 |
Hello people! Ill get right into it, I'm a novice level cybersecurity enthusiast, and I've been enjoying playing OG MW3 on Steam (The game is P2P networking). But, there is a bot player in the game named "Nelson" from Buenos Aires, Argentina, that is allegedly using the game's Hosts connection to access the computer and plant malware used to mine Crypto currency. If you are host, it plays out like this. Your game minimizes, a terminal appears for 3 seconds, and then your game crashes I was able to screenshot the terminal. Upon investigation of event logs from the time of the screen shot, i discovered: - EventID 16384 [ Qualifiers] 16384 Impact: Mostly informational, but can cause, for example, full-screen games or applications to minimize unexpectedly. - EventID 16394 [ Qualifiers] 49152 Impact: Mostly benign, but if occurring rapidly, it can indicate underlying system instability or cause minor performance issues. - EventID 7040 [ Qualifiers] 16384 Windows Event ID 7040 is an informational log generated by the Service Control Manager indicating a change in a Windows service's start type (e.g., from manual to automatic). It is commonly used to track configuration changes but, when appearing frequently or for security services, can indicate suspicious behavior, such as malware disabling protection Upon investigating Event ID's 16384 & 16394 I discovered that in windows Services the Software Protection Service was disabled. I opened Powershell and ran sfc /scannow and it came back normal with no integrity violations. Earlier in the week i was able to collect a Netstat -ano from when this was happening to me, I also have a wireshark file saved from it too, if anyone has any ideas as to what exactly is happening and how it works and wants to look into more out of curiosity, I can provide those to you if you want to look into it yourself. EDIT: This is not that serious to me, but mainly a fun outlet for me to attempt to utilize some skills and learn something new in a practical manner. I want to learn exactly what this person is doing, how it works and what can be done to protect yourself from this. [link] [comments] |
from hacking: security in practice https://ift.tt/n8cVhIM
Comments
Post a Comment