Hi,

Looks like they got hacked and customers are now getting an email
supposedly from them asking them to install some update software - one
halfwit already did that - the results here :

http://simhq.com/forum/ubbthreads.php/topics/2981560/WARNING_Do_not_install_from_Ba.html#Post2981560

The Battlefront site is down so they're probably dealing with it right
now

Greetz,

Eddy Sterckx

In article <7a99a168-70c3-4348-9c04-5c1f856c91fe@
33g2000yqj.googlegroups.com>, eddysterckx@hotmail.com says...

> Looks like they got hacked and customers are now getting an email
> supposedly from them asking them to install some update software - one
> halfwit already did that - the results here :
> 
> http://simhq.com/forum/ubbthreads.php/topics/2981560/WARNING_Do_not_install_from_Ba.html#Post2981560
> 
> The Battlefront site is down so they're probably dealing with it right
> now

Ah.  My old comrade "Total Security," or some variant.  It's just a pain 
in the ass.  Login with the "Administrator" account (you do have one, 
right?) and run Malwarebytes.  Problem solved.

Some of the nastier versions unclip a bunch of .exes, turn off your AV, 
and put up a flag (FILE INFECTED!!!) if you try to run taskmgr.exe or 
regedit.  Just rename them temporarily as "iexplore.exe" and the malware 
will let you run 'em.  From there's it's trivial to kill it off for 
good.

Oh, and don't be stupid enough to *ever* run software you get in an 
email.  This is so painfully dumb I'm horrified that anyone would do it. 

Don't let this guy operate any heavy machinery.



-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

The sad thing is that even though they have a maintenance message on
their front page, they are still serving up the infected file.

"Giftzwerg" <giftzwerg999@hotmail.com> wrote in message
news:MPG.2612c3459666cf9d98983f@localhost...
> In article <7a99a168-70c3-4348-9c04-5c1f856c91fe@
> 33g2000yqj.googlegroups.com>, eddysterckx@hotmail.com says...
>
>> Looks like they got hacked and customers are now getting an email
>> supposedly from them asking them to install some update software - one
>> halfwit already did that - the results here :
>>
>> http://simhq.com/forum/ubbthreads.php/topics/2981560/WARNING_Do_not_install_from_Ba.html#Post2981560
>>
>> The Battlefront site is down so they're probably dealing with it right
>> now
>
> Ah.  My old comrade "Total Security," or some variant.  It's just a pain
> in the ass.  Login with the "Administrator" account (you do have one,
> right?) and run Malwarebytes.  Problem solved.
>
> Some of the nastier versions unclip a bunch of .exes, turn off your AV,
> and put up a flag (FILE INFECTED!!!) if you try to run taskmgr.exe or
> regedit.  Just rename them temporarily as "iexplore.exe" and the malware
> will let you run 'em.  From there's it's trivial to kill it off for
> good.
>
> Oh, and don't be stupid enough to *ever* run software you get in an
> email.  This is so painfully dumb I'm horrified that anyone would do it.
>
> Don't let this guy operate any heavy machinery.
>
>
>
> -- 
> Giftzwerg
> ***
> "Just look at what has been happening for the last three days; the so
> called skeptics haven't noted it because it's not snow. But the
> downpours and heavy winds are consistent with what the scientists have
> long warned about."
>                                        - Al Gore
> "Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
> some weather that's .00001% off average for a specific day."
>                                        - Giftzwerg

"We are proudly presenting new update client for all games from battlefront
for FREE.

You can download client here. Turn off your antivirus, as it could recognize
it as spam or virus because of high encryption."

Other than the grammar this is pretty much the advice Battlefront already
give out about their e-licensing though, isn't it?

I also got an email from a government department here urging me to click on
a link to get some files with a sig saying they never send out emails asking
people to click on links - rang them, it was legit! <g>

Regards,
Mike Kreuzer
www.mikekreuzer.com 

On Mar 24, 3:00=A0am, "eddyster...@hotmail.com"
<eddyster...@hotmail.com> wrote:
> Hi,
>
> Looks like they got hacked and customers are now getting an email
> supposedly from them asking them to install some update software - one
> halfwit already did that - the results here :
>
> http://simhq.com/forum/ubbthreads.php/topics/2981560/WARNING_Do_not_i...
>
> The Battlefront site is down so they're probably dealing with it right
> now
>
> Greetz,
>
> Eddy Sterckx

I got that email. I couldn't decide whether Battlefront had been
hacked or if they were dumb enough to send out an email with a .exe.
The bad grammar in the message could have gone with either ...

