July 28th 2009 06:25 am
EVONY AND IVORY PART 2: SHADES OF MURKY GRAY Plus Scoop!
My Evony post received one very interesting comment from a Bruce Everiss, a sefl-described veteran games industry marketer who’s also behind the site BruceOnGames.com .
"I have researched this and it is possible that Evony is malware: http://www.bruceongames.com/2009/07/16/is-evony-malware/"
Malware was the trigger word that hit me like a bolt of lightning and sent me clicking the link. Here are excerpts from Bruce’s article:
"When you play a browser based game a number of things are happening. The game itself is running in a big remote computer, all your machine is doing is displaying the game and recording your inputs. It is being what is called a thin client. However in order to be a thin client for a game your computer needs to have in it the client software. So when you play a browser game like Runescape or Habbo the first thing that happens is that this client software is loaded into your machine. This is very trusting of you because anything could be included with that client software. Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony…
"There is this forum post from an Evony user: “Something happened this morning. Just when i logged in my account to play Evony, my Anti-Virus detected 4 trojans horse in explorer.exe. They came right when i entered my server. I am no expert about virus so I don<t know what happened there. Any help on the forum would be great as i do not want to join that server again until some admin tells me its clean. Took me 3 hours to clean my computer.”
And another one: “Hello, i would like to inform ye that your site is infested with Adaware. http://www.pctools.com/mrc/infection…e.Mostofate.E/ Every time i log onto evony this comes as part of it. I have tried it several times, deleting it THEN just opening up evony and presto its back on my Computer. Its the “monitors the users browsing activity.” that im not paticulary fond of !”
Now I am not saying that Evony has a trojan in its client software. This would take proper technical investigation. What I am saying is that the possibility of this being so is such that I would not let Evony anywhere near my computer. These people have already spammed the internet like crazy and stolen most of their game content, with behaviour like this I would not put anything past them."
Oh sweet Jesus, is there anything else we should know about WoWMine’s dynamic duo (who are probably on the Lam by now?) With all the dirty details on those two circumnavigating the World Wide Web, I’d be shocked senseless if there are people still buying from their gold-selling sites!
Oh, Bruce, interesting comment you left on your own post, BTW. You said: "The Google ads for Evony on my site come from different urls. Each time I ban some urls the Evony people just come up with new ones. They are spamming the whole Google advertising system." My question is this: why is Google allowing this? Or is there some loophole in Google’s system that the Evony people discovered? Enlighten me here. Hope I - and my readers - hear from you again.
Related posts
9 Comments »
Trev on 28 Jul 2009 at 9:07 am #
Those f*cking Lam brothers must take too much opium.
meatwad on 28 Jul 2009 at 10:28 am #
I sense click fraud deja vu!
Lestat de Lioncourt on 28 Jul 2009 at 11:38 am #
They might write, direct and produce their own movies next time. LOL.
Matt-ematician on 28 Jul 2009 at 12:58 pm #
Lam bros’ EVONY and Ivory versus Stevie Wonder and Paul McCartney’s EBONY and Ivory. Fantastic!
Hot "F"udge on 28 Jul 2009 at 1:18 pm #
Google is providing free wifi in Mountain View, kicking out Adsense members without rationality, and will be releasing their own OS. They’re doing everything now to earn big big big bucks. No wonder why they;re allowing almost all these scam sh!t to advertise. :3
Lee on 29 Oct 2009 at 11:58 am #
I am a student studying computer games design at uni and decided to investigate Evony.com.
Just to see what some of these games are like etc. etc.
The game is actually kind of cool (found myself addicted and even spent a little money on it).
But I started to notice HUGE bandwidth use by the site as I played.
I am not the only one either, there are comments on the evony forums about this.
This is odd because all of the client info, the animations etc. are all downloaded in one big download at the start.
There is no streaming media so I began to wonder what was going on.
To cut a long story short I decided to break the law and reverse engineer Evony’s client.
Not to cheat. Not to rip them off or even to use even a scrap of the code.
But just to poke about a bit and find out what was going on, maybe even offer them some ways to improve things.
Aside from the fact that the whole thing is very poorly constructed (it is really very beginner coder level stuff. Reminds me of a lot of
what the first year students produce for assignments) it contained some very interesting information.
Included with the client are 2 peices of tracking software that monitor your web use and which applications you have open while the client is running.
These do not install independently on the machine though due to the limitations of flash and do not actually damage anything.
But they harvest massive volumes of information. My firewall was blocking a lot of outgoing transmissions and it turns out that these
were the data trying to be sent out. So they know nothing about me. lol.
However there is a LOT of data coming IN over the ports the client uses. In otherwords it is downloading something into my cache for use later.
I have bandiwdth restriction which slows these types of tricks down and I completely clear my cache every couple of hours if I am heavily using the net.
I also noticed that all the varanbles etc. are named Civony still and that there are multiple references to UMGE.
Even a couple of folders are simply called UMGE, one of these folders contains one of the spyware programs.
So I can only guess at where the data would end up if I didnt have a good firewall.
There are also commented out sections in the code which contain references to UMGE and Lam himself, though low on details.
Thank you for reading this.
Lee
Lee on 22 Jan 2010 at 7:47 am #
I got the new version Evony 3.08. My older version was 2.16.
The new version has all references to Eric Lam and UMGE removed.
Neither the comments in the hex code nor the decompiled Actionscript have anything that refers to them.
Also the scripts that enumerated the active programs and sent and retrieved data with the remote servers is gone,
except for the actual game network link to the Evony.com game servers.
Even the code is a bit neater and more efficient.
At least the heavy scrutiny on them is having some pluses. lol.
David Guo on 01 Mar 2010 at 3:24 am #
Guo Yao Qi David (David Guo’s full name) is a top hacker and is the boss of Evony. He was involved in the 1999 hacking war between China and Taiwan. And he monetised his knowledge by founding the personal firewall company Sky Net.
Here an article about David Guo as a hacker: http://shenzhen.ccw.com.cn/it/200104/0423.asp
And here is the rough Google translation (Guo Yaoqi is also known as David Guo and owns Evony):
http://translate.google.co.uk/translate?hl=en&sl=zh-CN&u=http://shenzhen.ccw.com.cn/it/200104/0423.asp&ei=p2mLS_zxAoT40wTQyLnICw&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3Dhttp://shenzhen.ccw.com.cn/it/200104/0423.asp%26hl%3Den%26sa%3DG
John Armour on 12 Mar 2010 at 8:18 am #
Lots of people are leaving Evony now. Some were banned for botting, some got fed up with the lack of customer care and others didn’t like the interminable farming necessary.
Mostly they have moved to the many similar browser games. Current favourite is War of Legends, mainly because it is published in the UK and has good customer service and no endless farming.