Is Evony malware?

Trojan Horse

When you play a browser based game a number of things are happening. The game itself is running in a big remote computer, all your machine is doing is displaying the game and recording your inputs. It is being what is called a thin client. However in order to be a thin client for a game your computer needs to have in it the client software. So when you play a browser game like Runescape or Habbo the first thing that happens is that this client software is loaded into your machine. This is very trusting of you because anything could be included with that client software. Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony and Empire Craft?

Malware is software that lives in your computer without your consent. Trojan horses are malware that gets into your computer by being part of something else, say the client software for a browser game. Malware can allow someone else to make use of your computer as part of a botnet, which are widely used for sending spam and other illegal activities where the real sender doesn’t want to be traceable. Or it can be used to spy on everything in your computer and everything you do with your computer and so harvest things like credit card details.

Tens of millions of computers have malware in them without their users realising. Currently 376,000 malware bots are activated every day in the world for malicious use. This is huge. The people who create and use malware have a wide range of tactics for getting it into your computer and they are getting ever more sophisticated. Client software for a browser game would be the perfect mechanism for infecting millions of computers with malware.

With the above in mind it is very interesting to read the comment by jonnycake on the article More about Evony: “Now I am wondering if you have any insight into how much damage the game does to your browser, and your system in general. What I thought was very flaky software appears as though it may have malicious content. In Firefox, shortcuts have been re-targeted and attempting to fill in text fields gives mixed results.

There is this forum post from an Evony user: “Something happened this morning. Just when i logged in my account to play Evony, my Anti-Virus detected 4 trojans horse in explorer.exe. They came right when i entered my server. I am no expert about virus so I don<t know what happened there. Any help on the forum would be great as i do not want to join that server again until some admin tells me its clean. Took me 3 hours to clean my computer.

And another one: “Hello, i would like to inform ye that your site is infested with Adaware. http://www.pctools.com/mrc/infection…e.Mostofate.E/ Every time i log onto evony this comes as part of it. I have tried it several times, deleting it THEN just opening up evony and presto its back on my Computer. Its the “monitors the users browsing activity.” that im not paticulary fond of !

Now I am not saying that Evony has a trojan in its client software. This would take proper technical investigation. What I am saying is that the possibility of this being so is such that I would not let Evony anywhere near my computer. These people have already spammed the internet like crazy and stolen most of their game content, with behaviour like this I would not put anything past them.

More Evony articles:

Evony advert ridiculed by PopCap.

Queen of Evony competition.

87 Comments


  1. Interesting. I read through the article and comments, and I have a few concerns. First, I played Evony on my laptop, in Firefox. After a while, my other tabs would stop working and Firefox would freeze up. So I switched to playing in IE. Then my entire computer stopped connecting wirelessly. Hardwired it’s fine. I brought out my old desktop and hooked it up and have been playing Evony in Firefox on there. Laptop STILL won’t connect. Nothing comes up in virus scans (I run AVG Free every night) but both my computers have been running harder since I started playing Evony. I don’t know if it’s a coincidence or not. Thoughts?


  2. I am a student studying computer games design at uni and decided to investigate Evony.com.
    Just to see what some of these games are like etc. etc.
    The game is actually kind of cool (found myself addicted and even spent a little money on it).
    But I started to notice HUGE bandwidth use by the site as I played.
    I am not the only one either, there are comments on the evony forums about this.
    This is odd because all of the client info, the animations etc. are all downloaded in one big download at the start.
    There is no streaming media so I began to wonder what was going on.

    To cut a long story short I decided to break the law and reverse engineer Evony’s client.
    Not to cheat. Not to rip them off or even to use even a scrap of the code.
    But just to poke about a bit and find out what was going on, maybe even offer them some ways to improve things.

    Aside from the fact that the whole thing is very poorly constructed (it is really very beginner coder level stuff. Reminds me of a lot of
    what the first year students produce for assignments) it contained some very interesting information.

