Well I'm back from camping & pissed as hell! I removed the TSR tool the day before my camping trip (28th of July) & around 10 pm that night maybe a lil earlier i had posted a happy birthday to Midgey on Sims Cave. I went back awhile later to see if he had responded & saw those god awful pics that had taken the place of my birthday images in the post to Midge.

I went directly to photobucket & tried to log back in. It kept telling me wrong password or user name. So i tried going to my media fryer account & found my password had also been changed there & could not log in. So i sent a few emails from my AO Hell addy to support for both those accounts. I waited for over an hour with no confirmation emails from either site. So i closed Outlook, went to AO Hells site, signed in, went directly to pop forwarding & found the settings for receiving email had been changed to block all senders. Those settings were changed on or around the 16th of July because that was the last time i had any e-mail come through on that account. I immediately changed my AO Hell password & reset the pop forwarding. Then i went to facebook & my account was gone. It had just completely disappeared.

I contacted all the sites affected & the day of my leaving on my trip the only 2 that had responded were photobucket & media fire. They had asked me to send them my personal & account info to prove it was me writing them. I sent those off & left on my vacation. When i got home tonight i had 3 e-mails waiting for me. 2 e-mails reinstating both my photobucket & media fire accounts and links to reset my account passwords. The other was from facebook requesting info to prove who i am.

I am slowly working through my photobucket now removing all of those photos & on my media fire account 3/4 of all my files had been deleted by who ever got in. Now as to my TSR sign in & password i use a different e-mail & a variant of my usual password. My old TSR account however used the same e-mail & password until i was banned for file sharing by ATWAT a few years back.

I am not surprised that the same proxy was used to hack both mine & shanows accounts. I know exactly who did it & YES ATWAT it was you!

FAKE Edit....
Fixed a few typos. I wrote the above last night & was tired as hell

So the TSR tool is hiding data in something where you would not expect it to be hidden? Like a hidden message or data file within another file?

I'm not sure what it sends when uploading to TSR directly from the tool, as i have not done so. It does ask you to sign into your TSR account thru the tool to upload your items directly. Delphy or Jfade might know a bit more about that, but they haven't posted anything else on the subject as of yet at MATY.

Ok ive noticed right off that the file listed in those screenshots is TSRWorkshop.exe. When i installed the TS3 Workshop it does not add itself to windows startup & there is no file in the programs install folder called TSRWorkshop.exe.

Heres what is in the programs install folder...



The exe to start TS3 Workshop is Sims3Workshop.exe. As i have stated in another thread here i have scanned before install & after install with my Antivirus & Malwarebytes. It came up with nothing. Looks to me Shanow has installed a totally different program & not the TS3 Workshop or atleast not the one i have installed.

FAKE Edit....

Ok i see TSR has released a beta version of this new tool today. I've scanned with both programs as before & found nothing though my firewall now is telling me that the exe is wanting to connect to the internet after i start the program. The file name is TSRWorkshop.exe. It did'nt however add itself to my startup. I'm assuming it wants to connect to show me the TSR CC Showcase of items already available on TSR? Looks to me like they have used a similar setup along the same lines as the TS3 game launcher.

I've downloaded the tool from TSR & scanned it with my Anti-virus & Malwarebytes both before install & after install. They both found nothing. It's also alot simpler to use then Delphys tool too. Its the ad's at TSR that have been injected with malicious script that are infecting people.

I've seen other sites that have the same problem, specially blogs etc. Most likely TSR was injected with malicious code unknowingly. Here's how Code Injection works.



Step 1:
The hacker breaks into your system through vulnerabilities in your web site.

Step 2:
The hacker injects malicious code into your website.

Step 3:
Your customer visits your website trusting your reputation.

Step 4:
The injected code in your site compromises his machine: a virus is downloaded to his machine (machine can be turned into a bot that the hacker controls from his computer).

Step 5:
Search Engines visit and blacklist your website as malicious.

Web security is an arms race between good and evil. If a service is networked and interactive, it is most likely not 100% secure. It can be only made less vulnerable. Proof: Security giant Symantec and Kaspersky’s websites were cracked by hackers in 2009. If security companies can’t keep their website safe, who can claim they are secure?

Why antivirus software and a firewall are not enough.
Unless you are willing to give up on Web 2.0 functionality, web-site owners need to go beyond antivirus software and firewalls. There are ever evolving vulnerabilities and mechanisms for gaining access to a website. A major factor is vulnerabilities through one’s website. In addition there is the human factor; the careless employee who visits a malicious website, fails to protect their password, or brings an infected laptop inside the firewall. As a result, expecting you will never be broken into is like hoping that your home will never be burglarized.

The Code Injection attack and how it can kill an e-business.
Code injection turns your website into a beacon of malware dissemination without your knowledge. Its typical goals are to: (a) disseminate viruses and compromise your customers’ computer, and (b) perform identity theft on your customer. The problem is real: BusinessWeek was hacked (Nov 2008), 70,000 pages were hacked in June 2008. Code Injection can ruin an e-business: Once blacklisted by the major search engines, the reputation of one’s website plummets (reportedly from top 10 to bottom 10,000). In addition, currently there are no good tools to help you recover from a code injection. The stopbadware.org is filled with people unable to get off the blacklists.

I BET YOU DIDN’T KNOW:
a. Viruses started to masquerade as anti-virus software to fool people into downloading them.
b. Cyber-crime as a Service: (CaaS): Providing a rogue spam campaign or launching a DoS to a target of choice has its own market:

“Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, a security expert has said.” ITNews 3/2009.

“Researchers have found that, in their haste to get rid of annoying popup alerts, most users don't bother to examine popups for the telltale signs of browser-based malware.” - Ars Technica 8/08.

“40% of surfers don't bother with browser security updates” -Ars Technica 7/08.

The intertwined world of cyber-crime.
Interestingly, many malicious activities are interconnected and supportive of each other: viruses, bots, website intrusion, code injection, and spam are tightly related. For example, consider the following cycle of crime: (a) a hacker uses code injection to create a malicious website, (b) the hacker uses a botnet to launch a spamming campaign attracting users to a malicious website, (c) careless users visit the website, are compromised and turned into bots, (d) the newly created bots are used to do more spamming.

Rohina? Is that you?

This part just dosent make any sense. Oh yea like EA is going to recall all those discs that were sitting in warehouses waiting to be shipped because you all found out how package files work in ts3. Oh back to the drawing board, those damm modders in the sims community figured out our code

If i dream about ThomASSes tool tonight its all yours & Markus's fault Dstar

This just sounds so wrong *trys to get mind outta the gutter*

Coconut updates again....
http://tsr.mustbedestroyed.org/?p=791

Coconut's reply to Zazazu in the comments section...