How to check for a password stealing script
This guide is going to be short and simple
See: http://villavu.com/forum/showthread.php?t=103408 for script scanner.
Step 1) Enable security.sex, this will warn you if the script is trying to access anything online related. You can do this buy opening up simba, going to view, extensions, and enabled security.sex :
Step 2) Look for any unusual things inside of the script. Is it obfuscated? Obfuscated code with the built-in extension looks like:
Simba Code:
{$I SRL/SRl.SimBa} pRoCeDUrE SEnd; begin TyPeSEnd(#104#101#108#108#111); caSe RAnDom(((1+7)-(6/3)-(4/3)+-2)) of ((2+5)-(2/5)+(-4*-5)+-26): Wait(raNdomraNge(((9+-4)+(7*4)-(5/1)+-28), ((915+3463)+(2358*338)-(304-520)+-798098))); ((2+9)+(4*7)-(2/4)+-37): waiT(RaNdomRangE(((5+2)+(1*4)+(2+8)+-21), ((1846+1794)+(1754*454)-(55/777)+-797956))); eNd; End; begin ACtivateClIENt; wAit(((168+191)+(476*60)+(121*12)+-29871)); repeaT sEnd; uNTIl false; end.
If it is, not only is this not allowed, but this means that the script writer probably has something to hide.
Step 3) Use "ctrl + f" and look for "Name" and "pass". These 2 variables SHOULD NOT be outside of the declare players procedure, unless they are used it forms like so:
Simba Code:
Name := Username.TEXT
Pass := Password.TEXT
Step 4) Also, an add-on of step 3, "User" and "Pass" SHOULD NEVER be declared ANY MORE THEN 1 TIME.
Step 5) Make sure the script is not accessing any website that you don't need it to (should only be accessing Github and Google code if it is auto-updating).Watch out for "PostHTTPPage" or "Addpostvariable" functions, these are used to post information to websites!(If the scripter has a dynamic signature showing the script stats then you can relax, but you should still check just to be sure!)
Step 6) Get some expereince with Simba. Chances are, if you are not very fluent with the Simba functions, then this guide won't help much because you don't know what your looking for! If this is the case for you, then I advise that you become fairly familiar withPascal script and Simba functions.
If you follow these 6 steps, then in the extremely rare event of a malicious Simba script being uploaded (yes this sometimes happens but they are usually taken down fairly quick) you will be prepared!