Is Evony malware?

Trojan Horse

When you play a browser based game a number of things are happening. The game itself is running in a big remote computer, all your machine is doing is displaying the game and recording your inputs. It is being what is called a thin client. However in order to be a thin client for a game your computer needs to have in it the client software. So when you play a browser game like Runescape or Habbo the first thing that happens is that this client software is loaded into your machine. This is very trusting of you because anything could be included with that client software. Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony and Empire Craft?

Malware is software that lives in your computer without your consent. Trojan horses are malware that gets into your computer by being part of something else, say the client software for a browser game. Malware can allow someone else to make use of your computer as part of a botnet, which are widely used for sending spam and other illegal activities where the real sender doesn’t want to be traceable. Or it can be used to spy on everything in your computer and everything you do with your computer and so harvest things like credit card details.

Tens of millions of computers have malware in them without their users realising. Currently 376,000 malware bots are activated every day in the world for malicious use. This is huge. The people who create and use malware have a wide range of tactics for getting it into your computer and they are getting ever more sophisticated. Client software for a browser game would be the perfect mechanism for infecting millions of computers with malware.

With the above in mind it is very interesting to read the comment by jonnycake on the article More about Evony: “Now I am wondering if you have any insight into how much damage the game does to your browser, and your system in general. What I thought was very flaky software appears as though it may have malicious content. In Firefox, shortcuts have been re-targeted and attempting to fill in text fields gives mixed results.

There is this forum post from an Evony user: “Something happened this morning. Just when i logged in my account to play Evony, my Anti-Virus detected 4 trojans horse in explorer.exe. They came right when i entered my server. I am no expert about virus so I don<t know what happened there. Any help on the forum would be great as i do not want to join that server again until some admin tells me its clean. Took me 3 hours to clean my computer.

And another one: “Hello, i would like to inform ye that your site is infested with Adaware.…e.Mostofate.E/ Every time i log onto evony this comes as part of it. I have tried it several times, deleting it THEN just opening up evony and presto its back on my Computer. Its the “monitors the users browsing activity.” that im not paticulary fond of !

Now I am not saying that Evony has a trojan in its client software. This would take proper technical investigation. What I am saying is that the possibility of this being so is such that I would not let Evony anywhere near my computer. These people have already spammed the internet like crazy and stolen most of their game content, with behaviour like this I would not put anything past them.

More Evony articles:

Evony advert ridiculed by PopCap.

Queen of Evony competition.


#1 captbasch on 07.16.09 at 10:09 am

i was planning to blog about them a few weeks ago for our site but we changed our mind when they started spamming our blog comments for many days…that means my computer is totally free from malwares woop woop…oh wait..i signed up at their forum a few days ago so i can post their stupid links and ads…* rescanning my pc with eset nod32*….

#2 PlayBBG on 07.16.09 at 10:18 am


#3 caid on 07.17.09 at 1:18 am

Tis a sad world indeed to know how many ways people will use to exploit others. Is there no more decency in the world? Then again… was there ever?



#4 Bruce on 07.17.09 at 12:16 pm

Another one:

I suspected something fishy was going on when I started getting e-mails from friends who had started playing Evony. I figured either their computer had been Trojan’d and taken over, or their e-mail address had been spoofed. Either way, shady.
Even shadier when I asked my friends if they knew they were e-mailing me and they said “no”.
Moral of the story: don’t click on ads with boobies in them.
Other moral of the story: don’t install shit on your computer if you aren’t sure what it does.

#5 Questioner on 07.18.09 at 8:32 am

There may be a lot of dodgy web games out there, but is everything bad necessarily Chinese?

#6 Merkavah on 07.19.09 at 2:47 am

I don’t think Evony directly spams comments. They do pay people measly credits for referals and for spamming your emails. The referal link looks like, but unlike e-mails, you get paid only if someone joins, not for spamming blogs.

As well, Evony is Flash based (Flex source) and it shouldn’t be possible to have a flash-based malware (shouldn’t, not isn’t, annoying ads excluded).

The iEvony client software however (the referal software) can do whatever it wants, and can be a malware, but I don’t see a reason for Evony to make it one. The game might be buggy occasionally, but it is a good game that they invested a lot of money in. Besides, they already got lots of credit cards from their players legitimately.

#7 Answerer on 07.20.09 at 12:05 pm

“There may be a lot of dodgy web games out there, but
is everything bad necessarily Chinese?”

The answer is a resounding YES! Not just web games but food, electronics, toys, and tons of other stuff. Even the way they breed animals for fur and how barbaric they kill them (or skin them alive)!

#8 Eric on 07.21.09 at 10:04 pm

Get your hoods boys! Its time the Klan rounded up some Chinamen!

Ah, racism and prejudice in action. Good to see after thousands of years we still hate people simply because they are different.

#9 Disgusted on 07.22.09 at 3:28 am

Well now, Asswerer.. a little bit racist are we.. nice job with the blanket comments regarding a culture…


#10 Andy on 07.23.09 at 12:31 am

Your quickness to blow the racism trumpet in this situation only proves your own ignorance of world politics in this situation. Hes not bringing up that Chinease programs are more likely to contain spyware than well established western games like Runescape because he hates Chinease. Hes bringing it up because its true, and when you bury your head in the sand you only make your butt a target for your enemies.

#11 Don't be naive on 07.23.09 at 12:59 am

Chinese business models and Chinese people are two different things. The business model will screw over anyone and anything to make an extra buck. The people are usually pretty nice, but often very xenophobic (dollars may help overcome this for a moment). That is the way it is. My Chinese landlord even warned me about it. Don’t be a sucker.

#12 Bob Sillcot on 07.23.09 at 10:13 pm

I spent on Evony and didn’t get what I paid for…and guess what, they refused to respond.
All I can say is never spend a penny with these crooks!

