Clare3Dx

become a patreon

How some Script Kiddies from Turkey managed to take down the 3DX Discord Server.

An artist on our 3DX Discord Server contacted me to beta test some of his software. As this is not an uncommon thing for me to do, I went with it. Normally I would have a Virtual Machine ready for this, but since I haven't had time to install it since I installed Windows 11 and me having fever and headache, and my dad on the hospital, my wife working on renewing her visa, dealing with an old friend who owns me a lot of money, being generally stressed out from work and life, I did upload the file to VirusTotal and it was showing up as clean.

What I didn't know was that the artist contacting me had already been hacked and it was the Turkish script kiddies writing to me. But As I said, I have beta tested many things before and never had issues like what was about to happen.

I contacted Discord Support and their response time was very slow to non-existing.

Since the website was using Github.io, I contacted Github to have their website taken down. They didn't responded within 24 hours.

Since the Virus itself was located on Discord, I contacted Discord Support to have the file removed. They were again very slow at taking care of things.

I contacted PayPal phishing support in order to have their accounts closed.

I sent the file to a friend in the Microsoft AntiVirus department, told him about what it had done and shortly thereafter he confirmed with me and it was sent to Microsoft AntiVirus Defininition Update as Trojan:Win32/DiscordStealer!MSR. And shortly thereafter other AV companies started to copy it including: Alibaba, AVG, Avast, Avira, Cynet, ESET-NOD32, F-Secure, McAfee-GW, Rising, Sophos, Symantec & Tencent. However BitDefender, Trend Micro, Kaspersky and the rest of them fails to detect anything bad about this virus today.

I was able to collect 3 IP addresses from the script kiddies themself and they were all located in Turkey.