There are some forums posts on
IW and
Steam about a group call KoT (german for faeces?) going around griefing in MW2 multiplayer. Due to the internet's open door policy on ass-holes this comes as no real surprise. There is always a new group of nobs trying to be the next myg0t. However what is alarming is the claims that they are able to compromise the host and send trojans via the IWnet 2p2 network.
Donvanbadboy has this to say on IW forums:
''It's possible if you host a game for a hacker client, and it's possible if you don't host a game, but are connected to a hacker hosting the game. If the game's net code is not 100% secure then it could be possible to craft special packets of data to cause buffer over-runs (stack smashing). This injects hackers code into your computer, which executes it, and hey presto you have a remote code execution hack. If the code's written well it's possible to make it secure, but stack-smashing bugs are so often overlooked.''
I dont know him or who he is so he could be way off the mark here....
Anyone here in the know about p2p and 'stack smashing' and care to comment?
Is this
really possible?
I know diddley squat about programming but if they can start injecting their packets into my back door I'm not gonna be a happy bunny.
UPDATE:
Sort of confirmed by this
webby as a false positive (thanks to Jon B for the heads-up)
Status:
Boomsling's blog
follow this blog
subscribe via RSS
send message
invite to meetup+play
Completely possible. I find this utterly hilarious since IWnet is supposedly so amazing, but it can happen on dedis too if the dedicated server was infected.
It's very plausible at the very least. If it's possible to merge code with Jpegs (an old trick to hide files) I don't see why they couldnt merge code with the game files.
The fact that the forum topic on
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646
is now unreachable, does not speak in the defense of Infinity Ward either. They need to come out with a statement or a patch soon.
Besides, as far as I understand it, IWnet is p2p based. Historically, p2p networks have always had an abundance of viruses being shared.
Still want to play even though you might be at risk? Check around which antivirus programs work. Avira seems to detect it from what I read on the IWnet forums. I think some other scanners as well, but I can't remember which ones.
tJust checked and the thread is still alive and kicking on IW's forums.
Click on the red IW in my blog post for the link.
Yeah, its possible. Wasn't IWnet supposed to be safer and more secure than dedicated servers?
The fact that the topic was deleted twice and the forums are now down shows that IW has cocked up and they know it.
@ boomsling.
I stand corrected. The thread is blinking in and out of existence, probably because their forums cannot handle the load.
Without getting overly emotional about it, I can understand the human error in this thing. I mean, would you have thought about this? It's pretty deviously clever and simple if you ask me.
We just need a statement from IW as soon as possible.
update: the steam thread is now closed.
I think we should start exploring the possibility of refunds should this issue not be addressed soon.
new steam thread here http://forums.steampowered.com/forums/showthread.php?t=1031092
The old one was closed by mods to keep things in one topic.
Btw, im new to destructoid. Any way to edit my posts or delete them so I dont have to spam a new post everytime I have an update? Thanks.
@lodd
not that I know of
Confirmed as a false positive. Avira is the only scanner that picks it up.
I'd be cautious though. I wouldn't put it past people to actually use a similar method to actually spread viruses.
My avira just ran its full scan, and is 99% done. Nothing yet.
I imagine the whole thing sounds rather silly now. But at least it laid bare some serious security issues that I did not know about earlier. I still think IW should address the issue. Because if they don't, you can bet that hackers are going to try this now.