#13 Paul on 07.24.09 at 5:30 pm

Steps could be taken to see for sure if iEvony has any malware within. It wouldn’t be hard to do using a virtualization program like VirtualBox, which can give useful information for debugging software, but it also comes in handy for detecting malware.

I might do it sometime, and I encourage anyone else who is familiar to try their hand at it. If I do I will post the results here so Bruce can add it to the list of evidence. At the moment, I can imagine some obstacles, but I am willing to try and work through them.

Of course, even if someone did do an in-depth analysis of their software and found a malicious aspect to it, they probably wouldn’t change it anyway. A report showing the inner-workings of iEvony would be a lot more convincing to a court, however.

#14 Paul on 07.24.09 at 6:55 pm

Okay, ran into a bit of a snag…

I presume that iEvony would be distributed in the form of an installer, so I first went to find a download link, but no success. They want you to have an account to download it, but you also need an “invitation code”. I tried scouring the web for such codes, but I found none that are active. Until I get a working code, it will be unlikely that I will be able to do any sort of analysis on the program.

Also, I came across this interesting bit from their news page (posted 7-12-09):
“Dear Players,

We have been excited at the success of iEvony, but we have also come across an unintended side effect of the iEvony system. Some players have abusively and unethically engaged in spamming practices on a variety of websites with the intent of boosting their credits. (…) Our goal with the iEvony program is for our players to be rewarded for being our goodwill ambassadors on the sites which they normally frequent and for the most part that is exactly what is happening.”

I can think of only a few ways they could tell what people post on websites, but regardless that doesn’t sound like something anyone I know would want on their computer. I don’t want to point the finger just yet, though.

#15 Paul on 07.24.09 at 8:11 pm

Correction: I guess the method they use to track referrals it to use a sub-domain such as “”. I guess I didn’t see that initially. (props to Merkavah for pointing that out first here) Anyway, this method of referral tracking has been shown to promote spam time and time again. It probably isn’t the company itself, unless the spammed link doesn’t contain referrer information.

#16 Chris on 07.25.09 at 12:07 am

Clearly your lack of knowledge on the subject is apparent.

Perhaps it would make more sense to actually have an understanding of how flash based clients work, before you attempt to slander a company.

Your first paragraph is grossly inaccurate.

#17 Doogle on 07.25.09 at 11:42 pm

Why are you plugging evony on your site then?

#18 anonymaus on 07.26.09 at 12:13 am

Am I to be the first to mention that the ad to the right is for evony? Delicious.

#19 HodgPodg on 07.26.09 at 12:49 am


They no what people are posting because there is a referral system. People are spamming with there referral code and websites are complaining to Evony and telling Evony what the referral code or link is.

You do not need iEvony to play the game, iEvony is only there if you want to receive credits for advertising Evony.

I play Evony, but I do not use iEvony. I trust very few downloads.

#20 Incredulous on 07.26.09 at 4:27 pm

The following quotation is somehow delicious!
If this were just another site where kids who’ve
nothing better to do than to flex their ignorance
in public, it would be something to shrug off.
Seeing as this is a game site where the author has
shown that he does indeed have knowledge of games,
networking and assumedly knows a wee bit about
trojans and viruses, etc…

His last line “I would not put anything past them.”
sums it up the best for me… I don’t want to do the
work, so I’ll just say their business sucks so they’re
possibly(but totally inferred PROBABLY) hacking into
everyone’s system… Why not yell fire in a theatre
just because you can smell the popcorn burning in
front… There must be fire if you can smell smoke…

Now I am not saying that Evony has a trojan in its client software. This would take proper technical investigation.

#21 Ron K on 07.27.09 at 12:31 am

Evony is a very addicting game. I spent money on the game, but never again. The value is not worth it, plus recently their was a recent charge to my account, 5 cents! With THOUSANDS of current and more future gamers. Add it up please.

Ron K.

#22 Phil on 07.27.09 at 4:57 am

I don’t know where all this hate is coming from. I play (and love) this game. Who cares if their ads show boobs? Why spread ridiculous malware rumors and hate on something you never tried?

Bruce, you sound bored (and old). Maybe if you played Evony you wouldn’t have so much time on your hands to make an idiot out of yourself on the internet.

#23 Chris Leyton on 07.27.09 at 11:31 am

Hey Bruce, wouldn’t it be a good idea to adjust your Google AdSense account so you’re not dispalying ads for the game you’re advising us to avoid?

#24 Bruce on 07.27.09 at 11:35 am

The Google ads for Evony on my site come from different urls. Each time I ban some urls the Evony people just come up with new ones. They are spamming the whole Google advertising system.

#25 Bill on 07.29.09 at 2:04 pm

This pretty much sums the game up for me.

I’ve seen this game evolve from Civony to Evony to just a pair of boobs on an ad… at first, I was interested, because I love strategy games in general. Then, I forgot about it. Recently saw a friend playing it, and looked it up. They should’ve called the game Travian, since thats where 90% of the game was stolen.

The game is pretty much set up to steal money on a click by click basis. I wouldn’t be surprised if it had trojans in it. I wouldn’t put it past an imaginary company with ties to Chinese gold farmers for World of Warcraft. Its how they make a bunch of money to start.

#26 Johnny Gout Treatment on 07.29.09 at 6:31 pm

Bah, I’m chinese and I agree with the stereotype about shady chinese biz models as being generally true (but not 100% of the time of course). Just like the stereotype about Indian tech support as being overwhelmingly sucky is ALSO TRUE. Of course, there is also the stereotypical American propensity to overengineer whether it comes to code or machines… but hey, how would geeks get their excitement without aircraft carriers and Saturn V to fantasize over, eh? ;)

#27 bigkefe on 07.30.09 at 4:19 am

I too was wondering about this game, after having seen many of these ads and being an avid strategy game player i was interested. So my girlfriend clicked one of the links to see what the game was about, after a little review and some looking over we decided it looked cheap and not for us.