    Included with the client are 2 peices of tracking software that monitor your web use and which applications you have open while the client is running.
    These do not install independently on the machine though due to the limitations of flash and do not actually damage anything.
    But they harvest massive volumes of information. My firewall was blocking a lot of outgoing transmissions and it turns out that these
    were the data trying to be sent out. So they know nothing about me. lol.
    However there is a LOT of data coming IN over the ports the client uses. In otherwords it is downloading something into my cache for use later.
    I have bandiwdth restriction which slows these types of tricks down and I completely clear my cache every couple of hours if I am heavily using the net.

    I also noticed that all the varanbles etc. are named Civony still and that there are multiple references to UMGE.
    Even a couple of folders are simply called UMGE, one of these folders contains one of the spyware programs.
    So I can only guess at where the data would end up if I didnt have a good firewall.

    There are also commented out sections in the code which contain references to UMGE and Lam himself, though low on details.

    Thank you for reading this.

    Lee


  3. After going through the page source on the evony home page – I have found to mysterious cookie generators. After doing some research, one of them is Spyware, the other is a pop-up generator.

    The spyware file titled “BurstNet.com” has a reputation for going through your cookies, hardrive files, etc. and is titled dangerous on the spywaredb.

    The second of the two is called ‘http://media.fastclick.net’ wich is a not-so-dangerous file, but it can still annoy the crap out of you as do all pop-up’s do.

    If you look closely at the bottom of the page-file, you will find both of these.


  4. Also, THIS IS JUST THE FRONT LOG-IN PAGE.
    Imagine what else you can find in all the so called flash developing.


  5. I frequently play evony, I find nothing wrong with the game but minor glitches, Yes it is a one of many game, but its fun, interactive and doesnt need you sitting on your computer all day.

    I have also used IEvony and sure its wierd giving your details over to them , but at the end of the day its your choice, I do recommending changing passwords afterwards. And you do get credits for only inviting, you also get credits when your friends buy there own credits, Win win win.

    Overall – Evony is a very fun addictive game which I would play anyday compared to what I like to call dedicated time games were you need to spend alot of time on.
    Yes it does use negative advertisements which arent exactly false, And is only used to lure people into finding out into the game.
    But once more whats even more annoying is when your playing a good game of evony or maybe chatting to some other players and people keep asking where the boobs are. The people that ask and fall for such thing are the scoundrells. I bet you dont have the sophistication to make a Multimassive Online game with over 100 dedicated servers aswell as having a good understanding of Knowledge.

    Dont forget this website also asks for your email address and doesnt allow you to have your say unless provided.

    There is alot of Malware, Spyware ect out there, And if you get worried by 1 or 2 things on here then think again Almost the full Web is Infected, With Google being one of the most Malicious Companys used, Also with AOL ect. If you ever get a time when your worried about something think protection not oh no stay away, because it not what you got internet in the first place for.
    There are hundereds even thousands of free software/ services on the internet which claim to be free but contain Risks of different kinds some more dangerous than others. I call this a authors trademark.

    Correct me if I am wrong


  6. @Ben.
    You are wrong.

    Only let software onto your computer when you know who you are dealing with. Preferably someone with an address and a phone number.


  7. What am I wrong about,

    Evony is online and there are alot of people playing evony using a virtual environment, I myself is using Kaspersky Internet Security. There are ways of preventing harmful files before they even execute so at the end of the day Its still the users responsibility.

    Google are one of the highest advertising companies which uses highly detectable spyware for monitoring websites you search and go on thus sending similar emails to Assosiated email addresses.

    There are also many people including me, which companys or hobbys whatever depend on Open Source content so for Always knowing software authors can be very difficult.

    Also the High CPU usage used while playing evony is a Anti-/Bot/Hack/Script to prevent people cheating on the game.


  8. I don’t know if the CPU usage is anti-hack, but that’s a possible explanation for network traffic. Punkbuster, for example will send in-game screenshots to the server to detect certain cheats or provide an audit trail for admin complaints. Not sure if that is possible with Flash though.