On 23/03/2010 10:00 AM, eddysterckx@hotmail.com wrote:
> Hi,
>
> Looks like they got hacked and customers are now getting an email
> supposedly from them asking them to install some update software - one
> halfwit already did that - the results here :

>
> Eddy Sterckx
>

Haha...that "halfwit" is a cop.

In article <4ba92b3f$1@dnews.tpgi.com.au>, mike@FIRSTNAMEkreuzer.com 
says...

> "We are proudly presenting new update client for all games from battlefront
> for FREE.

Is this the hook?

So what?

It needs to be said - and strongly - that this is *not* a problem with 
Battlefront.

It's a problem with dickweeds.

Just about any sucmbag anywhere can send an email that purports to come 
from *anywhere*.

Trust me.  I could spam an email to every email address ever reported in 
this group.  I could represent myself as anything from 
"eddysterkkkkx@eurostan.com" to 
"stevieballmer@microsoft.securitttty.com.

Would you trust this email?  

If so, FAIL at basic security.

-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

In article <e339e4c2-03ca-4057-bd66-9a0db675d6c0
@b7g2000yqd.googlegroups.com>, mike.mcglumphy@gmail.com says...

> The sad thing is that even though they have a maintenance message on
> their front page, they are still serving up the infected file.

Who says?

So far as I can see, they're *not* serving up any infected files; some 
spammer is serving up a phishing email attack, and fuckwitted lusers are 
falling for it.



-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

>
> Who says?
>
> So far as I can see, they're *not* serving up any infected files; some
> spammer is serving up a phishing email attack, and fuckwitted lusers are
> falling for it.
>
> --
> Giftzwerg
> ***

I says. The link in the email directly points to
http://www.battlefront.com/products/bXXXXXXX_client.exe - (File name
changed to protect the innocent).

When the email went out, that file was *on* the Battlefront web
server. That was not technically a phishing email. The hackers likely
hacked into the web server, uploaded the file to the Battlefront web
server, and sent out the email from Battlefront's servers with links
pointing back to official Battlefront servers. (Or, less likely,
pointed DNS to hacker servers).

Looks like Battlefront have finally taken the server completely
offline. So, the file is finally no longer available. But, most of the
day that file was still download-able to the uninformed. Those
"lusers" were downloading a file that, as far as they could tell, was
created by and coming from Battlefront.

"Giftzwerg" <giftzwerg999@hotmail.com> wrote in message
news:MPG.261338bf6ce4b1d0989840@localhost...
> In article <4ba92b3f$1@dnews.tpgi.com.au>, mike@FIRSTNAMEkreuzer.com
> says...
>
>> "We are proudly presenting new update client for all games from
>> battlefront
>> for FREE.
>
> Is this the hook?
>
> So what?
>
> It needs to be said - and strongly - that this is *not* a problem with
> Battlefront.
>

I feel for them, and as the email pointed to a link on their site I
can also see how the guy fell for it & I feel for him too, amateurish though
that part of the scam was.

Battlefront have pulled the plug on their site which is the best
they could do in the first instance, but now I'd really like to have some
kind of assurance that my credit card details are still secure.

> It's a problem with dickweeds.
>

[snip]

No question.

Regards,
Mike Kreuzer
www.mikekreuzer.com 

On 23 mrt, 21:57, "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote:

> "We are proudly presenting new update client for all games from battlefront
> for FREE.

The missing "a" between "presenting" and "new" is a dead give-away of
a scam, probably originating in Asia.

> You can download client here.

Notice the missing "the" ? - again the Asian connection.

> Turn off your antivirus, as it could recognize
> it as spam or virus because of high encryption."
>
> Other than the grammar this is pretty much the advice Battlefront already
> give out about their e-licensing though, isn't it?