The next day however her world of warcraft account was hacked and her gold and items sold and given away. she is safe with her computer and its updates and says she has not clicked any ingame links. came to mind when i read on here about evony being connected to a gold farming site. something to think about anyways.

#28 Stromko on 07.31.09 at 7:50 pm

If they’re going to steal content from Age of Empires and Civ and stick it in their game, why NOT steal passwords and other things from their players?

There’s a sucker born every minute after all. I’m staying the hell away from Evony. If it’s actually owned by Chinese goldfarmers, maybe the government will run over Lam’s house with a tank and, left rudderless, the company will try going legit. I mean at the very least can’t they stick him a detention center and force him to do that Thriller dance like on Youtube? Pfeh.

#29 Heath on 08.11.09 at 3:53 am

This article is somewhat misinformed.

A “thin client” may or may not be capable of containing malware. It depends on the technology involved.

There are TWO evony clients, and they use TWO technologies. One is the in-browser game client. This is implemented using Flash, and it is as secure as Flash.

#30 Heath on 08.11.09 at 3:54 am

The second is “iEvony” which is a .EXE file and DOWNLOADING a EXE FILE is VERY DANGEROUS!!!! because this technology has close control over your computer.

The iEvony client is positioned as a spam-sending client, helping you to advertise evony in exchange for in-game currency. As such, the iEvony process is allowed access to your IM contacts. I would assume that the iEvont client also contacts the Evony servers, to record email addresses found.

#31 Heath on 08.11.09 at 3:56 am

In other words, the issue of security may be one of Flash vs. EXE.

#32 Bruce on 08.11.09 at 6:15 am

“Second on the list is that the viral ad campaign itself contained a trojan called SHeur.AYRM. It would appear that a computer could be infected with this trojan by clicking through on some of the Evony ads hosted on the game. The infected code has been removed from the game as noted by an administrator on June 8, 2009 on the GameAxis forums and Evony has submitted for a review from Google to be cleared.”

#33 Bruce on 08.11.09 at 6:18 am

Recently there were a number of websites compromised due to an Adobe flash player vulnerability. This vulnerability allowed the injection of flash scripts that download keyloggers onto unsuspecting visitors’ computers……………

Thursday Adobe released an update, and it’s important for everyone who has Adobe flash player installed to download this patch. If you do not, your computer and video game accounts are at risk.

Find out about the update, or download it and start installing it as soon as you can. You can also use the auto update feature within the flash player if you desire updating through that method.

Please, do this as soon as you can. This vulnerability is very real, and there are people attempting to steal accounts this very moment. Any website you visit until you’ve updated may be a potential threat to your computer’s security.

As an extra precaution, please make sure to run virus scans on your computers to ensure they’re clean of threats. The known keylogger files circulating related to this are:

* a.exe
* b.exe
* c.exe
* 6to4ex.dll

#34 Bruce on 08.11.09 at 6:20 am

“PS: yay for Trojans.

i reccomend noone plays this it has alot of password trojans as well as personal info like credit cards, this really is a chinese gold farming i counted 34 trojans and counting from just logging into evony.”

#35 Bruce on 08.11.09 at 6:24 am

I don’t play it but I have a friend who’s had a lot of problems with it slowing his computer. He ran a virus scan and did in fact find out that he had a trojan, I don’t think it’d be a good idea to play that.

#36 Bruce on 08.11.09 at 6:28 am

we were also targeting Evony, We found out that it could be easily have a SQL Injection Exploit. Simple as that we can now see the users and passes of other people. For the first time ever. We managed to pass through Security on June 11, 2009 About 8:24PM GMT+ 8 and we saw a hell lot of CCVs and CCs. Just as Viral would said that and i was amazed. Now here am i and my buddies infront of many information we can gather through it. One more thing in Evony if you noticed that the Login ID on the old days of Evony June 10 Down. Can be copy and pasted & saved it to use it as a shortcut. Well for me it isn’t a shortcut its an Exploit. Join the forums AvDose Forums to see alot more exploits but first you need to be a member to view the full forum.

n1tr0b | MinGeBag

#37 Bruce on 08.11.09 at 4:45 pm

ya I knew about this spyware, I had thought I mentioned it but perhaps not here on the AR forums.. but on another forums.. yes there is indeed flash cookie and tracking mechanism that comes along with the game.. but, this is similar to any other flash game based website.. use firefox, set it to clear browsing history and cookies when the website closes.. also, go to to the flash control panel and you can remove your flash history and cookies as well.. if you play evony, try setting your flash cookie memory space to like 0 or 1, and evony wont even work..

so ya… there is a spyware built into the game.. but, it’s no worse than things you pick up all the time and dont even know about it… just think ‘microsoft’ the biggest chunk of spyware ever invented… haha

#38 Mang on 08.22.09 at 6:57 pm

Hmm, I think I’ll use a different definition of malware.

In this definition, I’d like to state that malware is any software and community created with the express purpose of misleading, misinforming, and fleecing people while providing a bare minimum service, such as a fly by night operation.

Extensive play on Evony reveals many things apparent. First, the combat mechanics are so overly simplistic.

Fights start at the maximum range of a unit. wall defenses max range is 5000 with traps, army units max range is 1300, ballista and archer. When a fight starts, units move towards each other at a set distance each “round”, prescribed by their “speed” statistic. Now, 1 of ANY unit will cause 100000 enemy cavalry, swordsmen, or anything else to spend one round where that warrior is. even if the warrior is easily killed by 1 cavalry, the rest of the units still are apparently stuck together like foozeball. Now, there are ways around it without calculating 1 million individual units movements per second, but they didnt do it. It was made as bare bones as possible to work as soon as possible.

