PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph Retired Staff

    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    EvilSeph
    - on behalf of the Bukkit Project
     
  2. EvilSeph Thanks for bringing this to our attention! :)
     
    Skyost likes this.
  3. Offline

    drucrazy

  4. i thought that part of the file approval process was decompiling jars and checking for things like that. must not be t thorugh if that managed to slip through.
     
    Aengo likes this.
  5. Offline

    ThaSourceGaming

    Thank you for letting us know.
     
  6. Offline

    TheMagicPack

    Thanks for notifying us!
     
  7. Offline

    timtower Ninja on the waves Moderator

    EvilSeph Could you tell what the malicious content was?
     
    tyzoid, Awesomeman2, Archarin and 5 others like this.
  8. Offline

    dreadiscool

  9. Offline

    JaguarBolt

    Removing InfiniteDispenser now. Such a pity, it was a really useful plugin.
     
  10. Who was da authorz? Same people? What was it doing? I'm scared that I've been on a server with them >.>
     
  11. Offline

    timtower Ninja on the waves Moderator

  12. Code:java
    1. private static String load(String s, boolean en)

    The URL was encrypted, and the load method basically decrypted it.
    It was a simple rotate/unrotate 10 call. Maybe that triggered it?
    Also had some weird a DNS query class; don't know what that's used for.

    edit: Pointed to the creator's website to a file named pluginupdate.jar. Don't know; I found a 1.5.2 version online (not giving out link obviously).
     
  13. :confused: man, I saw InfiniteDispenser and thought "Ooh, that'd be a neat plugin for giving stuff out at spawn". Glad I forgot about it. :p thanks for bringing this to our attention!
     
  14. Wow, low blow.
     
  15. I'm guessing we won't be seeing the authors of these plugins anymore
     
  16. Yup.
     
  17. Offline

    Heliocloud

    Nice catch. This was a good plugin for drop parties :p :/
     
  18. Good catch Bukkit Dev Team!
    Glad you guys caught this before it got too out of hand!
     
  19. And to think I could have swarn I used this last year.... So glad I couldnt figure out how to use it :) Saved me! Yay to my stupidity
    EDIT:
    And I mean the infity dropper thing
     
  20. Wow? Are you sure it was malicious? What if it was just an updater?
     

  21. I think they'd know.....
     
  22. Offline

    LandonTheGeek

    Good catch guys! Thanks for notifying us!
     
  23. Offline

    MCPhantom

    OMG i have the exact plugin!! im stopping my server for 2 days while i make an examination!!
     
  24. Lolz ur signature... That'd be a torture server...

    Logging in...
    BANNED?
     
  25. Great work :)
     
  26. Offline

    TnT Retired Staff

    All files are decompiled. I won't make excuses - the code was simply missed. For this, I take full responsibility. I have put the team under a great deal of pressure to decrease approval times.
    However, no fast approval time is worth this happening.

    We have tightened up our process and re-educated our staff. There may be mistakes made, but we will always improve our process and strive to bring the best experience we can to our community.
     
  27. You don't need to feel bad or sorry, your a human being. People make mistakes, you learn and move on and be better at it.
     
  28. Offline

    Madster456

    Great find. Thankfully my sever, or the ones I dev for are not using any of these! Glad to see you guys hard at work!

    Thanks again!

    ~Madster
     
Thread Status:
Not open for further replies.

Share This Page