LOL - no, the real Battlefront usually tells people to disable their
firewall too :)

Greetz,

Eddy Sterckx

On 24 mrt, 04:34, McGlu <mike.mcglum...@gmail.com> wrote:
> > Who says?
>
> > So far as I can see, they're *not* serving up any infected files; some
> > spammer is serving up a phishing email attack, and fuckwitted lusers are
> > falling for it.
>
> > --
> > Giftzwerg
> > ***
>
> I says. The link in the email directly points tohttp://www.battlefront.com/products/bXXXXXXX_client.exe- (File name
> changed to protect the innocent).
>
> When the email went out, that file was *on* the Battlefront web
> server. That was not technically a phishing email. The hackers likely
> hacked into the web server, uploaded the file to the Battlefront web
> server, and sent out the email from Battlefront's servers with links
> pointing back to official Battlefront servers. (Or, less likely,
> pointed DNS to hacker servers).
>
> Looks like Battlefront have finally taken the server completely
> offline. So, the file is finally no longer available. But, most of the
> day that file was still download-able to the uninformed. Those
> "lusers" were downloading a file that, as far as they could tell, was
> created by and coming from Battlefront.

Wow - ok, in that case I can understand the slightly less paranoid
then me falling for it, but still ...

There's a reason why most corporate pc's won't allow users to disable
their anti-virus software. People are gullible.

Greetz,

Eddy Sterckx

On 23/03/2010 6:47 PM, Giftzwerg wrote:
>and fuckwitted lusers are
> falling for it.

It's nice to see Giftzstain thinks so highly of his fellow man.

In article <f1c89b90-72b2-483e-a00d-f44d07f05a94
@k13g2000yqe.googlegroups.com>, mike.mcglumphy@gmail.com says...
> 
> >
> > Who says?
> >
> > So far as I can see, they're *not* serving up any infected files; some
> > spammer is serving up a phishing email attack, and fuckwitted lusers are
> > falling for it.

> I says. The link in the email directly points to
> http://www.battlefront.com/products/bXXXXXXX_client.exe - (File name
> changed to protect the innocent).

Ah.  The dreaded "blended" phishing attack.  

> When the email went out, that file was *on* the Battlefront web
> server. That was not technically a phishing email. The hackers likely
> hacked into the web server, uploaded the file to the Battlefront web
> server, and sent out the email from Battlefront's servers with links
> pointing back to official Battlefront servers. (Or, less likely,
> pointed DNS to hacker servers).
> 
> Looks like Battlefront have finally taken the server completely
> offline. So, the file is finally no longer available. But, most of the
> day that file was still download-able to the uninformed. Those
> "lusers" were downloading a file that, as far as they could tell, was
> created by and coming from Battlefront.

Do you have a copy of the email and the downloaded file?  I'd like to 
look at both.

-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

In article <f7d67b43-a52e-4a45-bc3a-2e5e7a1487a4
@g19g2000yqe.googlegroups.com>, eddysterckx@hotmail.com says...
> On 23 mrt, 21:57, "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote:
> 
> > "We are proudly presenting new update client for all games from battlefront
> > for FREE.
> 
> The missing "a" between "presenting" and "new" is a dead give-away of
> a scam, probably originating in Asia.

<cackle>

Given the amply-demonstrated literacy of Battlefront minions in their 
forums, this would seem to demonstrate the validity of the email.

> > You can download client here.
> 
> Notice the missing "the" ? - again the Asian connection.

I'm pulling up the corners of my eyes as I read this.

"You velly nice Amerigan.  Download file chop-chop."

> > Turn off your antivirus, as it could recognize
> > it as spam or virus because of high encryption."
> >
> > Other than the grammar this is pretty much the advice Battlefront already
> > give out about their e-licensing though, isn't it?
> 
> LOL - no, the real Battlefront usually tells people to disable their
> firewall too :)

But they only tell you this when their DRM servers are down.

-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

On 24 mrt, 12:56, Giftzwerg <giftzwerg...@hotmail.com> wrote:
> In article <f7d67b43-a52e-4a45-bc3a-2e5e7a1487a4
> @g19g2000yqe.googlegroups.com>, eddyster...@hotmail.com says...
>
> > On 23 mrt, 21:57, "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote:
>
> > > "We are proudly presenting new update client for all games from battl=
efront
> > > for FREE.
>
> > The missing "a" between "presenting" and "new" is a dead give-away of
> > a scam, probably originating in Asia.
>
> <cackle>
>
> Given the amply-demonstrated literacy of Battlefront minions in their
> forums, this would seem to demonstrate the validity of the email.
>
> > > You can download client here.
>
> > Notice the missing "the" ? - again the Asian connection.
>
> I'm pulling up the corners of my eyes as I read this.
>
> "You velly nice Amerigan. =A0Download file chop-chop."