Then theres the gold bug. too much gold, and it will go into negative numbers. There’s a limitation to the type of coding they used on the string for gold. Had they known more about programming, they would have easily accommodated for it with floating point.

Lets not forget that 99% of their artwork is stolen from everywhere else. A quick look through the character picture profiles, and you’ll see some that are highly cartoonish or caricatured, while others have a highly polished realistic look. There are pictures out there a person can use freely, but I think that with the intent of making money violates the free use policy if they didnt state they were going to use it. And I highly suspect that not asking or telling is the case with them.

Many times, patches are “silently” placed in, and people suddenly find things working in strange and often detrimental ways. This continues to be a major complaint.

Medals are a required progression tool. After their first batch of servers, they learned that people could easily gain medals and thus avoid buying medal packages. Medals are found in valleys and barbarian towns through attacking. Now they have dropped the medal rate to 1%, so that progression is almost impossible without either 1000 hours of grinding (sounds more MMO now doesnt it) or buying medal packages. But the thing is, a grind in an RTS, even if its an MMO doesn’t make sense. The only sense it makes is making money.

Now, there are so many other things to spend money on to gain superiority easily by cash over other players. But a required progression to get more ranks and more towns requiring money now as well just seems over the top. The only ones it hurts are the ones that dont pay anyway. And they call Evony “free”, but when a person can only have 2-3 towns now, that doesnt compete with a medal buyer having 10 towns. This forces the dilemma of paying money for more towns. Good for evony, bad for players that were mislead about it being Free to Play.

I understand that a business needs to gain money, and any business that provides quality service should rightfully be paid for their services if that is what they ask as compensation. However, the never ending parade of ads that show just female cleavage and nothing else, the lack of communication, the poor coding that proves the game should’ve never left beta, the numerous spelling errors, the NEW coding errors that crop up such as numbers getting censored in game because the coder doesnt know what theyre doing, its past and all its current and past problems, and the way they silence honest dissent on the forums like a gestappo, and I can only consider this game social malware.

#39 Danny on 08.23.09 at 3:30 am

My friend was telling me yesterday that he read the Evony Terms of Use. I hadn’t because I registered right through the flash client which makes no reference to the terms. Just now I went through them and found the following

# Acknowledgments.
You hereby acknowledge and agree that:

3. REGAN MERCANTILE US, LLC may, with or without notice to you, disclose your Internet Protocol (IP) address(es), personal information, Chat logs, and other information about you and your activities: (a) in response to a request by law enforcement, a court order or other legal process; or (b) if REGAN MERCANTILE US, LLC believes that doing so may protect your safety or the safety of others.
5. You are wholly responsible for the cost of all telephone and Internet access charges along with all necessary equipment, servicing, repair or correction incurred in maintaining connectivity to the Servers.

Now I believe that on its own is frightening enough. However the following image shows that one day while browsing the 4chan image boards during gameplay, the site used my computer to do a little advertising for themselves:

Now the game appears to be inoperable at the moment, but the next time I manage to log in I’m simply going to give away my items. I regret using a real e-mail address to sign up…

#40 Evony User on 08.23.09 at 1:05 pm

And this is what happens on the forums if you post something negative about Evony et al…

You have been banned for the following reason:
Posting libel and false statements against staff and company. Not tolerated.

Date the ban will be lifted: 08-29-2009, 01:00 PM

#41 Jake on 09.09.09 at 10:11 am

Evony gives ads with boobs a bad name. There is nothing inherently evil about boobs. Please remember that.

#42 Steve on 09.18.09 at 4:16 pm

Oh irony you are a sweet mistress, theres an ad for Empire Craft on this very page

#43 Bob on 09.20.09 at 3:03 pm

This article and comments are full of ignorance. iEvony invites work just like FaceBook’s Friend Finders. It WARNS you straight out that it will import your address book and send invites to everyone, and then you have to CONFIRM it. If you get iEvony “spam”, it’s because your friends are greedy for Evony credits, _whether they admit it or not_. If your friends e-mail you chain letters, does that mean MS Outlook is malware? No, it means you need better friends.

Yes, I’ve actually checked out both Evony and iEvony software, which is exactly what you should have done before writing a slanderous article about it.

#44 Nils Jørgen on 09.25.09 at 5:55 pm

After reading this I got abit worried. I have briefly tried Evony myself, so even though I had just this very day done my monthly anti-virus scan and my weekly anti everything else scan, I decided to do them again. And what do you know. I found several root-kit worms. And the scans aren’t even done yet.

#45 Nils Jørgen on 09.25.09 at 5:58 pm

Seems I forgot to clarify the most important piece off my last statement. I tried evony briefly AFTER my monthly/weekly anti-virus/anti everything else scans.

#46 Nils Jørgen on 09.25.09 at 6:01 pm

I seem to have forgotten to mention that my Evony testing occurred only between the first and second round off scanning.

#47 Evony User on 09.27.09 at 2:56 am

When I have Evony on my browser, I normally have other tabs because of LONG construction times and such,so normally the broswer will slow down my computer so when I close Evony, things go back to normal.I’m not amazing with computers, so I don’t know if it could be malware or not if someone could answer it for me?

#48 Chris on 09.27.09 at 9:16 am

“Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony and Empire Craft?”

Surely that statement should read “Obviously legitimate games should be trusted”? There do exist games made outside the EU and USA which are nontheless legit, and, shock horror, even trojans made in the west. Making this a national issue seems pointless and a little xenophobic when the real divide is between reputable and disreputable software.

#49 Galatorg on 10.06.09 at 7:55 pm

I find all this very interesting. I have been playing evony for a couple months now. I am also signed up for ievony and have installed the app associated with it.

I have not come across any of these problems. I goto 4chan all the time and haven’t been banned yet. My computer doesn’t run slow when playing it (I do have a fairly decent computer though). Virus scans have never turned up anything. I don’t see any signs of a virus (I work in computers, I can recognize them usually). I will definitely be keeping a closer eye on things now, but all has been going just fine with me.

