EVE Search - Market Bot is a scam

All Channels

Market Discussions

Market Bot is a scam

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Algorithm 5	Posted - 2007.03.05 20:03:00 - [1] Was intrigued by the mention of an EVE market bot the other day, so went and found the site it was on and downloaded the executable. Of course, there's no way in hell I'm either going to 1) Give someone 120m isk 2) Actually run the damned thing and risk either breaking the EULA or having my eve account stolen or having my computer pwned, but I was curious how it was implemented. The funcionality they were talking about would seem tricky to implement given the weird buggyness of the market sections of the EVE GUI, so I wanted to decompile it and see if it was mouse/keyboard etc. The only other way I could think of was image recognition, and that's hardcode stuff. But weird, the program is only 600k. That's not much to do anything and it's a single .exe. That's not much room to do anything given what it's trying to do. OK, lets run the thing through 'strings' on a linux box to see if it is trying to call home or hack my box. No ip addresses or evidence of calling home, but what do you know! Quote: aa3244f45674 vd3667m32445 op5213g12435 mk7865f13546 xc7654r67867 wr6123b13275 mn2437q08987 nm0098s35469 jj5677x98367 io5454v34589 ff6677z54548 6543-7432-9875-7894 6415-5656-2618-9753 5216-1256-5879-9584 6494-5563-2651-1687 9563-4586-9597-8312 4379-8895-6434-8959 7637-3218-5297-3452 8564-1269-4256-8954 7921-9452-1891-4263 8478-1564-6547-8654 9473-4532-6424-7422 The "buy" page on the market bot website mentions an "anti-scam" method. You contact them, they give you your "personal code" (which I'll bet looks like that first list) and then you give them isk and they give you a "registration code" (which I'll bet looks like that second list). In fact, it looks like a simple declaraction of a list or hash with 10 hard-coded license numbers. Also, all the GUI elements appear to have the default names (Button1, Button2, Button3 etc) which is classic evidence of a simple GUI mockup. There's no other error or message strings in the application, so obviously it's never going to throw a prompt at you. In fact, judging from the binary it's not much more than a simple Delphi mockup of a GUI. There's nothing to even find the EVE binary on the disk, and some strings that suggest obvious bugs. Rightio then. A quick heuristic virus scan on the binary shows nothing particularly evil, so lets fire it up. It wants my character name, so enter random junk. Personal code, enter one from the first list. The program says it's good. Enter the registration details, in real life I'd have paid them by now. A curiously-close-to-one-second pause to look like it's doing something, and the program says I'm registered. Click ok and blam, "Access Violation at blah blah blah". If I was the scammer, at this point I'd be leading people on promising a fix etc etc... So my analysis. That website and the application is a well executed scam. And note the license counter at the top of the page keeps going up. I'd bet you that's their scam counter, the number of people that have fallen for it. At 50 people, they'll announce the scam and the 6 billion isk they've made. As for the "thanks" down the bottom, I'd bet you that's either the name of the guys running the con, or names of well known EVE people intentionally put in there to muddy the waters and gain credibility. :) Well done whoever came up with this, by the looks you're already over 3 billion richer.

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.