Another day, another epic fail in World of Tanks.
Ok, folks, you know all those THOUSANDS of fucking mods they’ve made for this shit game for years, some of which are illegal, that people have bitched about since day one?
Well, what if we told you that the reason your computer is fucked up, your game is laggy and you crash all the time and your account got stolen or hacked is because of the very mods you downloaded from Wargaming’s mod center?
Don’t think so? Well, you’re fucking WRONG! Because that’s exactly what causes it.
The beans were spilled completely by the guys over at Overclockers.ru.
You probably are all aware that the mods for World Of Tanks are written in python, which allows the author to do pretty much anything with your computer that the author wants should you use it.
What’s more, with all the different distributors of mods, you can’t be sure that the particular distributor didn’t open a mod, add ddos with trojans to it, repackage it and send it on to you.
World of Tanks from day one has had a small, limited cast of programmers that make the mods for the game. There are also, however, many distributors of these different mods that make “packs” and re-distribute them. So odds are good that depending on where you get the mod any number of people could have opened, modified, added hacks, ddos, trojans or anything else to it and then passed it on to you the unsuspecting end user.
What’s more, you make yourself powerless against them because you grant them permission to install them to your system when you download them.
Let’s take for example the mode “Sweepable Objects”, the author of which is the modder Stealthz. Stealthz is responsible for many cheat mods in World of Tanks.
In general, in almost all the mods from Stealthz, the DDoS and Trojan files are included. Support for domains, as well as assistance in writing codes, is carried out by PolarFox and Lelicopter modders, the creation of computer-deployed DDL wired in the trainer tundra from DrWeber, who does it as DrWeber or Makct.
Well, let’s start the mod. Here’s what we see:
Wargaming has never been able to secure the game, so the game is patched when you install the mod and a special key and third-party modules are downloaded to unlock the game’s privileges. You may be wondering what the highlighted IP address is. Well, this IP address belongs to the mods2all.com domain, the owner of which is the PolarFox mod writer, and by the way, the DrWeber tundra also sends and downloads questionable data to it.
As if that weren’t enough, next a specially written DDL (Trojan constructor) is loaded, which is installed on your computer for ddos and the ability to steal your passwords.
The WotZone domain information is also recorded and sent to the PolarFox model. As the mod installed the trojan and connected to the Internet, a small Stealthz mod script executes and sends the competitor’s information to the moder’s website https://Delysid.ru.
And again, as if that’s not enough, if they want to cripple you and lock you out of a game, the mod can ddos you not only by domain but also by IP address. The above code allows you not to write 127.0.0.1 to the host file in order to access IP directly.
Note by Thing 1: Remember all the DDoS lockouts in clan wars a few years back? This is how it was done.
Now imagine what happens to the site if there are thousands of such computers and also imagine how many passwords of accounts all of the people who use these mods are stolen at will.
Mods from mods Stealthz, PolarFox, Pavel3333, Sae, Ekspoint are full of this stuff!
Here is a short list of files that trojanize computers:
Here is a short list of sites from which these exploit scripts are downloaded to the game:
What can I say? This criminal group of programmers is probably going to jail for a long time if they are ever caught.
The bigger problem is that Wargaming can’t mention its inaction when this happens. I have very high hopes that Wargaming will respond to this, fix these mods and start making the game safer for people.
For python specialists, I am attaching proof of the criminal programming in this code. The mod is obfuscated and anyone who knows it will not open it, but a programmer with knowledge may do so, but even through hex and a debugger you can see what kind of crime it is: https://yadi.sk/d/uCj0HFDYiuI9Ig
After this article was published, the criminals reacted to it very quickly and removed all links from the sites as well as updated all the mods and also disconnected all Trojans for downloading or moved to other domains.
It turned out it tried to download a trojan to the game. On the screenshot above, it is clear that virus total cannot even determine the type of files that the attackers use to protect their hacks. You can also see that even more files are decrypted when they are launched. After the article was published, the experts might not have time to look at the files, spreading out what computers are being trojaned to learn from by anti-virus companies: yadi.sk/d/zLidC8QQ6363w
It is very sad that the company Wargaming allows this in their game!
And that’s it, folks!
Now, here’s where it gets even worse: You have all those other “mod packs” out there put together by every Tom, Dick and Harry on the fucking planet that have NO CLUE what is actually in these mods putting them all together and giving them to you.
Most of these illegal hack modders are in one mod or another in multiple packs in the official World of Tanks mod pack page RIGHT FUCKING NOW.
So all that glitchy play, all that lag, all that game crashing, all that “what the fuck happened to my account”, all that “I’ve been hacked” shit all comes from the mods, folks.
Not long ago, we were accused of hacking several people. I couldn’t for the life of me figure out how. I mean, we’ve done everything we can to eliminate people ever having to supply us with any fucking thing since day one.
Now we all know where it all came from. The mod packs.
And Warfailing allows it to go on unabated. What a crock of absolute shit, eh?