I work with Japanese guys day in and day out and almost all of them
have a problem with articles - the grammatical ones - like "the" or
"a" when they write English. The reason is simple : these don't exist
in Japanese (or Chinese). So when I read the text of the mail I
immediatly saw this as written in Asia, and not by the a USA-nian or
German as is the case with Battlefront.

> > LOL - no, the real Battlefront usually tells people to disable their
> > firewall too :)
>
> But they only tell you this when their DRM servers are down.

I'm not joking - that's what they do tell people who have trouble
activating their game at their licence server.

Greetz,

Eddy Sterckx

On 24 mrt, 12:53, Giftzwerg <giftzwerg...@hotmail.com> wrote:
> In article <f1c89b90-72b2-483e-a00d-f44d07f05a94
> @k13g2000yqe.googlegroups.com>, mike.mcglum...@gmail.com says...

> > Looks like Battlefront have finally taken the server completely
> > offline. So, the file is finally no longer available. But, most of the
> > day that file was still download-able to the uninformed. Those
> > "lusers" were downloading a file that, as far as they could tell, was
> > created by and coming from Battlefront.
>
> Do you have a copy of the email and the downloaded file? =A0I'd like to
> look at both.

I double-checked my spam filter and although I do receive their
newsletter and they should have me on file as a customer I did not get
this mail - somehow I feel left out :)

Greetz,

Eddy Sterckx

<eddysterckx@hotmail.com> wrote on 24.03.2010 07:47 GMT the message
news:f7d67b43-a52e-4a45-bc3a-2e5e7a1487a4@g19g2000yqe.googlegroups.com

> On 23 mrt, 21:57, "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote:
>
>> "We are proudly presenting new update client for all games from
>> battlefront for FREE.
>
> The missing "a" between "presenting" and "new" is a dead give-away of
> a scam, probably originating in Asia.
>
>> You can download client here.
>
> Notice the missing "the" ? - again the Asian connection.

Linguistical analysis is already widely in use trying to detect the source
or sender of 'e-malmail', thus also in case of phishing e-mails without
proper malware. This is a valid method of investigation, often (or better
sometimes) helping to track down the perpetrators. However, dropping
articles and pronouns is not necessarily a hint to a "Asian connection".
There are so many peoples speaking bad English... Some 'e-malmails'
featuring this lexical weakness reportedly originated from Central East
Europe.

I do not recommend the following, but it might reveal interesting
things... Take a malware like "filename.ext", rename it as
""filename.ext.txt", open it in a simple editor and look for ASCII
content.

Greetings, PY 

"McGlu" <mike.mcglumphy@gmail.com> wrote on 24.03.2010 03:34 GMT the
message
news:f1c89b90-72b2-483e-a00d-f44d07f05a94@k13g2000yqe.googlegroups.com

>> So far as I can see, they're *not* serving up any infected files; some
>> spammer is serving up a phishing email attack, and fuckwitted lusers
>> are falling for it.
>>
>> --
>> Giftzwerg
>> ***
>
> I says. The link in the email directly points to
> http://www.battlefront.com/products/bXXXXXXX_client.exe - (File name
> changed to protect the innocent).
>
> When the email went out, that file was *on* the Battlefront web
> server. That was not technically a phishing email. The hackers likely
> hacked into the web server, uploaded the file to the Battlefront web
> server, and sent out the email from Battlefront's servers with links
> pointing back to official Battlefront servers. (Or, less likely,
> pointed DNS to hacker servers).

By this everything is suspect, the hackers (having penetrated the
Battlefront web) might have infected other files too, without mentioning
them in those fake e-mails and ever before they started the mass mailing.
Battlefront will have to re-build the site starting from a secure backup.

> Looks like Battlefront have finally taken the server completely
> offline. So, the file is finally no longer available. But, most of the
> day that file was still download-able to the uninformed. Those
> "lusers" were downloading a file that, as far as they could tell, was
> created by and coming from Battlefront.