  9. I’m not good with computers or anything but i do know when a game is just a scam and evony definetly fits that with how they ban and deleat any posts on there forums that are less then polite about the service they provide
    Evony is always doing some kinda weird sales pitch to get people to spend money such as some specal package deal for every $30 you spend on them and the packages you get (in my opinion) are not even worth $5 on top of that there $ to cent ratio is $1 = 10 cent while the other games i’ve been foolish enough to spend money on were $1 = 100 credit and most the good stuff in Evonies mall costs $5 or more and they have medals as a requiered upgrade tool but they have the drop rate so low that you almost need to buy medals to progress and they have the medal prices so high its hard to afford them for a typical person who cant afford to squander there money on things like games and while a bussness is entitled to a profit what evony does is scamming on top of that the programming from what i have read here and other forums is done so sloppy that even someoen like me can do it
    i also have noticed a massive slowdown on my computer (quad-core) while playing the game and i have found several trogans and keyloggers as well


  10. Yes it is an Anti-Hack this particular program latches inside the computer to scan for anything regarding similar to a bot, hack, script. Its methods are similar to taking screenshots. I think the hidden file which does this is favicon and if anyone doesnt know: this is the Small sprite used for browsers, pretty useless really.

    Alot of small companys reject negative feed back on forums to prevent people from being put off. take Ebay for example not many people will buy or sell to users with a negative feedback.

    I have been playing evony for 3 months now, And dont intend to spend a penny as I’m earning for advertising anyway, which most people are able to do.

    As for keyloggers on your computer, It is very unlikely this is from Evony as Its Flash based, If it is using a keylogger it would on be active while evony is open.

    I recommend changing your browser setting to automatically delete cookies and Objects including Offline content when you close the browser.


  11. all i really know is that the game is a waste of time especally since i am not able to que buildings set defenceive parimiters or any of that (things i normally do on games like AOE)


  12. Depends on what kind of strategy you like to play, There are loads of real time strategies similar to evony on the web.

    Personally I prefer Stronghold over Age of Empires


  13. It is also possible that a third party is responsible for these problems. In other words, the game makers may have developed a very clean game that is malware free, but a 3rd party may hav ehacked that software and is now reaping the rewards, all without the devs knowledge.


  14. ANyone know if any of this malware stuff has infected their Apple Macs?


  15. @ Gary

    I keep a number of Apple Macs, both at home and for my organisation. The machine I use at home allowed Evony to downloaded application material without the usually fail-safe consent application taking effect, in this respect it appears to bypass to normal Apple Mac security system. These downloaded files can be located through the finder by typing Evony. These can then be manually deleted. However, after this I found this Safari developed the habit of occasional crashing, even after receiving the Apple Mac updates. My engineer will be overwriting whole system with OSX Snow Leopard. If the issue persists, then we will contact Apple Mac.

    It has been reported that 321wan are behind the development of Evony. If this is correct then this company does have Apple Mac knowledge. This is rare for Chinese products and it is this that leaves me to believe the malware claims may be correct, especially as they have offered a service called iEvony. I have never used iEvony, I have just loaded Evony via the browser (without my concent of course), so all Apple Mac users should be EXTREMELY cautious of Evony and other Chinese products.

    So far Evony appears to be the root cause, but this would need to be confirmed through Apple Mac themselves. I have never found any other product to compromise an Apple Mac in this manner.

    Given the security concerns raised in a number of countries over the expected increase in Chinese spyware and malware I no longer download any material that is associated with Chinese companies, and this means they have to have a legitimate business address and telephone number. The reality is this, if China cannot control business concerns on their own territory then their businesses should not have access to overseas custom. If people are foolish enough to act as a front for these Chinese concerns then they will be accountable for all that has transpired.

    Now do not get me wrong, because I am an internationalist at heart and have many Chinese friends, but the level of internet corruption that is now emerging from China is so high individuals would be wise to instigate their own vetoes until computer and software manufacturers can offer absolute assurances that there systems will be robust enough to counter the type of tricks being employed by companies like Evony.

