Regarding Recent Concerns61
12:51 AM - June 29th, 2009 | Posted in Site News | By: ReeGed
To answer the concerns some of our users have shown in the past week concerning the activities of specifically one editor, we’ve decided to release this statement:
As the past clearly shows, one of the main concerns of the ZeroSec admins is user security. You’ll find plenty (plenty is really an understatement) of “warez” related sites out there that either purposefully push malware and virii onto their unsuspecting users, or make use of ads that serve such things because its better for business. I hope you can all see that we take our visitor security extremely seriously, which you can tell from our policy and past dealings with phishing links.
ZeroSec admins don’t intrude on what the editors do outside of ZeroSec related work, so it came as a surprise to us when we found out JordanT92 (also known as JoeyT92) has been stealing login information for all sorts of things by releasing trojaned applications on usenet. The hosting he used to do this (which belongs to a friend of his) got hacked and this information was released by the hacker. While JordanT92’s actions wont have affected ZeroSec users, since this server also contained some ZeroSec posting tools we have now been implicated in this ordeal - which is why we’ve decided to make this public explanation. Mupet0000 although accused in the NFO got roped into this mess because he’s been acquainted with JordanT92 since before they both joined ZS.
We make it our priority to ensure user security, which is why, after an investigation we’ve decided to revoke the editorial privileges and distance ourselves from JordanT92 who we discovered was the coder, virus distributor, and primary person responsible.
ZeroSec Admins,
ReeGed, Untamed & Pandaking
June 29th, 2009 at 1:08 am
Fucking scumbag, im glad you got caught out, i just hoope no one lost anything because of him! Has mupet0000 been binned too or what?
June 29th, 2009 at 1:10 am
@ 1 (ViSiTor): mupet0000 is still here, as his only real involvement was knowing Joey.
June 29th, 2009 at 1:11 am
Annoying lil’pricks is what they are.
I saw another site ‘hacked’ too with the same ‘nfo’.
Thanks for the update.
June 29th, 2009 at 1:12 am
To quote the band ‘Something Corporate’,
"F@#k you, Jordan
F@#k you, Jordan
You make me sick!"
June 29th, 2009 at 1:13 am
@ 2 (pandaking):
Ahh, ok. I like Mupet0000, glad he wasnt involved!
June 29th, 2009 at 1:16 am
Looks like the link I posted got read.
June 29th, 2009 at 1:20 am
Whats the best software we can use to see if we were infected?
June 29th, 2009 at 1:22 am
u basterd how dare you do this to us leachers
June 29th, 2009 at 1:23 am
@ 6 (propain): We’ve known about it for the past week, we just wanted to investigate everything thoroughly and properly before we made a decision+public statement.
June 29th, 2009 at 1:24 am
@ 7 (lol): Antivir has one of the best heuristic engines, when you install Aviria set heuristics to high and it will have the best chance of picking up new virii, however it may also give false positives on this setting.
June 29th, 2009 at 1:25 am
I don’t understand anything written in that information file, but I’m glad there are smart people who found out about his slimy tricks. Dickshit should get a taste of jail IMO.
June 29th, 2009 at 1:32 am
AntiVir dont pick up anything in the nfo mentioned files
June 29th, 2009 at 1:35 am
any able to find out what the files it uses was? Like we could hop in the windows folder see if we got it. Just to see if we do.
June 29th, 2009 at 1:48 am
Rofl, thanks ReeGed. And goodbye ZeroSec.ws
If you are infected, don’t worry, the site is down and the data is being sent, but not recieved. Yet.
June 29th, 2009 at 1:50 am
its always young ignorant guys doing that sort of stuff,.. you should only trust hardened scene veterans
June 29th, 2009 at 1:55 am
What a fuckin small dick arse munchin knob jockey!
I hope you find a way of gettin his head smashed in with a piece of Michael Jacksons Decaying body, yeah i didnt like him either obviously.
What an arse bandit.
The rest of you.. you Rock!
June 29th, 2009 at 2:01 am
luls, suck my dick biatch
June 29th, 2009 at 2:15 am
so you asked for donations before you decided to inform people about one of your staff members hacking people
that’s fucked up
June 29th, 2009 at 2:42 am
Thats what happens when you are quick to "hire" more editors. Next time, take your time and if you have to call their parents before you even consider them. LOL. A kid like that obviously doesnt have a penis to play with at night so found a different hobby. Sad story.
June 29th, 2009 at 2:45 am
Ouch. Mupet is in the NFO too, but whatever. I’ll have to trust your judgment.
June 29th, 2009 at 2:46 am
@ 18 (word): There are so many problems within zerosec, I’m not sure they can be counted on both hands. The current editor’s are crap, releases are days late.
*** They are scamming people! ***
Notice how all the so called "admins" are around now, trying to make "cute" or "funny" comments and ask for $$$.
Seems like most can only sense something quite strange, and smell something rotting, as I do.