Even so, it is always advisable to check on the website if the proposed
service or file is real as well as to access the web page describing it.
Did Battlefront really propose such a service file?! The hacker could
replace a good file by an infected one. A web page should always give the
exact size of the download file -- measured in bytes, nothing like "1.2
MB". Some smart visitor might realize that something changed and warn the
website.

Greetings, PY

On 24 mrt, 14:04, "Paul Ney" <Paul_...@t-online.de> wrote:

> Linguistical analysis is already widely in use trying to detect the source
> or sender of 'e-malmail', thus also in case of phishing e-mails without
> proper malware.

I sometimes reply to those phishing mails with a "let's do business,
call me" ... and then give them the telephone number of the FBI
cybercrime squad :)

> This is a valid method of investigation, often (or better
> sometimes) helping to track down the perpetrators. However, dropping
> articles and pronouns is not necessarily a hint to a "Asian connection".

Granted - but going by my mailbox it's especially a Japanese/Chinese
thing.

Greetz,

Eddy Sterckx

In article <hod2lp$20c$02$2@news.t-online.com>, Paul_Ney@t-online.de 
says...

> > When the email went out, that file was *on* the Battlefront web
> > server. That was not technically a phishing email. The hackers likely
> > hacked into the web server, uploaded the file to the Battlefront web
> > server, and sent out the email from Battlefront's servers with links
> > pointing back to official Battlefront servers. (Or, less likely,
> > pointed DNS to hacker servers).
> 
> By this everything is suspect, the hackers (having penetrated the
> Battlefront web) might have infected other files too, without mentioning
> them in those fake e-mails and ever before they started the mass mailing.
> Battlefront will have to re-build the site starting from a secure backup.

Hmmm.  How do you get a "secure backup" when the "frontup" wasn't 
secure?


-- 
Giftzwerg
***
"Just look at what has been happening for the last three days; the so
called skeptics haven't noted it because it's not snow. But the
downpours and heavy winds are consistent with what the scientists have
long warned about."
                                        - Al Gore
"Ah, yes.  'Weather != Climate.'  Except when a warmist / alarmist finds
some weather that's .00001% off average for a specific day."
                                        - Giftzwerg

> Looks like they got hacked and customers are now getting an email
> supposedly from them asking them to install some update software - one
> halfwit already did that - the results here :
>
> http://simhq.com/forum/ubbthreads.php/topics/2981560/WARNING_Do_not_install_from_Ba.html#Post2981560
>
> The Battlefront site is down so they're probably dealing with it right
> now

I wonder why someone should bother to do all the necessary hacking for such 
a niche site (no pun intended). Either he is the usual "disgruntled" (*) 
whathever, or they used Battlefront as a testbed and now they they plan to 
repeat the stunt with a bigger website.

(*) An adjective that goes well with D&D, BTW: the Disgruntled Goblin, the 
Disgruntled Werelich, the Curse of the Disgruntled Manor... 

On 24 mrt, 16:14, "Vincenzo Beretta" <reck...@hotmail.com> wrote:

> I wonder why someone should bother to do all the necessary hacking for such
> a niche site (no pun intended). Either he is the usual "disgruntled" (*)
> whathever, or they used Battlefront as a testbed and now they they plan to
> repeat the stunt with a bigger website.

I say it's the latter.

What I heard is that they already fixed the problem but are waiting to
get their website software elicence validated again - it could take a
week, they're being accused of piracy :)

Anyone know if you can still install a battlefront elicence infected
game right now ?

Greetz,

Eddy Sterckx

>
> Do you have a copy of the email and the downloaded file? =A0I'd like to
> look at both.
>
> --
> Giftzwerg
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 - Giftzwerg

I only have the email. Full source with my full email address xxx'ed
out...


