• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Files spread between Dropbox, Google Drive, Gmail, Slack, and more? Dokkio, a new product from the PBworks team, integrates and organizes them for you. Try it for free today.



Battle for Moscow - beware of the malware

Kamikaze website - Malware

Analysis by StevenBurn on 6 Nov 2005


Notes from Clif

I found Steven's report in TeMerc's forum. Steven's stepdad asked him to take a look at a game he had downloaded. It's unfortunate that his stepdad hadn't read the EULA (End user license) information. It stated that the software will install third party adware. Here is a list of websites that are hosting or recommending downloads of this game. I recommend you avoid them like they have leprosy.


topshareware.com, sharewareriver.com, shareup.com, freedownloadscenter.com, gold-software.com, downloadjunction.com, and many more (google search)


Steven was able to clean his stepdad's PC up and he later decided to analyze what had happened. Below you can follow some of Steven's analysis of what can happen when you download a free game from an untrustworthy website without checking it out.


Quotes from the malware analysis reports by Steven


At first, after double clicking the setup file downloaded from freedownloadscenter (kwdbfm.exe), everything starts normally. Looking at the EULA, I am advised that third party adware will be installed (no mention is made of what the third part adware actually is).


However, immediately after what was originally thought to be the game installing, an error message pops up advising me of an illegal operation. Clicking OK on this allows the installation to continue, until my firewall alerts me of an attempted connection by istinstall_153191.exe wanting to connect to www.toolbar.com.


Allowing this, the installation then completes... supposedly, when poof, I am advised yet again by my firewall that D10.exe wishes to connect to Figures. The installation for "Moscow" then starts (didn't I just install this?).


Carrying on, I am advised yet again of an attempted connection AND installation of "Comedy Planet" (see \Graphics\comedyplanet.gif), wanting to connect to, and additonally wants to set a new startup entry. Not giving me a chance to allow or deny it, I then see a rather ugly new tray icon, that then starts a permanent connection and finally, Comedy Planet then loads .... something (notquite sure what it is).


Thinking I am through it all, I go to log the results of the installation and wouldn't you know it, I am then prompted by my firewall that NHUPDATER.exe wishes to connect to Everything then goes quiet.


Total files installed (including downloaded): 360

Total time taken: 20 minutes




Machine now has multiple infections


1. NavExcel

2. NavExcel Search Toolbar

3. Comedy Planet

4. ISTBar

5. TrojanDownloader.Agent.wx

6. Not-A-Virus.Downloader.Agent.f

7. MyWebSearch

8. DyFuca




Although the EULA (End User Licence Agreement) mentioned that it was ad-supported, at no time were any

confirmation dialogs presented by the spyware components themselves, and no-where in the "Battle For Moscow"

documentation, does it specify exactly WHAT will be installed.


All in all, I am extremely disgusted with both the FreeDownloadsCenter website, and the Battle For Moscow author(s). The game itself, once installed is a mere 0.99MB, yet the installer is 4.74MB. This means the malware accounts for almost 4MB of the installer!.


To be honest, although unfortunate that my stepdad had to go through the nightmare of installing this, I am glad he came to me to sort it out for him as this will hopefully serve as a warning to others when downloading files. What are the lessons you ask?


1. ALWAYS read the EULA (End User Licence Agreement)


Try and find it on the authors website first. If it's not there, it will be displayed as soon as you load the installer (usually).

If it does not show prior to the installation of the files, CANCEL the installation until you research it.


2. ALWAYS research files before downloading them. Remember, search engines can be a powerful tool.


3. If an EULA mentions third party software, but does not mention what that software is, CANCEL the installation until you find out.


4. ALWAYS scan downloaded files with an antivirus (and additionally, ensure your antivirus signature files are upto date).


5. Remember, if in doubt..... ASK!. There are many thousands of forums on the web that are dedicated to providing FREE support. Off the top of my head:

http://www.carmainc.org , http://www.temerc.com , http://www.vitalsecurity.org , http://www.spywaredata.com , http://www.spywarewarrior.com , http://www.majorgeeks.com , http://www.spywareinfo.com , http://www.aumha.net , http://forums.subratam.org , http://castlecops.com/forums.html , http://maddoktor2.com/index.php


6. Last but certainly not least... ALWAYS keep your security software upto date. This includes anti-malware (virus, spyware etc), firewalls, file and registry monitors (e.g. WinPatrol!!). An excellent source for keeping informed is Calendar Of Updates (http://www.calendarofupdates.com), founded and run by (amongst other people) a wonderful lady called Donna Buenaventura (MS MVP).


So what exactly was the game like anyway?, I'll never know. Because of the stuff that came with it, I refused to play it (though my stepdad says he liked it.... for around 5 minutes).


Links to Steven's full reports

Evaluation (8K): http://mysteryfcm.plus.com/misc/battle_for_moscow/evaluation_report.txt

Full report (22K): http://mysteryfcm.plus.com/misc/battle_for_moscow/BFM_report.zip

Complete files (5.6MB): http://mysteryfcm.plus.com/misc/battle_for_moscow/BFM_Files.zip




click to expand


Quote from Kamikaze

Kamikaze Games Designers is specialized in developing computerized wargames that look like, that play like, and feel like traditional board war games. Do you know Avalon Hill, Squad Leader, Europa, World in Flames, War and Peace, Imperium Romanum, Flat Top, The Russian Campaign ? No ? Let us introduce you to the world of strategy on hexagons...