#50 playzevony on 10.12.09 at 9:42 am

and if ur that paranoid of the internets, try google chrome

#51 Nic on 10.27.09 at 8:32 pm

Interesting. I read through the article and comments, and I have a few concerns. First, I played Evony on my laptop, in Firefox. After a while, my other tabs would stop working and Firefox would freeze up. So I switched to playing in IE. Then my entire computer stopped connecting wirelessly. Hardwired it’s fine. I brought out my old desktop and hooked it up and have been playing Evony in Firefox on there. Laptop STILL won’t connect. Nothing comes up in virus scans (I run AVG Free every night) but both my computers have been running harder since I started playing Evony. I don’t know if it’s a coincidence or not. Thoughts?

#52 Lee on 10.29.09 at 3:55 pm

I am a student studying computer games design at uni and decided to investigate
Just to see what some of these games are like etc. etc.
The game is actually kind of cool (found myself addicted and even spent a little money on it).
But I started to notice HUGE bandwidth use by the site as I played.
I am not the only one either, there are comments on the evony forums about this.
This is odd because all of the client info, the animations etc. are all downloaded in one big download at the start.
There is no streaming media so I began to wonder what was going on.

To cut a long story short I decided to break the law and reverse engineer Evony’s client.
Not to cheat. Not to rip them off or even to use even a scrap of the code.
But just to poke about a bit and find out what was going on, maybe even offer them some ways to improve things.

Aside from the fact that the whole thing is very poorly constructed (it is really very beginner coder level stuff. Reminds me of a lot of
what the first year students produce for assignments) it contained some very interesting information.

Included with the client are 2 peices of tracking software that monitor your web use and which applications you have open while the client is running.
These do not install independently on the machine though due to the limitations of flash and do not actually damage anything.
But they harvest massive volumes of information. My firewall was blocking a lot of outgoing transmissions and it turns out that these
were the data trying to be sent out. So they know nothing about me. lol.
However there is a LOT of data coming IN over the ports the client uses. In otherwords it is downloading something into my cache for use later.
I have bandiwdth restriction which slows these types of tricks down and I completely clear my cache every couple of hours if I am heavily using the net.

I also noticed that all the varanbles etc. are named Civony still and that there are multiple references to UMGE.
Even a couple of folders are simply called UMGE, one of these folders contains one of the spyware programs.
So I can only guess at where the data would end up if I didnt have a good firewall.

There are also commented out sections in the code which contain references to UMGE and Lam himself, though low on details.

Thank you for reading this.


#53 Alex on 10.29.09 at 5:03 pm

After going through the page source on the evony home page – I have found to mysterious cookie generators. After doing some research, one of them is Spyware, the other is a pop-up generator.

The spyware file titled “” has a reputation for going through your cookies, hardrive files, etc. and is titled dangerous on the spywaredb.

The second of the two is called ‘’ wich is a not-so-dangerous file, but it can still annoy the crap out of you as do all pop-up’s do.

If you look closely at the bottom of the page-file, you will find both of these.

#54 Alex on 10.29.09 at 5:04 pm

Imagine what else you can find in all the so called flash developing.

#55 Ben on 10.31.09 at 11:07 pm

I frequently play evony, I find nothing wrong with the game but minor glitches, Yes it is a one of many game, but its fun, interactive and doesnt need you sitting on your computer all day.

I have also used IEvony and sure its wierd giving your details over to them , but at the end of the day its your choice, I do recommending changing passwords afterwards. And you do get credits for only inviting, you also get credits when your friends buy there own credits, Win win win.

Overall – Evony is a very fun addictive game which I would play anyday compared to what I like to call dedicated time games were you need to spend alot of time on.
Yes it does use negative advertisements which arent exactly false, And is only used to lure people into finding out into the game.
But once more whats even more annoying is when your playing a good game of evony or maybe chatting to some other players and people keep asking where the boobs are. The people that ask and fall for such thing are the scoundrells. I bet you dont have the sophistication to make a Multimassive Online game with over 100 dedicated servers aswell as having a good understanding of Knowledge.

Dont forget this website also asks for your email address and doesnt allow you to have your say unless provided.

There is alot of Malware, Spyware ect out there, And if you get worried by 1 or 2 things on here then think again Almost the full Web is Infected, With Google being one of the most Malicious Companys used, Also with AOL ect. If you ever get a time when your worried about something think protection not oh no stay away, because it not what you got internet in the first place for.
There are hundereds even thousands of free software/ services on the internet which claim to be free but contain Risks of different kinds some more dangerous than others. I call this a authors trademark.

Correct me if I am wrong

#56 Bruce on 11.04.09 at 9:02 am

You are wrong.

Only let software onto your computer when you know who you are dealing with. Preferably someone with an address and a phone number.

#57 Ben on 11.04.09 at 8:55 pm

What am I wrong about,

Evony is online and there are alot of people playing evony using a virtual environment, I myself is using Kaspersky Internet Security. There are ways of preventing harmful files before they even execute so at the end of the day Its still the users responsibility.

Google are one of the highest advertising companies which uses highly detectable spyware for monitoring websites you search and go on thus sending similar emails to Assosiated email addresses.

There are also many people including me, which companys or hobbys whatever depend on Open Source content so for Always knowing software authors can be very difficult.

Also the High CPU usage used while playing evony is a Anti-/Bot/Hack/Script to prevent people cheating on the game.

#58 Bob on 11.05.09 at 11:57 pm

I don’t know if the CPU usage is anti-hack, but that’s a possible explanation for network traffic. Punkbuster, for example will send in-game screenshots to the server to detect certain cheats or provide an audit trail for admin complaints. Not sure if that is possible with Flash though.