June 29th, 2009 at 2:49 am
@ 18 (word): We asked for donations to pay for the servers, otherwise we would have had to pay out of our own pockets or shut the site down - we don’t get paid to do this, and do it for your benefit. Also, the editor in question hasn’t posted since early April and we haven’t really seen or heard from him since then. What editors do outside of ZeroSec isn’t really any of our business. We found out about this, and have taken what we deem to be appropriate action.
@ 19 (V): This isn’t some new editor, he’s joined us back in January and as well as making many good posts he has done a lot of work for us “behind the scenes”. As mentioned previously, I generally don’t see it as any of our business what editors do outside of ZeroSec.
@ 21 (lame): I’m sorry you feel like this. I can assure you, you are not being scammed in any way. This is a free service which we provide, and we get nothing out of it other than the warm fuzzy feeling of helping you all out. The donations were not mandatory, and were only to cover server costs. Once again many thanks to those that did donate, and perhaps you should show some gratitude to them as they have helped keep the site running.
June 29th, 2009 at 2:50 am
@21, Yeah … smells like it?
Was just wandering why isnt the donation thingy down yet since you guys reached the goal (even went over 100%). A little extra cash for popcorn?
June 29th, 2009 at 2:58 am
@ 23 (V):
Sometimes people are lazy and don’t like removing things.
June 29th, 2009 at 3:03 am
@ 19 (V): Trust me on this, there is no way of ever knowing who is going to turn out reliable and dedicated. Sometimes the most unexpected turn out to be the biggest assets to the site.
@ 21 (lame): We decide to be open with our users. If you prefer using other sites that send virii and malware your way whilst smiling to your face, then that’s a choice you gotta make on your own.
As for day late posts, we are just catching up on missed releases since we’re having a difficult time at the moment with editors being busy.
@ 23 (V): The option to donate has always been available:
http://www.zerosec.ws/donate
We removed the donation widget from the top of the site when we reached the goal for the server costs (so as to not make it so in-your-face) and left a message notifying users of this (as you can see). The widget is just a nice little tool which displays some additional information, as well as a way of saying thanks to those who did contribute to meet the target.
June 29th, 2009 at 3:47 am
as being a long time reader (pre ZS days) and forum user/reader thanx to the staff once again for being open and honest with your readers it IS appreated by some anyway……..
June 29th, 2009 at 4:54 am
muppet0000 better not be involved.
have u tried digging deeper?
anyway,
as long as pandaking stays, i stay
he is KING
June 29th, 2009 at 5:58 am
@ 26 - 7SeVeN7
well sad 7SeVeN7, atleast Zerosec staff is honest to readers, for letting us know whos is the scammer and what steps has been taken to remove such aholes.
Btw, all HAIL to Zerosec admins. lol
June 29th, 2009 at 6:06 am
Ooo, so thats why theplanet.com datacenter shows up in my logs sooo often.
Enjoy my passwords, server detils, etc
Thanks for letting us know ZeroSec.
June 29th, 2009 at 7:00 am
Sorry maybe I’m a n00b, but I have a stupid question…
If this site posts less than a third of even the ’semi’ large releases, posts these releases hours if not more often than not DAYS after all other release sites, has admin trying to INFECT us and STEAL from from us and is now asking for our money to pay for the for-mentioned points… why should ANYONE come here?
Im off…
Oh and on a final note… if you guys really knew about this shit a week ago and still decided to ask for our cash before telling us, I think thats pretty much paramount to STEALING / FRAUD , as I would certainly have felt differently about parting with my cash having been informed of what YOU ALREADY KNEW ABOUT!!!
Bye…
June 29th, 2009 at 8:04 am
I first read about the alt.binz hack here:
http://filesharingtalk.com/vb3/f-newsgroups-79/t-altbinz-users-beware-you-have-been-comprimised-356630
So its been at least a week that they knew about it.
Where is everyone else getting their latest scene info from now? Doesnt seem like ZS will be it for much longer for me.
June 29th, 2009 at 8:30 am
@ 30 (Me): We’ve been slow this month due to most of our editors being on holiday or busy studying for exams. In the past week we’re almost back to our normal high standard and speed. Joey/Jordan wasn’t an admin, and hadn’t been active or on IRC for weeks so this is why it came as a shock to us and why it took us a while to get it sorted out and make this statement. I’m sorry you feel that way but I hope you can see that we as a site do not condone this kind of activity at all, and took appropriate action as soon as we had all the facts.
@ 31 (davus): If we had been contacted directly by the alt.binz coder aka the hacker we would of got this all sorted alot sooner instead of having to get second-hand information from other sources.
EDIT: #100000 comment
June 29th, 2009 at 9:03 am
It’s refreshing to see an honest and highly transparent investigative decision making process being engaged as a mechanism to deal with the solitary (and largely inactive) ‘rogue’ editor and the path he chose to take here at ZS.
