A virus threatens brokers' platforms

Adam12_Lenard · January 19, 2018, 3:26pm

Hello, it is something alarming that a virus called Antikapitalist attacks the platforms of Forex brokers, such as MT4, Ninja Trader, cTrader and others as well or more known. It is activated when the EA is installed and it opens operations in different currency pairs, opening and closing these operations in a disorderly manner, resulting in the reduction of money that begins to decrease in an automated manner. The computer is paralyzed, so it does not give the trader time to do something about it, it can not be stopped. So, the person with an account in X broker, can spend from 5000USD to 10USD in a matter of minutes. It is presumed to be of Russian origin.

Alert everyone, I leave a video that I saw in another forum where you can see the virus operating from a demo account. Antikapitalist.exe Virus in FXCM MetaTrader 4 DEMO

anon81929759 · January 19, 2018, 4:16pm

I Disagree (as an I.T. Expert)

Question 1.

Which EA ?
it’s not all of them, because i use EA’s and i don’t have this virus, so which EA does this pertain to so that we can avoid installing that particular EA

Incorrect
Press Ctrl + Alt + Delete
Open Task Manager
and kill the process
or, you could just kill the process of MT-4 completely and it will stop executing trades randomly
beyond this… Your antivirus program should be picking up on it

but as for the computer being “Paralyzed” hehe
No mate, it doesn’t work like that

in order for your computer to be completely useless to you , it would need to take control of your computer
from a system level
and even then, you could restart the computer in Safe mode and troubleshoot it from there

beyond this… You could just re-install MT-4 and the EA would be gone

failing that
Uninstall MT-4
Uninstall it from the Registry Editor and all traces of anything associated with it

and IT’S GONE
after that
Re-install MT-4… Happy days.

so… what is the EA that triggers it ?

now… i did some quick research on this

if it’s anything like this FROM FXCM

then i would say the following

Because it’s not all brokers that are affected,
and
the RAW MT-4 is not affected
it is a case of THE COPY OF MT-4 THAT GETS DOWNLOAD FROM FXCM HAS BEEN COMPROMISED , Meaning it will only affect the clients of FXCM

now. this is the responsibility of FXCM to resolve and to ensure that they have a virus free copy ready for download.

if however it is like you say
that being… that the copy from the broker is good, but AFTER INSTALLING AND EA the virus is deployed
then… AVOID THE EA

but if this was to happen from a client of FXCM
as soon as you see… HIT

CTRL ALT DELETE and kill the process

another DRASTIC MEASURE you could do is…
PULL THE POWER CABLE OUT OF THE BACK OF YOUR COMPUTER

this will stop any further trades from happening
because MT-4 can only executes trade via the broker if the internet connection is not severed

another thing you could do is… DISCONNECT YOUR LAN CABLE
THEN
Shutdown your computer

Hope this helps

A1lenTrader · January 19, 2018, 7:16pm

dont trade EA’s And it should not be a problem……lol

bloody Russians Hey…Lets All Short The Ruble… from Mondays Open … yey

anon81929759 · January 20, 2018, 3:54am

i agree
but it would be handy to know which EA it was
so as to not discriminate against other EA’s

Just because one apple is bad doesn’t mean they all are

Falstaff · January 20, 2018, 9:55am

@anon81929759

I do not know enough to assess what you have written properly, but it seems like logical “damage limitation” procedure.

Thank you for that

anon81929759 · January 20, 2018, 10:09am

then why are you commenting at all ?

short and sweet.

Falstaff · January 20, 2018, 10:11am

credit where - it’s due

anon81929759 · January 20, 2018, 10:16am

Credit for what ?
i honestly cannot tell if you are being sarcastic right now or if you are being genuine
so can you please clarify ?

Adam12_Lenard · January 20, 2018, 12:48pm

Wow! Thanks! So it really is not as indestructible as I thought.

Adam12_Lenard · January 20, 2018, 12:52pm

I agree. It is something that depends more on the user’s intelligence to determine what to use or not to use or download.

anon98339083 · January 20, 2018, 1:01pm

The proportion of free EAs downloaded from websites and forums that contain some kind of hidden malware (usually passed on unknowingly and with good intentions, of course) is absolutely enormous.

As I remember, “Traders Magazine” a year or two ago, in a big survey, estimated it at around 75% (that was including spyware as well as viruses, I think).

Trendswithbenefits · January 20, 2018, 1:09pm

A real issue arises if your trades are placed server side of the platform you’re using… turning off the computer will not stop trades placed prior to shutting down your PC. I had heard of the Antikapitalist a while ago and the carnage it caused. Predominantly with the MT4 Platform

I also write most of my own EA’s and Indicators (C++ / C#)… so everything I run, the code is visible via algo editors or Microsoft Visual Studio…

I have 3 separate workstations in my trading office all firewalled with each having access to various accounts.

Adam12_Lenard · January 20, 2018, 1:16pm

Yes, it’s really like that, as I said, I think it’s something that depends only on our common sense and knowing where we get involved.

Trendswithbenefits · January 20, 2018, 1:27pm

The reality is they trade better than I do, they don’t hesitate, procrastinate or stress once they place the trade…and the best bit… they don’t “fiddle” with the position once they commit…

anon81929759 · January 20, 2018, 6:16pm

of course not, You’re completely correct
but, in the video link that i attached… Assuming things are acting erradic like this, it would be normal to assume that someone would call their broker

so… if one pulled the plug on the computer
they could then call the broker and tell the broker to shut down all trades in progress

but yes, you are right
if the MT-4 platform has sent the signal through to the broker to execute the trade,
Switching off the power to the computer will not kill the trade in progress.

anon81929759 · January 20, 2018, 6:17pm

You’re Welcome

DO WE KNOW THE NAME OF THE EA YET ?
so we can be aware of it

peterma · January 20, 2018, 8:43pm

Martin, it’s an old story revived in recent days elsewhere.

Judging by the spelling of the exe likely Russian or maybe even German or possibly Turkish - or maybe even an internet myth.

Bottom line is the old advice don’t download rubbish if I don’t want trash

Take care.

anon81929759 · January 21, 2018, 12:08am

oh, ok, thank you …

A1lenTrader · January 21, 2018, 12:46pm

Fair Comment but i think relying on a robot To much is not a good Trading Strategy. for Me.

And like you said if you programmed it yourself and you Know whats happening in the Call Stack you may feel safer.
But most people Can’t and Don’t understand Debugging or Anti- Debugging (Anti-Anti-Debugging) techniques used by these people.

So you Don’t think there is Updated version or similar Products out there…?

Larger Attack Surface for your Attacker to Try and Attack…
You Know they can Penetrate Firewalls Don’t you…? !!!

Good Luck…

Jason_Rogers · February 2, 2018, 4:45am

If the issue was something linked to MetaQuotes or FXCM, we would have known about it and resolved to fix it. I’ve been seeing posts about this floating around since 2016 and it originated from an EA of an unknown source. When looking for EAs, you shouldn’t download EAs from unknown origins and try to look for one with a good reputation. A poorly written or even an untested EA or script can place commands to open/close trades in an infinite loop. A malicious EA can contain a virus or any number of harmful components. This could impact the platform regardless of which broker MT4 you apply the EA to. Be sure to due proper research to avoid issues that can not only harm your trading but your hardware, as well.

Jason