    AC


  16. No Malware in Evony Flash :p
    However, keep a few things in mind.
    Whenever you make an account anywhere the makers can see your password you give. So if this is the same password you use elsewhere, they now know it if they care to. If you give say your email in a registration, and you make the password to that account the same password as your email, they now know your email and password. Any account you make anywhere is stored and all data is available to the programmers.
    The iEvony client is software you must run and could contain any kind of malware thinkable, however, it would sooner or later be detected and Evonys reputation would surely be in trouble then, highly unlikely they would do such. They want your money not your hate.

    Anyone concerned with system security should just spend a few hours reading some PC Magazine articles on the subject, the basics are quite simple.


  17. Spyware becomes leagal when the terms of use are agreed to. I have read articals lately stating that free games and online games are a hackers dream ,this does’nt mean that the games contain malware, but a games weak points can identified and used. As for flash player; until adobe has some real competion were stuck .


  18. @Kirk – If you like to play an RTS Online, NAPWAR is very similar to evony, but lets you que buildings ect. Am not sure if it has any of the same infringements evony uses but its pretty similar.

    *wonder if someone would investigate Napwar, then we could forward everyone to that game instead, as its the same but safe possibly


  19. Hmm, I wonder if Evony contains spyware or if the users playing Evony are simply more vulnerable to spyware than most…

    This IEvony app doesn’t sound too legit, but what would you expect from a referral program?

    Whatever the case, the Evony devs are not after your email or game accounts. That is just silly. In fact, I doubt they install any sort of trojan or keylogger at all.

    If they were making money this way, why keep the overwhelming amount of “freemium” options? Wouldn’t it make more sense to offer everything free, that way they get more people to install their infected software?

    It doesn’t add up for me. My feeling is that Evony is certainly shady and out to make quick dollars, but falls short of being outright malicious and illegal.

    That being said, a company that is already greedy and operating under questionable standards could easily cross that line.

    I would stay away from this game- mostly because it sucks; but the questionable morals involved should give even the most easily entertained reason for pause.


  20. I’ll tell you something, since i started playing evony (about 3 months ago) my computer has broken twice!
    And I don’t mean, “oh, it’s just a virus, get rid of it and move on with life”. I mean total breakdown and losing all my files and having to reinstall windows. TWICE! If evony hasn’t done this then I’ll have to start believing in some almighty power and start praying to it for mercy.


  21. I got the new version Evony 3.08. My older version was 2.16.
    The new version has all references to Eric Lam and UMGE removed.
    Neither the comments in the hex code nor the decompiled Actionscript have anything that refers to them.
    Also the scripts that enumerated the active programs and sent and retrieved data with the remote servers is gone,
    except for the actual game network link to the Evony.com game servers.

    Even the code is a bit neater and more efficient.
    At least the heavy scrutiny on them is having some pluses. lol.


  22. I have read this article and several of the comments.

    My friend told me to start playing evony, and I opend up an account and desided to check it out. While playing in the game, there is an option to “buy game coins”

    I’ve never purchased anything, but I’ve seen several links to go shopping for evony coins ect.

    As far as spam, i have recieved none. Only when im playing I can always click buy game coins, but I have had no problems with viruses, malware, or any of the above.

    Keep in mind when people say that this game screws up their web browser… just loading the game is huge.. several several Mb of data. Plus constantly being updated as time goes on. SO when i’m playing, I dont run too much else on my computer.

    Everything so far has been fine with it, but dont write hateful comments towards me, because this is just my honest experience, I can’t speak for anything else, some people could get spammed, ect.


  23. I played evony two days in december. It was to similar to other games, and there was nothing special about it. I never went back.

    After that point I started getting phising emails in my hotmail, trying to get me to login using my WoW user/pass. I never clicked the links, just hovered over them and saw the real URL. The link text was to the real site, but the actual link wasn’t. I got these about once or twice a week, and wondered how the F someone would have gotten my email. I’ve played WoW since EU launch, and this was the first time ever I recieved any type of scam mail. And then I got Aion, and other “big” MMO phising mails. I don’t play any of them, mind you.