Delivered-To: xxxxxxxxxxx@gmail.com
Received: by 10.213.16.129 with SMTP id o1cs72694eba;
        Tue, 23 Mar 2010 06:11:13 -0700 (PDT)
Received: by 10.142.150.37 with SMTP id x37mr1519237wfd.
97.1269349872043;
        Tue, 23 Mar 2010 06:11:12 -0700 (PDT)
Return-Path:
<SRS0=3Dc5ac8e96f672fac7a2880cc597f443fe26ee986c=3D355=3Dbattlefront.com=3D=
bounce@battlefront.com>
Received: from mail.battlefront.com (mail.battlefront.com
[216.121.6.209])
        by mx.google.com with ESMTP id 17si2092942pzk.
81.2010.03.23.06.11.11;
        Tue, 23 Mar 2010 06:11:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of
SRS0=3Dc5ac8e96f672fac7a2880cc597f443fe26ee986c=3D355=3Dbattlefront.com=3Db=
ounce@battlefront.com
designates 216.121.6.209 as permitted sender) client-ip=3D216.121.6.209;
Authentication-Results: mx.google.com; spf=3Dpass (google.com: domain of
SRS0=3Dc5ac8e96f672fac7a2880cc597f443fe26ee986c=3D355=3Dbattlefront.com=3Db=
ounce@battlefront.com
designates 216.121.6.209 as permitted sender)
smtp.mail=3DSRS0=3Dc5ac8e96f672fac7a2880cc597f443fe26ee986c=3D355=3Dbattlef=
ront.com=3Dbounce@battlefront.com
Return-Path: <bounce@battlefront.com>
Received: from www.battlefront.com (mail.battlefront.com
[216.121.6.209])
        by mail.battlefront.com (Battlefront.com Mail Server) with
ESMTP id FQI63310
        for <xxxxxxxxxxx@gmail.com>; Tue, 23 Mar 2010 07:11:10 -0600
Date: Tue, 23 Mar 2010 07:11:10 -0600
Return-Path: bounce@battlefront.com
To: Michael McGlumphy <xxxxxxxxxxx@gmail.com>
From: Battlefront Newsletter <newsletter@battlefront.com>
Subject: We are proudly presenting new update client for all games
from battlefront for FREE.
Message-ID: <29f581e9c9db04eda2f92729ceee84c2@www.battlefront.com>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
X-Mailer: SM2 Email Marketing
X-SM2MessageID: 227
Precedence: bulk
X-SM2Recipient: xxxxxxxxxxx@gmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=3D"b1_29f581e9c9db04eda2f92729ceee84c2"


--b1_29f581e9c9db04eda2f92729ceee84c2
Content-Type: text/plain; charset =3D "iso-8859-1"
Content-Transfer-Encoding: 8bit

Battlefront Press Release 23 March 2010

---

We are proudly presenting new update client for all games from
battlefront for FREE.

You can download client here. Turn off your antivirus, as it could
recognize it as spam or virus because of high encryption.

http://www.battlefront.com/products/battlefront_client.exe

---

View an online version of this newsletter here:

http://www.battlefront.com/index.php?option=3Dcom_sm2emailmarketing&task=3D=
showarchivemessage&id=3D227&Itemid=3D32

---

Click Here to confirm that you wish to unsubscribe
http://www.battlefront.com/index.php?option=3Dcom_sm2emailmarketing&task=3D=
unsubscribe&email=3DMike.Kenihan@gmail.com&code=3D1e3176d72c98668f9197024e3=
7f88d53


--b1_29f581e9c9db04eda2f92729ceee84c2
Content-Type: text/html; charset =3D "iso-8859-1"
Content-Transfer-Encoding: 8bit

Battlefront Press Release 23 March 2010

---

We are proudly presenting new update client for all games from
battlefront for FREE.

You can download client here. Turn off your antivirus, as it could
recognize it as spam or virus because of high encryption.

http://www.battlefront.com/products/battlefront_client.exe

---

View an online version of this newsletter here:

http://www.battlefront.com/index.php?option=3Dcom_sm2emailmarketing&task=3D=
showarchivemessage&id=3D227&Itemid=3D32

---

Click Here to confirm that you wish to unsubscribe
http://www.battlefront.com/index.php?option=3Dcom_sm2emailmarketing&task=3D=
unsubscribe&email=3Dxxxxxxxxxxx@gmail.com&code=3D2ee8c53eb0eed1a003dd32d50c=
d77147



--b1_29f581e9c9db04eda2f92729ceee84c2--

On 24 mrt, 16:24, "eddyster...@hotmail.com" <eddyster...@hotmail.com>
wrote:
> On 24 mrt, 16:14, "Vincenzo Beretta" <reck...@hotmail.com> wrote:
>
> > I wonder why someone should bother to do all the necessary hacking for such
> > a niche site (no pun intended). Either he is the usual "disgruntled" (*)
> > whathever, or they used Battlefront as a testbed and now they they plan to
> > repeat the stunt with a bigger website.
>
> I say it's the latter.

