2020
- 196
- 204
I crossed it out because I reread your post and realized ive never been a malicious actor and was only ever learning on targets and in labs that were intentionally made to train pentesters. I'm not a malware analyst and im not knowledgable compared to most of the people I've met, I was just assuming that writing malware is similar to a little of what I had done in the past which isnt true. Writing malware to hit a large number of people is different.
Its been like 2 years since and I've given up on finding a career in security so my knowledge is dated. I remember using tools related to what i linked to help obfuscate my payload. I would then look at code and move things that would allocate memory and create threads out of the main body and into declarations in order to keep them from being seen as suspicious. I would layer an attack by creating some innocent stager to reconstruct my payload in a file and then using something accessible and integral to an operating system like VBS to go execute it. Its been a while, Im not sure if all that makes sense technically but its hard for me to water those experiences down into something readable because the way I had too learn was through really sporadic pieces of info. I still dont know what I was doing entirely but I did get the flags I needed to show the labs had been finished.
I've never written anything security related that used raw shellcode without my hand being held. The stuff I did do, I know doesnt work practically because AV uses a mini vm like thing to execute, test code, and it will usually flag it the moment that happens regardless of what that code does. All my knowledge came from random books and labs where you are given an environment to work in.
lol I used to tell people if they dont want to get caught that they need to buy a bow, and learn to hunt since theyll be living in south sudan if they really need to evade the law
- Jun 10, 2017
- 10,376
- 15,289
Less dated than mine. I know a bit more than you because it have been my job ; strangely you learn faster and remember better when you've to secure even just three/four real computers, with real data and users. But in the same time I quitted this field more or less 10 years ago.
So, don't sell yourself short. I'm a bit better when it come to logic (how, why, etc.) due to my experience, but once it become more technical, or practical, I now worth nothing. I can secure correctly my computers, because the risk is low, it's probably all I can still do. After so many years I'm not even sure to remember correctly everything I used to know and be able to do.
That it works is secondary, as well as the fact that you globally did what you was told to do. You acquired knowledge that not enough people working with computers know. Hell, don't remember the name, but a HiTech company selling cameras for video conferences have been caught recently with a big flaw in their security ; you don't need to enter the admin password to turn off the need to authenticate before you access the settings.
It's probably because we are a small company led by a bigger geek than me, but if we needed to hire a coder, such knowledge would be a big plus in his curriculum. You're not able to do it anymore ? We don't care, you know that it's possible and then you'll be more cautious while writing your code.
If you want to be hired in anything related to computers, put this in place where it will be clearly visible. Perhaps that you'll never try to be hired in a company like the one I works for, but you never know, and anyway it will not talk against you.
But, hmm, I guess we are definitively fell off topic now, so I'll stop here.
I doubt you have to worry about malware in Unity now because of this merge. IronSource is also not in this malware business nowdays. It’s about in-game Ads on Mobile Games or something. And if they would lie and actually do something fishy, this would pretty much just be nothing else then a self destruct operation. This survey seems misleading.
IronSource never created any malware. It made an installer tool that some people (not affiliated with IronSource) used to create malware. To claim this as providing malware is similar to saying that Renpy is distributing malware because some people decided to inject a virus into their Renpy game, which of course is an absurd statement.
I think the whole problem was that this happened a short time after the wave of layoffs, where people were already in Unity bashing mode. That malware headline is also a very effective clickbait, so the misinformation ran wild
Last edited:
Well, let’s say making a tool which “ninja installs” additional software isn’t exactly ethical either. It’s pretty much calling for abuse. IronSource probably hasn’t created any malware themself but I would not let them out the hook by saying they haven’t done any business with it. But again, it’s a thing of the past and spreading misinformation harms the game-devs first before it start to harm Unity.
- Jan 15, 2020
- 125
- 75
information of the past true but they are still in the mobile info/spy game and lets face it if they had 0 intent of malware then why did ti take so long for those programs to get shut down?.
If i had a program being used to infect others pc's and making my image look bad i would imeditaly dis own those bad apples and try my best to fix the situation. But to my knowledge iron source did not do this for awhile after the situation started.
You should try Godot instead. It's available for other
You must be registered to see the links
as well
- Jun 10, 2017
- 10,376
- 15,289
Since the last decade, trucks have been used for terror attacks in some place around the world. Should the world stop selling and using them for this reason ? Or is it an unwanted side effect that wouldn't change if truck were definitively banned, while 99,99% of the time trucks are still used as intended ?
It's exactly the same problem here. It's not because a software is sometimes used in a none intended way, that its publisher is responsible. They should have been more careful in the start, but once they released it, it was too late anyway. It's internet, it's not like you can't find a software that isn't officially published/sold anymore.
- Jan 15, 2020
- 125
- 75
With software though old version with the abilty to create said malware would still be out there the original creator taking a stand and trying to rectify the issue is a big difference than standing around.
Like Ea with securerom eventually they created the uninstaller and removed that drm or the whole ps3 clock issue.
In this case lets say version 1.0 allowed you too do this so say hey internet watch out for this version then you make sure future version cannot be used in this manor.
Yes there is no way to 100% secure it and once the cat is out of the bag its a patch war but doing something is better than nothing.
- Jun 10, 2017
- 10,376
- 15,289
You understand that you're comparing two situations that can't be compared, right ?
EA haven't made a software that can be possibly used in a malicious way by third persons. It was their software that they designed for this malicious use. Of course it damaged their image and they had to act, because they were the bad guys.
This while IronSource made a software without bad intent, and this software was misused, in a malicious way, by third persons. It wasn't their fault, and it clearly haven't effectively damaged their image, except in the mind of some end users, else the global valuation wouldn't be US$ 4.4 billions.
There's another example like that, a really old thing, that OsamiWorks remind me, executable packers.
The first one was probably wrote in the mid 80's, to help reduce the size of a software, at a time where RAM size was almost always bigger than storage space. Bad guys immediately jumped on it ; what a great way to escape anti-virus (at this time) limited detection capacities. Yet, no one stopped to make executable packers, nor stopped to use them, and even less blamed their publishers. In the early 00's, some were still occasionally used.
The publisher is not responsible for the way third persons misuse their product. I will even go further, when this happen, it's an opportunity for the good guys. All grey actors will jump on it, instead of paying hundreds of thousands to a cracker group for a personalized code. This make the job easier when you've to secure your own end. The same code, the same signature, and the same behavior, used by a tons of wanabe bad guys ? Wow, let's catch them all with these few lines long countermeasure.
- Aug 6, 2020
- 57
- 110
Nice example, there were actions against this kind of issue:
Europe has narrowed down square entrances, put barricades and cement poles all around the crowded places, so you have a lot of trouble just ramming in with a truck-driven terrorist attack.
At the time this policy started ... it just seemed a dumb.
Took time to understand it: they're not a solution, just a deterrent.
When software behaves in a harmful way, you have other options to make it work but no deal damage.
Ransomware would not have spiked in attacks if everyone had made backups.
Well, in case of this specific company, there are sources that does not sustain this line of press. (Meaning: they were expecting it to work this way and hoped not get caught).
I had no direct experience, so I just say there are two sides of the story, and I'm biased on the non-trusting side.