    A week ago I couldn’t log in to my hotmail, the password had been changed. When it comes to computer security I’m very careful, I use different passwords on different sites, and I don’t share my passwords with anyone. I don’t write them down on the computer either, and I have very good firewall / anti-virus, anti-trojan / spyware, etc, that has kept my system clean for many years without any incidents. Except on my work laptop I played Evony on, only have a firewall there.

    Now that I found this site, after finding Evony on facebook and read some of the reviews there, I tried to login on my WoW account (haven’t played since early this year, work and all), and what do I get? Wrong password. NO ONE knows the password except me. It’s 28 characters long, mixed with small, large letters, and numbers. I also change it every 4-6 months. And before anyone jumps the gun and says I forgot the password, I’m not stupid (like some people), I don’t choose a password I don’t have the brains to remember.

    I don’t think Evony has anything to gain from getting access to their players email accounts. But if it’s true that they are tied with gold farming services in WoW, this would make sense to me. I have tons of money and mats. I mean buckloads. On a dozen servers. And no, I haven’t bought gold, or anything against the EULA / ToS. I did buy gold once, it was the summer of 2006. Guess how many times I’ve changed password after that? My account name isn’t even the same anymore. Niether is my computer, OS, ISP, etc. Anyway, if I lose it all, I won’t shed a tear. It’s just pixels on the screen for me. But it might be bread on the table for someone else. Or the difference between driving a Porche, and not driving one.

    As much as I don’t believe in coincidences, mathematically I have to accept even real life has a RNG, and I truly hope the team behind Evony isn’t behind the theft of my accounts. But if they are, RAWR!


  24. This game stinks to me, it’s coldly planned as being intrusive, if it is steered from China? A country with over one million of it’s inahabitants in what they themselves call concentration camps. Yeah guys, don’t flame ‘Answerer’ to much about that. If you can’t see the difference between a country like China and f.ex USA 🙂 I fear for you..

    There are enough documentation about how the Chinese treat their own , nobody knows how many they execute after their ‘trials’, against those not acting correctly, that as they refuse to tell. You better Google a little before defending those ruling China today.

    I agree to that flash shouldn’t be able to ‘log’ my keyboard, but I fear that it is with that as it is with those ‘cookies’ you download when you browse sites on the net. People will tell you that they are ‘only’ textfiles 🙂 won’t they 🙂

    Sure my friend, they definitely are, ever heard about ‘scripts’. Like those we use for programming Linux servers 🙂 Lo and behold, text files.

    Yep scripts, talking ever so happily to the software in my computer.. Use ‘Addblock’ (addon) if you’re using firefox, please :). Don’t know enough to judge how ‘safe’ flash is though? It should be contained to the browser and the the browser would act as the intermediary man in the middle filtering it?

    But I have a friend scripting ‘cookies’ very well, making the clients computers do all sorts of things, not so documented. And ‘Javascript’ f.ex have a lot of ‘old’ tricks that works, not so known as they existed before the official standard came to be.

    Nope, I feel like a retard now, trusting in a malware. I will have to do as Patrick, plus informing people I’ve mailed too that Evony might have gotten access to their mails too through my account. But what worries me most is if they can access my computer directly. And also, what if if it’s not only Evony, but end-destination China?

    What do we call that, and those doing it?

    And how do we treat that kind of guys when a war comes? Don”t fool yourselves, resources are more limited today than they ever have been, with the melting Arctic becoming the last goldmine for exploitation of oil and gas and minerals. With the Chinese already maneuvering to getting a stronger influence through different European committees, acting as the caretakers of the arctic, this kind of behavior might grow. E-war will only prove their true potential that day your electronic banking system collapses and nothing works as it should, from your iphone to your Internet, to your computer.

    And if you don’t know what I’m talking about, search on “SIPRI + China + Arctic” .

    F* this sh*..
    Last time I touched Evony, ever. And i would really like to know what security Flash has? That is something both developers and those constructing browsers have to look into. Look at Java and their ‘sandboxes’ for containing possibly malicious code. They have at least tried. To tell me that I shouldn’t care is just stupid..

