Skip to content

Mirai Worm & Beamdog?!

CeyarrecksCeyarrecks Member Posts: 45
in Technical Support
kinda sounds like something a pill is need for ;)
[just mix it the food] :p

I am finding that Beamdog Client.exe is complaining about communicating on the Internet, digging into the process' TCP/IP usage, I find that it seems to want to communicate to "epicrustserver.cf "
Can someone explain WHY?
Especially considering that the #Mirai worm uses the domain epicrustserver[.]cf at port 23823
for its Command & Control communications.
Have any steps been taken to ensure the Player Base's security & welfare online regarding Beamdog Client?

Comments

  • JuliusBorisovJuliusBorisov Member, Administrator, Moderator, Developer Posts: 22,754
    Can you please post a screenshot or two?
  • CeyarrecksCeyarrecks Member Posts: 45
    as indicated by Process Explorer:

    3e9nlbnr35gu.jpg


    reference from bleepingcomputer.com...(very long url) https://tinyurl.com/y442lk9c

    8a4rtr2qp2f3.jpg

    HOSTS file FTW and all,.... :)
  • nivniv Member, Moderator, Developer Posts: 410
    Do you have epicrustserver.cf in your hosts file mapped to 127.0.0.1? That would explain why your DNS resolver shows these addresses in the Local column.
  • CeyarrecksCeyarrecks Member Posts: 45
    yes. of course I use a security-specific HOSTS file, et al.

    I believe the point is missed,...
    the use of epicrustserver OPENS a dire security problem for. the. PLAYER. BASE.
    Hence this post to make more aware.

    So, at least, I await the out-sourced Support ticket, and maybe Atlassian can speak on Beamdog policies,..
  • nivniv Member, Moderator, Developer Posts: 410
    Well, the point I tried to make was:

    * Beamdog Client opens some listening sockets bound to the local interface (127.0.0.1) or to all interfaces (0.0.0.0), for the torrent system that delivers the game data to your system. This is completely benign and expected.
    * You add a host file override that reads (0.0.0.0 epicrustserver.cf) or (127.0.0.1 ...) as part of your blacklisting effort.
    * Then the Windows DNS resolver will use the first entry that matches your hosts file to render the alias, since you checked the checkbox in the screenshot you gave ("Resolve addresses").

    This would make this a presentation issue on your end, and not an actual communication with the displayed host in question.

    To verify, please uncheck said checkbox and let it show what actual IP is displayed.

    Hope that's a bit clearer!
Sign In or Register to comment.

2024 Overhaul Games, a division of Beamdog. © 2024 Hasbro, Inc. All Rights Reserved. Baldur's Gate, Dungeons & Dragons, D&D, Forgotten Realms, Baldur's Gate, Wizards of the Coast and their logos are trademarks of Wizards of the Coast LLC in the U.S.A. and other countries, and are used with permission. Hasbro and its logo are trademarks of Hasbro, Inc. and are used with permission. © 1998 BioWare Corp. All Rights Reserved. BioWare, the BioWare Infinity Engine and the BioWare logo are trademarks of Bioware Corp. Black Isle Studios and the Black Isle Studios logo are trademarks of Interplay Entertainment Corp. Atari and the Atari logo are trademarks owned by Atari Interactive, Inc. All other trademarks are the property of their respective owners.