#59 kirk on 11.06.09 at 7:27 pm

I’m not good with computers or anything but i do know when a game is just a scam and evony definetly fits that with how they ban and deleat any posts on there forums that are less then polite about the service they provide
Evony is always doing some kinda weird sales pitch to get people to spend money such as some specal package deal for every $30 you spend on them and the packages you get (in my opinion) are not even worth $5 on top of that there $ to cent ratio is $1 = 10 cent while the other games i’ve been foolish enough to spend money on were $1 = 100 credit and most the good stuff in Evonies mall costs $5 or more and they have medals as a requiered upgrade tool but they have the drop rate so low that you almost need to buy medals to progress and they have the medal prices so high its hard to afford them for a typical person who cant afford to squander there money on things like games and while a bussness is entitled to a profit what evony does is scamming on top of that the programming from what i have read here and other forums is done so sloppy that even someoen like me can do it
i also have noticed a massive slowdown on my computer (quad-core) while playing the game and i have found several trogans and keyloggers as well

#60 Ben on 11.07.09 at 8:53 pm

Yes it is an Anti-Hack this particular program latches inside the computer to scan for anything regarding similar to a bot, hack, script. Its methods are similar to taking screenshots. I think the hidden file which does this is favicon and if anyone doesnt know: this is the Small sprite used for browsers, pretty useless really.

Alot of small companys reject negative feed back on forums to prevent people from being put off. take Ebay for example not many people will buy or sell to users with a negative feedback.

I have been playing evony for 3 months now, And dont intend to spend a penny as I’m earning for advertising anyway, which most people are able to do.

As for keyloggers on your computer, It is very unlikely this is from Evony as Its Flash based, If it is using a keylogger it would on be active while evony is open.

I recommend changing your browser setting to automatically delete cookies and Objects including Offline content when you close the browser.

#61 kirk on 11.08.09 at 9:14 pm

all i really know is that the game is a waste of time especally since i am not able to que buildings set defenceive parimiters or any of that (things i normally do on games like AOE)

#62 Ben on 11.09.09 at 4:45 am

Depends on what kind of strategy you like to play, There are loads of real time strategies similar to evony on the web.

Personally I prefer Stronghold over Age of Empires

#63 Mike on 11.11.09 at 3:56 pm

It is also possible that a third party is responsible for these problems. In other words, the game makers may have developed a very clean game that is malware free, but a 3rd party may hav ehacked that software and is now reaping the rewards, all without the devs knowledge.

#64 Gary on 11.21.09 at 1:53 am

ANyone know if any of this malware stuff has infected their Apple Macs?

#65 AC on 11.26.09 at 4:33 pm

@ Gary

I keep a number of Apple Macs, both at home and for my organisation. The machine I use at home allowed Evony to downloaded application material without the usually fail-safe consent application taking effect, in this respect it appears to bypass to normal Apple Mac security system. These downloaded files can be located through the finder by typing Evony. These can then be manually deleted. However, after this I found this Safari developed the habit of occasional crashing, even after receiving the Apple Mac updates. My engineer will be overwriting whole system with OSX Snow Leopard. If the issue persists, then we will contact Apple Mac.

It has been reported that 321wan are behind the development of Evony. If this is correct then this company does have Apple Mac knowledge. This is rare for Chinese products and it is this that leaves me to believe the malware claims may be correct, especially as they have offered a service called iEvony. I have never used iEvony, I have just loaded Evony via the browser (without my concent of course), so all Apple Mac users should be EXTREMELY cautious of Evony and other Chinese products.

So far Evony appears to be the root cause, but this would need to be confirmed through Apple Mac themselves. I have never found any other product to compromise an Apple Mac in this manner.

Given the security concerns raised in a number of countries over the expected increase in Chinese spyware and malware I no longer download any material that is associated with Chinese companies, and this means they have to have a legitimate business address and telephone number. The reality is this, if China cannot control business concerns on their own territory then their businesses should not have access to overseas custom. If people are foolish enough to act as a front for these Chinese concerns then they will be accountable for all that has transpired.

Now do not get me wrong, because I am an internationalist at heart and have many Chinese friends, but the level of internet corruption that is now emerging from China is so high individuals would be wise to instigate their own vetoes until computer and software manufacturers can offer absolute assurances that there systems will be robust enough to counter the type of tricks being employed by companies like Evony.


#66 Gamer on 12.07.09 at 7:53 am

No Malware in Evony Flash :p
However, keep a few things in mind.
Whenever you make an account anywhere the makers can see your password you give. So if this is the same password you use elsewhere, they now know it if they care to. If you give say your email in a registration, and you make the password to that account the same password as your email, they now know your email and password. Any account you make anywhere is stored and all data is available to the programmers.
The iEvony client is software you must run and could contain any kind of malware thinkable, however, it would sooner or later be detected and Evonys reputation would surely be in trouble then, highly unlikely they would do such. They want your money not your hate.

Anyone concerned with system security should just spend a few hours reading some PC Magazine articles on the subject, the basics are quite simple.

#67 David on 12.14.09 at 3:56 pm

Spyware becomes leagal when the terms of use are agreed to. I have read articals lately stating that free games and online games are a hackers dream ,this does’nt mean that the games contain malware, but a games weak points can identified and used. As for flash player; until adobe has some real competion were stuck .

#68 Ben on 12.17.09 at 8:14 pm

@Kirk – If you like to play an RTS Online, NAPWAR is very similar to evony, but lets you que buildings ect. Am not sure if it has any of the same infringements evony uses but its pretty similar.

*wonder if someone would investigate Napwar, then we could forward everyone to that game instead, as its the same but safe possibly

#69 Aaron on 01.06.10 at 4:09 am

Hmm, I wonder if Evony contains spyware or if the users playing Evony are simply more vulnerable to spyware than most…

This IEvony app doesn’t sound too legit, but what would you expect from a referral program?

