written by Kynox
So, another day in the WoW botting community has come by, and just like every other day, someone has released some two-bit bot. Except, this isn’t just someone, for it is the same people Cypher and I destroyed a few months back.
The mimic team are back in all their fury, with another terribly written, hilariously advertised bot, that as per usual, is advertised with a number of false claims.
“I can assure you, its NOT injection” was one of the claims spouted, yet as you can expect, a stupidly named DLL was found; containing all of the bots interoperability between WoW and itself. In addition to this, three API hooks are present: LoadLibraryA, GetCursorPos and GetPhysicalCursorPos.
The first, LoadLibraryA, was to protect it from.. GameGuard. Yes, they are hiding their module from an anti-cheat from another game. Why would they do this you might ask? Who fucking knows what goes through the minds of the mimic-devs.
The second and third are used to send mouse movements to the game while it doesn’t have focus.
In summary, do not use this bot, and if you have.. see me in a week or so .
2031f09253e0dbc911a8813616cdf9b1486b52fc (SHA1 hash of the trailing block of text, for verification purposes)
Time-zone is NZST.
15:43 – 19/12/09
So, if you’re reading this and wondering why your account has been banned.. i’m truly sorry. We’ve gotta let the WardenDev show his glory somehow, right!?
So 5 1/2 hours ago (from the date noted above), a new memory scan was pushed into Warden, which targeted AIOBot. If you were caught up in this, then shame on you for buying into such a shitty and detectable piece of software.
Seeing as the auth servers are now (presumably. hard to tell with the ddos) closed, now seems like an opportune moment to unmask this.