    Yoron.


  25. Sorry for all those smiley’s though. Sort of missed that I couldn’t stop them from being replaced by those idiotic yellow clowns. Anyway, any which way they (Evony) seem disreputable to me, and I take my personal integrity rather seriously. I should have seen the writing on the wall when they joined up with Facebook, the company that ‘owns you’…


  26. I forgot.. ‘Addblock & Noscript’ with those two you will definitly have a better browsing using firefox..


  27. “i was planning to blog about them a few weeks ago for our site but we changed our mind when they started spamming our blog comments for many days…that means my computer is totally free from malwares woop woop…”

    Funny thing, our blog received some odd comments lately for the past 2 months now after we posted some articles re ingame hacking and gold sellers in WoW.

    As a blogger, this annoys the crap out o you but there’s little you can do. To make it more difficult for them however, make sure that only registered people can comment on your site. Then remove all links (if you can’t disable it) from each posts. Goodluck


  28. i have played evony ever since it started and i havent got a single virus


  29. i started playing last night and noticed its is very fun. BUT it did do alot of weird things. ooooooh no im not talking about little bugs. im talking logging out then multiple other evony windows pop up. i mean MULTIPLE! All of this adds up. i read all comments + article. the only comments on evonys side sounds like 5year olds typed it. Everyone else sseems highly educated. Im going to stay away from evony. AOE is alot better. 1.because better gameplay. 2.because its an ACTUAL game. Not a crappy browser game.Evony is almost like it knows what you are doing. so it doesnt want u to leave. STAY AWAY FROM EVONY! If alll u 5year olds want to post back about how “You didnt get a single virus” then go ahead. but wait untill ur family goes bankrupt and ur computer explodes.

    XXX


  30. My computer crashed last night after i had just played Evony. I dont know if this is just coincidence…..but hey, i am not taking any chances. AND, if you really think Evony rocks, take a look at their ads. They have become increasing pornographic and sexual in nature. They all (except one) feature half dressed women touching themselves. It makes me sick to see what these people are doing to the net!! (not to mention the people) Also, some say the models in the photos, were not aware that they are in those photos. Some say the photos of women were illegally taken off of the internet from other sites. DONT PLAY EVONY!


  31. I’ve been playing for over 6 months and never had any of the things that all of you are talking about. Could it be that you may have had these on your computer prior to visiting the site and visiting the site was the trigger for the “virus”??


  32. ben, how much do you get for advertising on this site?

    oh dear ben, that wasn’t very clever now was it? i found out that you are using this site to advertise and now i have sent some men in tuxedos to your house to assasinate you.

    well, not really, but please stop advertising evony or maybe i will.

    ok, maybe i won’t.
    or will i…
    no.
    yes.
    no.
    yes.
    (continues arguing with himself)


  33. come on guys evony is officialy malware free and it has been for quite some time, bruce i have folowed many of your forum posts to here, i have been offended by the misconceptions of evony and i ask for you to update your forums or delete them.


  34. ive been playing evony for about a year and i thought the game was made by western countries or europe or something but its DAMN CHINESE. although i have nothing against the chinese these posts are starting to get me worried about evony and wether i should even be playing it.

    Thanks bruce for this information…and i hope evony doesnt sue you

    -uB3r


  35. well i have been playing evony for about a year now. and i have never once had a problem with it. infact i have spent a little bit of money on it with no problem at all. but then again i did use a mastercard gift card, just to be safe.
    i am from evony server ss45 and am doing fine.
    feel free to msg me on there for questions.
    name: KhalMongin

    thanks


  36. “Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony and Empire Craft?”

    Obviously? Hah! Again an Article on Evony Bashing!

    That is a very typical of “Western” nations to say and I find your article to be conceited and full of *.

    Do I sense jealousy over a game that probably spins millions of $? And So What, If the players want to spend the money to advance, what is it to you?

    I have had no Anti Virus, Malware or Adware on my machine from Evony… ever.

    This might be some “other” sites you are visiting perhaps?

    Regards

    Allen

Comments are closed.