We're both wrong - it was a hacker trying to blackmail Battlefront.

The forums are back up and here's the official Battlefront
announcement/explanation :

Information about recent disruption of services :

As many of you already know, our server got hacked. It's not the first
time, unfortunately. However, this is the first time someone tried to
blackmail us into paying them money to make them go away. Since
blackmailers are by their very nature untrustworthy, the thought of
paying these criminals never entered our minds.

Ironically we were already preparing to move to a new server when the
first attack happened. The breach was isolated within an hour or so of
happening, blocked, and additional steps taken to make sure a future
hack couldn't spill out of the area he got into. For a while it
appeared we were keeping him out (there were many subsequent attacks
that were deflected) and it was buying us time to complete setting up
our new server which was already partially complete prior to the first
attack.

Yesterday (March 23, 2010) the lowlife hacker got in again to the same
place he got into before. He attempted to send an email to all our
customers using the "newsletter" feature of our storefront software.
The email contained a link to a virus of some sort, which we removed
from our server very quickly. A large percentage of the emails were
still in the outgoing email queue and were deleted before they were
sent.

At this point the server was shut down completely and we switched the
DNS (Internet directory) over to our new server so we could start the
transition. This had the negative side effect of preventing us from
alerting you all about what was going on. Especially because the DNS
change over took about twice as long as it should have due to a
backlog of requests at our server host.

For the last two days we have been moving over several GB of data
between the old server and the new, purging any suspicious files, and
reconfiguring the website to function with MacOS Snow Leopard Server
instead of the previous Windows Server. The superior stability and
security of MacOS Server is one of the reasons we were making the
change anyway.

The short of it is the hacker did not do much of any significance. At
no time did the hacker have any access to sensitive customer data.
More importantly the hacker could NEVER have gained access to customer
credit card information because that information is only used
virtually in the SSL (secured connection) when the order is placed.
What that means it is NEVER saved to our server's disk. NEVER.
Passwords and other critical account information are stored in
encrypted files, so even that information was inaccessible to the
hacker.

Our new server has many security features that will prevent the same
kind of attacks we just experienced on our old server. While no
security system is foolproof, we are confident that we are overall
much better protected than we were before.

We are going to take most of the rest of Thursday (March 25, 2010) to
double check the reconfiguration of the webpage services and
storefront before opening it back up to the public. There may be small
outages in the days to come for additional reconfigurations due to the
necessity of rushing the migration process. Once this is done we can
get back to work bringing great wargames to you instead of spending
our time and energy dealing with a cyber terrorist.

We apologize for the inconvenience and thank you for your
understanding.

Battlefront

-

Greetz,

Eddy Sterckx

<eddysterckx@hotmail.com> wrote in message
news:c144bb4a-71a0-4cff-869e-e4a2004e3d7a@g11g2000yqe.googlegroups.com...
> On 24 mrt, 16:14, "Vincenzo Beretta" <reck...@hotmail.com> wrote:
>
>> I wonder why someone should bother to do all the necessary hacking for
>> such
>> a niche site (no pun intended). Either he is the usual "disgruntled" (*)
>> whathever, or they used Battlefront as a testbed and now they they plan
>> to
>> repeat the stunt with a bigger website.
>
> I say it's the latter.
>
> What I heard is that they already fixed the problem but are waiting to
> get their website software elicence validated again - it could take a
> week, they're being accused of piracy :)
>
> Anyone know if you can still install a battlefront elicence infected
> game right now ?
>
> Greetz,
>
> Eddy Sterckx

CMSF plays fine, I don't know about installs.

