The 13 May Canal Plus (a french premium pay television channel) have broadcast a program "Foot, chevaux, poker: des paris sous influence"
During this story they interviewed a 'hacker' just before the subject, a voice-over do an introduction and say "il a conçu ce qu'on appelle un trojan ou troyen ou cheval de troie en jargon informatique"
You can translate simply this by "He created a trojan blablabla insert some random name for trojan here"
Then the 'hacker' show us Teamviewer with Darkcomet RAT:
![]()
![]()
As far as i know, Darkomet RAT is coded by DarkCoderSc, not this guys but well...
![]()
The 'hacker' tell us how he infect poker players: Youtube
A classic way: videos of fake applications to cheat on online poker rooms.
![]()
By searching the Youtube description on Google we have this:
![]()
And we got a profile:
![]()
Now if we search on google 'mediafire com/?skbb4ka77jp5act'
![]()
We have another linked account:
![]()
This account have videos promoting a poker site 'francepokermedia.com'
![]()
And if we go on the forum, with no surprise:
![]()
An article about the Canal+ report (self-promotion hidden?)
Malwares are hosted on Mediafire servers, the 'hacker' have also do some blogspot like this one:
![]()
Some md5:
f8c5dd0f2c359adad2fd22a1ce902b35
a576c6a07852ef126ff2e918678ea54f
195a56821175d3c725dd3919282e0342
acb40e46b1582b5207b6addcf8c42a08
Let's take a file:
![]()
• dns: 1 ›› ip: 93.23.104.21 - adresse: HACKGS.NO-IP.ORG
![]()
Fynloski.A config:
To the 'hacker':
Hidding in a hotel and using remote PC for Darkcomet don't make you anonymous, i know who you are since you are registered on some forums.
Canal plus:
If you're going to make a program and talk about hacking, then at least have a feel for the subject first.
During this story they interviewed a 'hacker' just before the subject, a voice-over do an introduction and say "il a conçu ce qu'on appelle un trojan ou troyen ou cheval de troie en jargon informatique"
You can translate simply this by "He created a trojan blablabla insert some random name for trojan here"
Then the 'hacker' show us Teamviewer with Darkcomet RAT:
The 'hacker' tell us how he infect poker players: Youtube
A classic way: videos of fake applications to cheat on online poker rooms.
By searching the Youtube description on Google we have this:
And we got a profile:
Now if we search on google 'mediafire com/?skbb4ka77jp5act'
This account have videos promoting a poker site 'francepokermedia.com'
And if we go on the forum, with no surprise:
Malwares are hosted on Mediafire servers, the 'hacker' have also do some blogspot like this one:
Some md5:
f8c5dd0f2c359adad2fd22a1ce902b35
a576c6a07852ef126ff2e918678ea54f
195a56821175d3c725dd3919282e0342
acb40e46b1582b5207b6addcf8c42a08
Let's take a file:
• dns: 1 ›› ip: 93.23.104.21 - adresse: HACKGS.NO-IP.ORG
Fynloski.A config:
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-1XNQ69V}
SID={PokBot}
FWB={0}
NETDATA={hackgs.no-ip.org:1604|hackgs.no-ip.org:93|hackgs.no-ip.org:94}
GENCODE={0LGYVhtuCi4W}
INSTALL={1}
COMBOPATH={2}
EDTPATH={MSDCSC\WinUpdata.exe}
KEYNAME={WinUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={1}
CHANGEDATE={1}
DIRATTRIB={6}
FILEATTRIB={6}
SH1={1}
CHIDEF={1}
CHIDED={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
MUTEX={DC_MUTEX-1XNQ69V}
SID={PokBot}
FWB={0}
NETDATA={hackgs.no-ip.org:1604|hackgs.no-ip.org:93|hackgs.no-ip.org:94}
GENCODE={0LGYVhtuCi4W}
INSTALL={1}
COMBOPATH={2}
EDTPATH={MSDCSC\WinUpdata.exe}
KEYNAME={WinUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={1}
CHANGEDATE={1}
DIRATTRIB={6}
FILEATTRIB={6}
SH1={1}
CHIDEF={1}
CHIDED={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
To the 'hacker':
Hidding in a hotel and using remote PC for Darkcomet don't make you anonymous, i know who you are since you are registered on some forums.
Canal plus:
If you're going to make a program and talk about hacking, then at least have a feel for the subject first.