Xbox ‘Emulator’ Front For Online Money-Making Scam
By Brian McWilliams, Newsbytes May 9 2002 11:55AM
A new fraud by Internet scam artists attempts to tap into video game aficionados’ burning desire to play Microsoft Xbox games on their personal computers.
An “Xbox emulator” currently being offered for free on the Web is actually a Trojan horse designed to covertly rack up money for its authors using pay-for-click and other schemes, malicious code experts said.
Instead of enabling users to run popular Xbox games such as “Halo” on their PCs, executing the fake emulator’s installation program, “EMU_xbox.exe”, merely produces error messages.
All that’s installed on the victim’s PC is a “back door” program called “NetBUIE.exe”, which silently attempts to contact numerous remote servers, including four operated by Microsoft and two by online advertising network DoubleClick, according to a preliminary analysis by TruSecure Corporation.
“It’s obviously greyware or scaliwag-ware of some sort,” said Roger Thompson, director of malicious code research for TruSecure.
According to Thompson, the program may generate revenues for its creators by tallying up ad impressions and click- throughs at some of the remote Web sites.
According to a counter service used by the back-door program at Microsoft’s Bcentral.com site, NetBUIE has contacted the Fastcounter site nearly 4 million times.
The fraudulent program appears to draw its name from NetBEUI, which is spelled differently and stands for NetBios Enhanced User Interface, a standard Windows networking protocol.
In a further effort to prevent infected users from detecting or uninstalling the back door, the authors of NetBUIE.exe gave the program’s file attributes an air of legitimacy. When viewed using the Windows “file properties” feature, the program shows a Microsoft copyright notice and is described as a “Network Connection Verification Utility.”
Nearly 30,000 people have visited the bogus emulator’s download site since mid-April, according to a counter linked from the site. The phony program was the first item listed at Google.com today in a search on the phrase “Xbox emulator.”
One Internet news group user bit by the backdoor program said his firewall reported attempts to access MSN.com, leading him to speculate that NetBUIE.exe was created by Microsoft to monitor users who attempt to avoid paying $299 for its Xbox video game system.
When asked to examine NetBUIE.exe today, Microsoft’s Security Response Center confirmed that the program is not a Microsoft product.
No program by the name NetBUIE.exe or identified as “Network Connection Verification Utility” was currently available at Microsoft’s site.
Launched in November, 2001, Microsoft’s Xbox console is based on a PC-like architecture, yet no functioning Xbox emulators currently exist, according to Gerard Krijgsman, the operator of a site called The Emulator Zone.
“If any Web site claims to offer a working Xbox emulator for download, it is 99.99% likely to be fake,” said Krijgsman.
However, as Krijgsman recently wrote in a notice at his site, “people do want (Xbox emulators). This need creates a dangerous symptom: the fake emulator.”
NetBUIE.exe is not the first such bogus emulator to hit the Internet. In January, a phony PC-based Xbox program was posted to the Web under the name “xBoX-Emulator.0.35.zip” and was featured on the Slashdot technology discussion site.
According to the earlier program’s author, who calls himself “Linar,” xBoX-Emulator consisted only of dummy screen shots and was designed to show how gullible Internet users are and how fast rumors travel in cyberspace.
Linar told Newsbytes that the original program did not contain any malicious code, but that copies available from mirror sites may have been “Trojaned.”
A January bulletin from Symantec warned of malicious code, which it named Trojan.Badcon, being distributed “as a valid program, such as X-Box emulation software.” According to the anti-virus software firm, Trojan.Badcon was designed to exploit a known flaw in Microsoft’s Windows 95 and Windows 98 operating systems, causing them to crash and require a restart.
So far today, anti-virus software sites did not yet appear to have descriptions of the NetBUIE.exe Trojan horse.
The Emulator Zone is at http://www.emulator-zone.com .
Microsoft’s XBox site is at http://www.xbox.com .
Reported by Newsbytes, http://www.newsbytes.com .
© 2001 – 2002 The Washington Post Company
mod chip for the box already in the werks(+working demo given for playing dvdr games)…. so…adala alasan korang nak beli nanti…hehe, no need emulator le, go for the real thing. baru shiok….
citer sket aaaaa..
best ke xbox ni.. aku baru jer beli ps2 utk adik aku…terkopak jap wallet aku 1360rm…
dengar citer xbox nye gfx game lagi kaw2…
You must be logged in to reply to this topic.