|
|
Post by Ratae on Jun 4, 2014 17:07:10 GMT
So...as I've often mentioned on here, I'm a naturally born suspicious old git. On another thread I posted about a streaming program called Ace Player. I mentioned that it had stopped working, because it had somehow sniffed out that I was using a custom Host file to block ad server domains and stuff. I tried several ways to get around this problem, with some initial success, but eventually I always got the "Can't show because ads etc" message coming back. But recently, because there was something I wanted to watch and the flash streams were not very good, I had another pop with the Ace player. This time I disabled my custom hosts file, then clicked on the Ace stream which then worked perfectly. Afterwards, I restored my custom Hosts file. Since then, all the Ace streams have run on rails.  That was when my suspicious nature clicked in. "Why" I wondered, did the Ace player not work when my Hosts file was working, worked when I temporarily disabled it, then continued working after it was re-enabled?  Hmmm thunk I.....I wonder if when I disabled the Hosts file, Ace player had snuck summat on my puter, and that's why it's continuing to work even though the custom Hosts file is active. So 'safternoon I ran some scans.  Yep...MBam found a few of the usual PUPs..but it also flagged up a really nasty trojan called 'Hacktool.Agent'  Well...I got MBam to remove it and rebooted my puter. Then ran full scans with Mbam and SAS which all came up clean. Then I opened a streaming site and clicked on an Ace stream, sure enough, it wouldn't play, that old "has detected that an ad blocker etc" message flashed up. Like I said, I'm a suspicious old git, and I suspect that the 'Hacktool.Agent' trojan was put on my puter when my custom Hosts file was disabled. Seems a reasonable assumption to me. What do you reckon? |
|
|
|
Post by fletch on Jun 4, 2014 17:21:19 GMT
Sounds about right Dave the hacktool hidden in a add
|
|
|
|
Post by nob on Jun 5, 2014 7:45:09 GMT
I'd also go along with that it seems a logical assumption. Whether the makers of Ace know about it I dunnow.
|
|
|
|
Post by petersmyth1 on Jun 5, 2014 9:54:31 GMT
Like I said, I'm a suspicious old git, and I suspect that the 'Hacktool.Agent' trojan was put on my puter when my custom Hosts file was disabled. Seems a reasonable assumption to me. What do you reckon? Just saying like. |
|
|
|
Post by Ratae on Jun 5, 2014 10:49:07 GMT
Like I said, I'm a suspicious old git, and I suspect that the 'Hacktool.Agent' trojan was put on my puter when my custom Hosts file was disabled. Seems a reasonable assumption to me. What do you reckon? Just saying like. Well thanks for that interesting little gem of information Smudger, but errrrrr..........what has that to do with 'Hacktool.Agent' |
|
|
|
Post by petersmyth1 on Jun 5, 2014 13:14:21 GMT
Well thanks for that interesting little gem of information Smudger, but errrrrr..........what has that to do with 'Hacktool.Agent' HACKTOOL AGENT gets 10% of all sums paid by mugs to remove Hacktool malware from their HDs. |
|
|
|
Post by Ratae on Jun 5, 2014 17:02:03 GMT
Well thanks for that interesting little gem of information Smudger, but errrrrr..........what has that to do with 'Hacktool.Agent' HACKTOOL AGENT gets 10% of all sums paid by mugs to remove Hacktool malware from their HDs. Well bully for them. Errrr..who's the lucky git that gets the other 90% of the dosh? |
|
|
|
Post by petersmyth1 on Jun 5, 2014 17:45:54 GMT
HACKTOOL AGENT gets 10% of all sums paid by mugs to remove Hacktool malware from their HDs. Well bully for them. Errrr..who's the lucky git that gets the other 90% of the dosh? Probably Bill Gates.  |
|
|
|
Post by Ratae on Jun 5, 2014 19:30:53 GMT
Y'see, although I've taken no chances with this Hackware thingy, I'm not absolutely convinced that in the case of Ace player, that it's a virus. The reason is because I've never been able to work out how Ace streams work. I know Ace player is based on the open source VLC player, which is outstanding, and I know that the streams use torrent technology. But....I've never discovered what sort of torrent client it uses, like Utorrent for instance. Also, on Ace player forums, many folks have been unable to use Ace streams for the same reasons as me, that was how I found out that my Hosts file was the problem, but no-one mentioned Hacktool on those forums. It is possible I s'pose, that Hacktool is part of the technology that makes those Ace stream torrents work. Dunno....but the name don't help innit. Just a thought. |
|
|
|
Post by nob on Jun 5, 2014 21:38:49 GMT
Dave have a read of this, ace stream looks like it carries all sorts of nasties from what people embed, it is like torrents and that's why I would scan any downloads if I used them. en.securitylab.ru/poc/448868.phpAs you can't scan I would think your protection is stopping the streaming. |
|
|
|
Post by Ratae on Jun 6, 2014 17:17:49 GMT
Dave have a read of this, ace stream looks like it carries all sorts of nasties from what people embed, it is like torrents and that's why I would scan any downloads if I used them. en.securitylab.ru/poc/448868.phpAs you can't scan I would think your protection is stopping the streaming. Hmmm, interesting Nob, I think I'll have to re-sack those Ace Streams until they come up with a security fix for the problem. Thanks for the heads up pal.  |
|
|
|
Post by Ratae on Jun 7, 2014 18:30:24 GMT
Update...I have removed Ace Player from my machine. As Nob suggested, it isn't either the player or the streamers who install the malware on a machine, it's hackers who exploit the UPNP function of a router and because of the way live torrent streams work, there is no chance to check them first.
Until this vulnerability is fixed, I won't be risking it!
|
|
|
|
Post by nob on Jun 8, 2014 7:58:48 GMT
Wise move I wouldn't trust things I cant scan. |
|