Whatever the case, the Evony devs are not after your email or game accounts. That is just silly. In fact, I doubt they install any sort of trojan or keylogger at all.

If they were making money this way, why keep the overwhelming amount of “freemium” options? Wouldn’t it make more sense to offer everything free, that way they get more people to install their infected software?

It doesn’t add up for me. My feeling is that Evony is certainly shady and out to make quick dollars, but falls short of being outright malicious and illegal.

That being said, a company that is already greedy and operating under questionable standards could easily cross that line.

I would stay away from this game- mostly because it sucks; but the questionable morals involved should give even the most easily entertained reason for pause.

#70 Carpet Doug on 01.16.10 at 12:05 pm

I’ll tell you something, since i started playing evony (about 3 months ago) my computer has broken twice!
And I don’t mean, “oh, it’s just a virus, get rid of it and move on with life”. I mean total breakdown and losing all my files and having to reinstall windows. TWICE! If evony hasn’t done this then I’ll have to start believing in some almighty power and start praying to it for mercy.

#71 Lee on 01.22.10 at 11:39 am

I got the new version Evony 3.08. My older version was 2.16.
The new version has all references to Eric Lam and UMGE removed.
Neither the comments in the hex code nor the decompiled Actionscript have anything that refers to them.
Also the scripts that enumerated the active programs and sent and retrieved data with the remote servers is gone,
except for the actual game network link to the game servers.

Even the code is a bit neater and more efficient.
At least the heavy scrutiny on them is having some pluses. lol.

#72 file hosting directory on 03.20.10 at 7:49 am

I have read this article and several of the comments.

My friend told me to start playing evony, and I opend up an account and desided to check it out. While playing in the game, there is an option to “buy game coins”

I’ve never purchased anything, but I’ve seen several links to go shopping for evony coins ect.

As far as spam, i have recieved none. Only when im playing I can always click buy game coins, but I have had no problems with viruses, malware, or any of the above.

Keep in mind when people say that this game screws up their web browser… just loading the game is huge.. several several Mb of data. Plus constantly being updated as time goes on. SO when i’m playing, I dont run too much else on my computer.

Everything so far has been fine with it, but dont write hateful comments towards me, because this is just my honest experience, I can’t speak for anything else, some people could get spammed, ect.

#73 Patrik on 04.03.10 at 8:55 pm

I played evony two days in december. It was to similar to other games, and there was nothing special about it. I never went back.

After that point I started getting phising emails in my hotmail, trying to get me to login using my WoW user/pass. I never clicked the links, just hovered over them and saw the real URL. The link text was to the real site, but the actual link wasn’t. I got these about once or twice a week, and wondered how the F someone would have gotten my email. I’ve played WoW since EU launch, and this was the first time ever I recieved any type of scam mail. And then I got Aion, and other “big” MMO phising mails. I don’t play any of them, mind you.

A week ago I couldn’t log in to my hotmail, the password had been changed. When it comes to computer security I’m very careful, I use different passwords on different sites, and I don’t share my passwords with anyone. I don’t write them down on the computer either, and I have very good firewall / anti-virus, anti-trojan / spyware, etc, that has kept my system clean for many years without any incidents. Except on my work laptop I played Evony on, only have a firewall there.

Now that I found this site, after finding Evony on facebook and read some of the reviews there, I tried to login on my WoW account (haven’t played since early this year, work and all), and what do I get? Wrong password. NO ONE knows the password except me. It’s 28 characters long, mixed with small, large letters, and numbers. I also change it every 4-6 months. And before anyone jumps the gun and says I forgot the password, I’m not stupid (like some people), I don’t choose a password I don’t have the brains to remember.

I don’t think Evony has anything to gain from getting access to their players email accounts. But if it’s true that they are tied with gold farming services in WoW, this would make sense to me. I have tons of money and mats. I mean buckloads. On a dozen servers. And no, I haven’t bought gold, or anything against the EULA / ToS. I did buy gold once, it was the summer of 2006. Guess how many times I’ve changed password after that? My account name isn’t even the same anymore. Niether is my computer, OS, ISP, etc. Anyway, if I lose it all, I won’t shed a tear. It’s just pixels on the screen for me. But it might be bread on the table for someone else. Or the difference between driving a Porche, and not driving one.

As much as I don’t believe in coincidences, mathematically I have to accept even real life has a RNG, and I truly hope the team behind Evony isn’t behind the theft of my accounts. But if they are, RAWR!

#74 Yoron on 04.05.10 at 8:47 am

This game stinks to me, it’s coldly planned as being intrusive, if it is steered from China? A country with over one million of it’s inahabitants in what they themselves call concentration camps. Yeah guys, don’t flame ‘Answerer’ to much about that. If you can’t see the difference between a country like China and f.ex USA :) I fear for you..

There are enough documentation about how the Chinese treat their own , nobody knows how many they execute after their ‘trials’, against those not acting correctly, that as they refuse to tell. You better Google a little before defending those ruling China today.

I agree to that flash shouldn’t be able to ‘log’ my keyboard, but I fear that it is with that as it is with those ‘cookies’ you download when you browse sites on the net. People will tell you that they are ‘only’ textfiles :) won’t they :)

Sure my friend, they definitely are, ever heard about ‘scripts’. Like those we use for programming Linux servers :) Lo and behold, text files.

Yep scripts, talking ever so happily to the software in my computer.. Use ‘Addblock’ (addon) if you’re using firefox, please :). Don’t know enough to judge how ‘safe’ flash is though? It should be contained to the browser and the the browser would act as the intermediary man in the middle filtering it?

But I have a friend scripting ‘cookies’ very well, making the clients computers do all sorts of things, not so documented. And ‘Javascript’ f.ex have a lot of ‘old’ tricks that works, not so known as they existed before the official standard came to be.

