{"id":7329,"date":"2023-11-08T08:46:01","date_gmt":"2023-11-08T14:46:01","guid":{"rendered":"https:\/\/blog.zoha-islands.com\/?p=7329"},"modified":"2023-11-08T08:46:01","modified_gmt":"2023-11-08T14:46:01","slug":"dissecting-the-free-l-viewer-scam-chaser-zaks","status":"publish","type":"post","link":"https:\/\/zoha-islands.com\/blog\/dissecting-the-free-l-viewer-scam-chaser-zaks\/","title":{"rendered":"Dissecting the \u201cfree L$\u201d viewer scam \u2013 Chaser Zaks"},"content":{"rendered":"
\n
\n
Posted <\/span>by<\/span> Inara Pey<\/a><\/span><\/span><\/div>\n<\/header>\n
\n

\"\"<\/p>\n

The last several days have seen the circulation of news regarding what is patiently a scam viewer. The item in question is being \u201cpromoted\u201d by means of an IM circulating to users promising all sorts of goodies and advantages: free Linden Dollars! Freedom to build where you please! And so on.<\/p>\n

Most established users are a little too wily to fall for such promises \u2013 and the IM has apparently given rise to a number of Abuse Reports being filed, with additional warnings going out via social media. However, those not so familiar with such schemes might be tempted by promises of free L$ and so on, and others might be tempted to \u201cjust give it a quick try\u201d to \u201csee what it is all about\u201d \u2013 neither of which would be especially wise, as the \u201cviewer\u201d in question does far more than might initially be suspected.<\/p>\n

To discover the threats posed by the \u201cviewer\u201d in question, programmer and Firestorm Bug Hunter (and also animator and modeller) Chaser Zaks risked taking a look under the covers of the code that is supplied, and published his findings on Github Gists<\/a>. So as to (hopefully) help spread the word more generally, I asked Chaser if I could repro his notes here, to which he agreed.<\/p>\n

In his document, Chaser neatly encompasses the high-level claims of the \u201cviewer\u201d before dismantling them, before going on to describe the threats posed by installing it. For ease of reference, I\u2019ll summarise the realities behind the claims made by the \u201cviewer\u201d in my own words in the table below, and then turn to Chaser\u2019s notes directly on the threats posed by the \u201cviewer\u201d, if installed on a computer.<\/p>\n\n\n\n\n\n\n
Claim<\/strong><\/td>\nReality<\/strong><\/td>\n<\/tr>\n
Unlock unlimited Linden Dollars (L$)<\/td>\nThis isn\u2019t possible. Linden Dollars are created and controlled by Linden Lab through the LindeX mechanism, which is not<\/strong> a part of the viewer. Therefore, any claim of being able to access \/ generate unlimited Linden Dollars outside of this mechanism constitutes the crime of fraud and is a violation of both the Terms of Service and<\/em> (among others) US federal law. Further:\n

 <\/p>\n

    \n
  • Linden Lab has the capability to immediately identify and track fraudulent transactions \u2013 and to take action (up to and including) banning accounts engaging in such transactions, as well as reporting such activities to the relevant authorities.<\/li>\n
  • The Lab can also identify and block malicious viewers (and similarly take action against accounts using such viewers).<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Fly to Unlimited heights<\/td>\nThis is already possible; Linden Lab removed the limit on flying to any altitude a fair while ago, and most third-party viewers allow users to fly as high as they like (Building<\/em>, however does remain constrained to below 4096 metres \u2013 but\u2019s that\u2019s a different matter).<\/td>\n<\/tr>\n
Build on any land<\/td>\nNot possible; land permissions are checked by the simulator, not the viewer, the the permissions set by a land holder as to what can \/ cannot be done on their land cannot be overridden.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For the rest, I\u2019ll refer directly to Chaser\u2019s notes.<\/p>\n

So What Does It Actually Do?<\/h3>\n

A lot of stuff you don\u2019t want happening. I\u2019ll break it down into steps:<\/p>\n

    \n
  1. You are instructed to download\u00a0viewer.exe<\/code>, upon execution it will pretend to install a viewer so that it looks legitimate.<\/li>\n
  2. Upon running the newly installed program, it will run\u00a0builddata.bat.<\/code><\/li>\n<\/ol>\n

    This script elevates the permission to administrator permissions on your computer<\/strong>! This is incredibly dangerous as it allows whatever is running to do what it wants. In specific, this script will download and execute the files called \u201cV1\u201d, \u201cQ\u201d, and \u201cA\u201d.<\/p>\n