Apparently no credit card data was touched, though the hackers seem to have
got into the *purchases* emails and been able to wrote files to the server.

http://www.battlefront.com/community/announcement.php?f=73&a=283

Regards,
Mike Kreuzer
www.mikekreuzer.com 

"Mike Kreuzer" <mike@FIRSTNAMEkreuzer.com> wrote in message 
news:4bab0cb2$1@dnews.tpgi.com.au...
> <eddysterckx@hotmail.com> wrote in message
> news:c144bb4a-71a0-4cff-869e-e4a2004e3d7a@g11g2000yqe.googlegroups.com...
>> On 24 mrt, 16:14, "Vincenzo Beretta" <reck...@hotmail.com> wrote:
>>
>>> I wonder why someone should bother to do all the necessary hacking for
>>> such
>>> a niche site (no pun intended). Either he is the usual "disgruntled" (*)
>>> whathever, or they used Battlefront as a testbed and now they they plan
>>> to
>>> repeat the stunt with a bigger website.
>>
>> I say it's the latter.
>>
>> What I heard is that they already fixed the problem but are waiting to
>> get their website software elicence validated again - it could take a
>> week, they're being accused of piracy :)
>>
>> Anyone know if you can still install a battlefront elicence infected
>> game right now ?
>>
>> Greetz,
>>
>> Eddy Sterckx
>
> CMSF plays fine, I don't know about installs.
>
> Apparently no credit card data was touched, though the hackers seem to 
> have
> got into the *purchases* emails and been able to wrote files to the 
> server.
>
> http://www.battlefront.com/community/announcement.php?f=73&a=283
>
> Regards,
> Mike Kreuzer
> www.mikekreuzer.com

Gack, you beat me by *seconds.*

Regards,
Mike Kreuzer
www.mikekreuzer.com 

On 25 mrt, 08:12, "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote:
> "Mike Kreuzer" <m...@FIRSTNAMEkreuzer.com> wrote in message
>
> news:4bab0cb2$1@dnews.tpgi.com.au...
>
>
>
>
>
> > <eddyster...@hotmail.com> wrote in message
> >news:c144bb4a-71a0-4cff-869e-e4a2004e3d7a@g11g2000yqe.googlegroups.com...
> >> On 24 mrt, 16:14, "Vincenzo Beretta" <reck...@hotmail.com> wrote:
>
> >>> I wonder why someone should bother to do all the necessary hacking for
> >>> such
> >>> a niche site (no pun intended). Either he is the usual "disgruntled" (*)
> >>> whathever, or they used Battlefront as a testbed and now they they plan
> >>> to
> >>> repeat the stunt with a bigger website.
>
> >> I say it's the latter.
>
> >> What I heard is that they already fixed the problem but are waiting to
> >> get their website software elicence validated again - it could take a
> >> week, they're being accused of piracy :)
>
> >> Anyone know if you can still install a battlefront elicence infected
> >> game right now ?
>
> >> Greetz,
>
> >> Eddy Sterckx
>
> > CMSF plays fine, I don't know about installs.
>
> > Apparently no credit card data was touched, though the hackers seem to
> > have
> > got into the *purchases* emails and been able to wrote files to the
> > server.
>
> >http://www.battlefront.com/community/announcement.php?f=73&a=283
>
> > Regards,
> > Mike Kreuzer
> >www.mikekreuzer.com
>
> Gack, you beat me by *seconds.*

Since you're 9 hours ahead of me I beat you by almost a day :)

Greetz,

Eddy Sterckx

"Giftzwerg" <giftzwerg999@hotmail.com> wrote on 24.03.2010 13:39 GMT the
message news:MPG.2613e03756bd18c8989846@localhost

> In article <hod2lp$20c$02$2@news.t-online.com>, Paul_Ney@t-online.de
> says...
>
>> > When the email went out, that file was *on* the Battlefront web
>> > server. That was not technically a phishing email. The hackers likely
>> > hacked into the web server, uploaded the file to the Battlefront web
>> > server, and sent out the email from Battlefront's servers with links
>> > pointing back to official Battlefront servers. (Or, less likely,
>> > pointed DNS to hacker servers).
>>
>> By this everything is suspect, the hackers (having penetrated the
>> Battlefront web) might have infected other files too, without
>> mentioning them in those fake e-mails and ever before they started the
>> mass mailing. Battlefront will have to re-build the site starting from
>> a secure backup.
>
> Hmmm.  How do you get a "secure backup" when the "frontup" wasn't
> secure?

It would be a good deal to keep monthly and weekly backups, then the
webmaster could better re-act and pick up one that seems to be or would be
more safe. Just one backup every 24 hrs, also deleting the previous one,
would represent a weekness in this sense. The webmaster would also 
evaluate the X time -- the time of the attack. A backup time prior to X 
would be more advantageous to work with.

Greetings, PY