Nope, I feel like a retard now, trusting in a malware. I will have to do as Patrick, plus informing people I’ve mailed too that Evony might have gotten access to their mails too through my account. But what worries me most is if they can access my computer directly. And also, what if if it’s not only Evony, but end-destination China?

What do we call that, and those doing it?

And how do we treat that kind of guys when a war comes? Don”t fool yourselves, resources are more limited today than they ever have been, with the melting Arctic becoming the last goldmine for exploitation of oil and gas and minerals. With the Chinese already maneuvering to getting a stronger influence through different European committees, acting as the caretakers of the arctic, this kind of behavior might grow. E-war will only prove their true potential that day your electronic banking system collapses and nothing works as it should, from your iphone to your Internet, to your computer.

And if you don’t know what I’m talking about, search on “SIPRI + China + Arctic” .

F* this sh*..
Last time I touched Evony, ever. And i would really like to know what security Flash has? That is something both developers and those constructing browsers have to look into. Look at Java and their ‘sandboxes’ for containing possibly malicious code. They have at least tried. To tell me that I shouldn’t care is just stupid..


#75 Yoron on 04.05.10 at 9:22 am

Sorry for all those smiley’s though. Sort of missed that I couldn’t stop them from being replaced by those idiotic yellow clowns. Anyway, any which way they (Evony) seem disreputable to me, and I take my personal integrity rather seriously. I should have seen the writing on the wall when they joined up with Facebook, the company that ‘owns you’…

#76 Yoron on 04.05.10 at 9:37 am

I forgot.. ‘Addblock & Noscript’ with those two you will definitly have a better browsing using firefox..

#77 Agency wow on 04.06.10 at 5:27 pm

“i was planning to blog about them a few weeks ago for our site but we changed our mind when they started spamming our blog comments for many days…that means my computer is totally free from malwares woop woop…”

Funny thing, our blog received some odd comments lately for the past 2 months now after we posted some articles re ingame hacking and gold sellers in WoW.

As a blogger, this annoys the crap out o you but there’s little you can do. To make it more difficult for them however, make sure that only registered people can comment on your site. Then remove all links (if you can’t disable it) from each posts. Goodluck

#78 Oliver on 04.07.10 at 2:03 am

I don’t know whether Evony is malware or not, but I’m pretty sure that the “Google Verified Malware Free” logo on their site is fake – cause there’s no such thing:

#79 Tyler on 06.13.10 at 11:23 pm

i have played evony ever since it started and i havent got a single virus

#80 XXX on 06.29.10 at 12:23 am

i started playing last night and noticed its is very fun. BUT it did do alot of weird things. ooooooh no im not talking about little bugs. im talking logging out then multiple other evony windows pop up. i mean MULTIPLE! All of this adds up. i read all comments + article. the only comments on evonys side sounds like 5year olds typed it. Everyone else sseems highly educated. Im going to stay away from evony. AOE is alot better. 1.because better gameplay. 2.because its an ACTUAL game. Not a crappy browser game.Evony is almost like it knows what you are doing. so it doesnt want u to leave. STAY AWAY FROM EVONY! If alll u 5year olds want to post back about how “You didnt get a single virus” then go ahead. but wait untill ur family goes bankrupt and ur computer explodes.


#81 EVONY SUCKS on 07.19.10 at 6:56 pm

My computer crashed last night after i had just played Evony. I dont know if this is just coincidence…..but hey, i am not taking any chances. AND, if you really think Evony rocks, take a look at their ads. They have become increasing pornographic and sexual in nature. They all (except one) feature half dressed women touching themselves. It makes me sick to see what these people are doing to the net!! (not to mention the people) Also, some say the models in the photos, were not aware that they are in those photos. Some say the photos of women were illegally taken off of the internet from other sites. DONT PLAY EVONY!

#82 LD9791 on 08.20.10 at 3:53 am

I’ve been playing for over 6 months and never had any of the things that all of you are talking about. Could it be that you may have had these on your computer prior to visiting the site and visiting the site was the trigger for the “virus”??

#83 greatorder on 08.20.10 at 11:36 am

ben, how much do you get for advertising on this site?

oh dear ben, that wasn’t very clever now was it? i found out that you are using this site to advertise and now i have sent some men in tuxedos to your house to assasinate you.

well, not really, but please stop advertising evony or maybe i will.

ok, maybe i won’t.
or will i…
(continues arguing with himself)

#84 Alex on 09.28.10 at 7:42 pm

come on guys evony is officialy malware free and it has been for quite some time, bruce i have folowed many of your forum posts to here, i have been offended by the misconceptions of evony and i ask for you to update your forums or delete them.

#85 uB3r L33T on 10.05.10 at 3:36 am

ive been playing evony for about a year and i thought the game was made by western countries or europe or something but its DAMN CHINESE. although i have nothing against the chinese these posts are starting to get me worried about evony and wether i should even be playing it.

Thanks bruce for this information…and i hope evony doesnt sue you


#86 Khal on 10.10.10 at 10:15 pm

well i have been playing evony for about a year now. and i have never once had a problem with it. infact i have spent a little bit of money on it with no problem at all. but then again i did use a mastercard gift card, just to be safe.
i am from evony server ss45 and am doing fine.
feel free to msg me on there for questions.
name: KhalMongin


#87 Allen on 10.30.10 at 8:57 am

“Obviously legitimate western games like Runescape and Habbo can be trusted. But what about games from Chinese gold farmers like Evony and Empire Craft?”

Obviously? Hah! Again an Article on Evony Bashing!

That is a very typical of “Western” nations to say and I find your article to be conceited and full of *.

Do I sense jealousy over a game that probably spins millions of $? And So What, If the players want to spend the money to advance, what is it to you?

I have had no Anti Virus, Malware or Adware on my machine from Evony… ever.

This might be some “other” sites you are visiting perhaps?