I’m reading clear and unequivocal statements from the Administrators, statements that extend well beyond what could be typically expected from any system. I see no attempts at obfuscation and certainly nothing but an openness and a determined willingness to engage the user-base and answer any legitimate questions.
Apart from the few fairly obvious trolls who have posted here a majority of the comments seem intelligent and constructive, comments that reflect a collective desire to move forward now that this issue has been dealt with.
June 29th, 2009 at 9:17 am
Look, guys at ZeroSec.. let the ones that think your scamming us think that way and dont defend yourself on a stupid claim, the people that really appreciate your effort know you didnt screw anyone over, you guys got screwed over by someone that you thought was helping us with the latest releases.
Im also pretty sure lately people havent seen the message letting us all know that the reviews may be slow as some of you guys have more important things going on with school commitments etc right now. Stop flaming these guys and just use another site then if your not happy, instead of having a go at them. Go to the thousand ad dog site where a 1/4 of the links are fake, passworded or just rubbish that the admins keep lettin links being posted. Not to mention the page changing to an ad every 3 mins.
You guys will win in the end!!
June 29th, 2009 at 9:21 am
Final nail in the coffin for me. Seems this website and its editors simply cannot be trusted, never mind the lack of quality posting.
Back to rlslog I go!
June 29th, 2009 at 9:42 am
LOL. I just have to laugh at the people claiming that they are being defrauded or having their details/money stolen….on a warez site.
It’s like a mugger bitching if someone mugs him.
June 29th, 2009 at 10:09 am
@ 35 (Dave): If you think you can find “quality” posts at that other site I wish you the best of luck as I’m sure you’re going to need it. As said in the post, we take security very seriously, we pride ourselves on having a good anti-phishing system, and with the new report comment feature I’m coding it will be even better.
June 29th, 2009 at 10:15 am
Would be helpful for someone to post information on how to find out if your infected (what files the Trojan creates etc) and how to remove them??
Also is it the "cracked" version of alt.binz that is sending the passwords to them or an exe that in put on your system?
Thanks!
June 29th, 2009 at 10:39 am
@36 (membreya) So true, so true!! lol
I personally appreciate the honesty relating to this incident and I love the site because of the ‘relative safety’ and lack of crappy advertising.
If people dont like the site, go somewhere else and revel in the trojan infested waters that are dime a dozen and whilst you are waiting for your AV to reme infection you can browse through all the lovely pop-up adverts!
June 29th, 2009 at 12:22 pm
Any version above .30 is infected, .28 and .25 (Free) are fine.
June 29th, 2009 at 1:30 pm
You should really have mentioned that ZeroSec itself was not infected at all. People seem to think that he got login details just from people coming to this site… Should clarify that.
I don’t see how ZeroSec asking for donations has anything to do with a single inactive editor uploading a trojan or two to binary newsgroups.
June 29th, 2009 at 1:50 pm
@ 34 PearlJamAussie
You are without a doubt the worlds BIGGEST ass kiss… if I could be bothered I would go back through past posts and find some other choice ‘brown nosing’ comments by you!! This site is fairly popular in the office where I work (in IT) and you and that Johnny666 guy are kinda like the office joke… keep up the good work you looser!!
June 29th, 2009 at 2:01 pm
To make his virii detectable upload them to Virustotal.com and then install Avira. Within a couple days it will become detected.
June 29th, 2009 at 2:04 pm
"we not that bright so we left our cpanel login data in our leet script"
lol pwned
June 29th, 2009 at 2:23 pm
just to clear this up only people using the usenet client alt.binz are even remotely effected and thats only if they have downloaded the non free client off of usenet. there is no evidence to suggest that any links on the site are infected AT ALL (incuding all nzb’s) and the infected application has not been posted at all on the site. tbh this will not likely effect most who use the site as i doubt many people here even use usenet to get their stuff let alone use the alt.binz program
June 29th, 2009 at 2:34 pm
Jordan got pwnt and now he wont be welcome anywhere
June 29th, 2009 at 3:54 pm
Oh noes! Aww, il have to change my nickname now, so what. I don’t understand why you are all bitching at ZeroSec.ws, I created and hosted many ZeroSec tools and when my website went down, so did the tools, and all nfo’s that where hosted there redirected to the text file RDL created. ZeroSec was not involved in this at all, I created the trojan after i’d finished with ZS, I was just hosting the files there for them. And none of you are infected, you would know by now if you were infected.
@44. Just pure laziness, I couldn’t be assed making a new ftp for the trojan. Also, the version of the virus you’re all talking about is OLD and doesn’t even work anymore, the new one gives me full access to the infected users files and entire computer. Goodbye ZeroSec, and goodbye JordanT92.
June 29th, 2009 at 4:04 pm
Why does the nfo talk about python scripts when the trojan is an exe?
June 29th, 2009 at 4:07 pm
The trojan was created using Python 2.5, then compiled into an exe with py2exe.
June 29th, 2009 at 4:45 pm
meh…………think you would put ur talents to better more constructive uses………..