November 20, 200916 yr IW.net allegedly spreading a Trojan virus Posted by Steven dfb Leunens on 2009-11-18 15:06:44 Tags: MW2, trojan, virus Reported in this forum post on the official IW forums and our very own forums apparently hackers have found a way to go around the IW.net system and send a Trojan virus through the IW.net system to Modern Warfare 2 players. Reverse engeneering the source code for Modern Warfare 2, the hackers inserted their Trojan and used the IW.net system to spread it to players across the globe. This was brough to light after several players got notified of a breach in their security by their antivirus software. The Trojan TR/Crypt.XPACK.Gen had been sent to them using Modern Warfare 2's IW.net as the official transmitter (according to the antivirus). The Trojan itself apparently already surfaced in Call of Duty : World at War and is some sort of keylogging software hackers use to steal keycodes or potentially worse (stealing credit card information for instance). The Trojan would exploit the port that is opened by Call of Duty when you are a listen server (when you are the host of a game) to send you the Trojan without your knowledge. Here is a screenshot provided by Matje on the forums where his anticheat has picked up on the Trojan. http://tek-9.org/img/news/content/iwnetvirus.png Additional information on the virus can be found here and here. Stay tuned as we try to find out more about the Trojan and how it is exactly being spread. Due note that it is not 100% confirmed that it is actually Modern Warfare 2 (and an exploit in the game) sending you this virus.It could very well be a false positive! We have still to hear an official reaction to this news. * update * Another community member of ours has tracked down the location of the virus on his PC and found it to be located here: C:\Documents and Settings\yourusername\Local Settings\Temp with the file names ~B8.tmp and ~B8.vir. (windown XP) The most important discovery however is that the files were created when the player was playing Modern Warfare 2 and he was set up as the host of the game!
November 20, 200916 yr It starting to amaze me how much of a mess they got themselves into. Should we use this as another reason that matchmaking shouldn't be done on PC? Just think how many games are created every day. And since you can't even chose who host it, it could chose the PC with no security. In which case, there could be many computers infected and the users don't even know it! That is a good trojan.
November 20, 200916 yr The Avira one is apparently a false positive. At least that's what I was reading on the IW and Steam forums.
November 21, 200916 yr Never underestimate the wrath that will be invoked by screwing over the PC community.
November 21, 200916 yr Yeah, my roomie told me about this the other day. We laughed. I know it won't happen, but I would love to see IW crash and burn because of all the problems IWnet is causing.
November 22, 200916 yr I got an AVG popup that my IWSP.net file was infected. I moved it to the vault and it downloaded a new exe through steam that did NOT test as infected so their may be something to this....
November 22, 200916 yr I submitted the infected file to be double checked and got this email back from AVG. "C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" - detection is correct Best regards, AVG Customer Services AVG Technologies website: http://www.avg.com
November 22, 200916 yr OMG i actually started to play this game. Guess i have to run my AVG now. What BS can this IW cause.
November 22, 200916 yr Sounds like someone is mad about the IW thing and decided to attack them. Or I could just be a paranoid type that believes people will attack anyone they are mad at...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.