Thread: You may want to remove the StrongOD plugin from Olly
View Single Post
  #8  
Old 12-30-2017, 08:02
Stingered Stingered is offline
Friend
  
Join Date: Dec 2017
Posts: 257
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 297
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
I personally don't use this DLL, but...
Quote:
Originally Posted by gabri3l View Post
Recent paper released by Forcepoint uses StrongOD as an example of the risks around relying on an unsupported plugin (that specifically calls home).

TLDR; They identify a vulnerability in the update file StrongOD looks for on startup and sinkhole the domain that StrongOD used to call home in order to capture the IP addresses of Olly users.

hxxps://blogs.forcepoint.com/security-labs/freeman-perils-abandonware
...now you have forced my to stop being lazy and check all my plugins!

(IOW, TY!!!)

Of course, I had a copy - just in case and checked it: StrongOD v0.4.8.892.rar

.text:1000F874 push offset aHttpWww_crackl ; "http://www.cracklife.com/sod/update.txt"...

.text:1000F88F mov ecx, offset aHttpWww_crackl ; "http://www.cracklife.com/sod/update.txt"...

.text:1000F8AB mov esi, offset aHttpWww_crackl ; "http://www.cracklife.com/sod/update.txt"...

.rdata:100436C0 aHttpWww_crackl db 'http://www.cracklife.com/sod/update.txt',0 ; DATA XREF: sub_1000F7B0+C4o
Last edited by Stingered; 12-30-2017 at 08:04. Reason: spelling
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
niculaita (12-31-2017)