Attention WoW Bloggers

Those of you partnered with a company starting with a G and ending in oogle may have noticed that your AdSense image banners are being dominated by ads from a specific advertiser. Nope… I’m not talking about the obvious gold sellers. The ads I’m referring to are for a game called Evony.

After weeks upon weeks of seeing these tasteless ads at the top of my sidebar, I went and conducted a little research. Apparently this Evony game is an unscrupulous ploy by Chinese Gold Farmers to obtain your personal information. The “free” game content that they’re offering is supposedly stolen, and it’s also quite cheesy from what I hear. The sole intention of this marketing campaign is to draw people in with their borderline pornographic advertising, so that they can acquire your info and later spam you with gold seller BS.

EvonyThe initial ads weren’t so bad  😈 , but the new one with the cgi stripper was getting old fast. 😉 After some research I discovered that this hideous ad campaign was not only plaguing many sites across the web, but can also be very difficult to eradicate. It’s assumed that there are around twenty URLs that the advertiser uses, and since the ads are flash-based, it is impossible to tell the destination address.

With a little snooping about I was able to obtain a list of the URLs in question. So, if any of you are interested in removing these ads from your AdSense enabled sites, copy and paste my list below into your ad filter. I’ve also included a few of my blocked gold seller ads, so feel free to paste those in as well.

8 thoughts on “Attention WoW Bloggers”

  1. Guo Yao Qi David (David Guo’s full name) is a top hacker and is the boss of Evony. He was involved in the 1999 hacking war between China and Taiwan. And he monetised his knowledge by founding the personal firewall company Sky Net.

    Here an article about David Guo as a hacker:
    And here is the rough Google translation (Guo Yaoqi is also known as David Guo and owns Evony):

  2. I got the new version Evony 3.08. My older version was 2.16.
    The new version has all references to Eric Lam and UMGE removed.
    Neither the comments in the hex code nor the decompiled Actionscript have anything that refers to them.
    Also the scripts that enumerated the active programs and sent and retrieved data with the remote servers is gone,
    except for the actual game network link to the game servers.

    Even the code is a bit neater and more efficient.
    At least the heavy scrutiny on them is having some pluses. lol.

  3. I am a student studying computer games design at uni and decided to investigate
    Just to see what some of these games are like etc. etc.
    The game is actually kind of cool (found myself addicted and even spent a little money on it).
    But I started to notice HUGE bandwidth use by the site as I played.
    I am not the only one either, there are comments on the evony forums about this.
    This is odd because all of the client info, the animations etc. are all downloaded in one big download at the start.
    There is no streaming media so I began to wonder what was going on.

    To cut a long story short I decided to break the law and reverse engineer Evony’s client.
    Not to cheat. Not to rip them off or even to use even a scrap of the code.
    But just to poke about a bit and find out what was going on, maybe even offer them some ways to improve things.

    Aside from the fact that the whole thing is very poorly constructed (it is really very beginner coder level stuff. Reminds me of a lot of
    what the first year students produce for assignments) it contained some very interesting information.

    Included with the client are 2 peices of tracking software that monitor your web use and which applications you have open while the client is running.
    These do not install independently on the machine though due to the limitations of flash and do not actually damage anything.
    But they harvest massive volumes of information. My firewall was blocking a lot of outgoing transmissions and it turns out that these
    were the data trying to be sent out. So they know nothing about me. lol.
    However there is a LOT of data coming IN over the ports the client uses. In otherwords it is downloading something into my cache for use later.
    I have bandiwdth restriction which slows these types of tricks down and I completely clear my cache every couple of hours if I am heavily using the net.

    I also noticed that all the varanbles etc. are named Civony still and that there are multiple references to UMGE.
    Even a couple of folders are simply called UMGE, one of these folders contains one of the spyware programs.
    So I can only guess at where the data would end up if I didnt have a good firewall.

    There are also commented out sections in the code which contain references to UMGE and Lam himself, though low on details.

    Thank you for reading this.


  4. It seems that you need to add the filter to your own RSS feed at well. I just saw a “” ad on the bottom of it.

    Also, I hate those Evony ads too.


Leave a Comment