Reported in
this forum post on the official IW forums and our very own forums apparently hackers have found a way to go around the IW.net system and send a Trojan virus through the IW.net system to Modern Warfare 2 players. Reverse engeneering the source code for Modern Warfare 2, the hackers inserted their Trojan and used the IW.net system to spread it to players across the globe. This was brough to light after several players got notified of a breach in their security by their antivirus software. The Trojan
TR/Crypt.XPACK.Gen had been sent to them using Modern Warfare 2's IW.net as the official transmitter (according to the antivirus). The Trojan itself apparently already surfaced in Call of Duty : World at War and is some sort of keylogging software hackers use to steal keycodes or potentially worse (stealing credit card information for instance).
The Trojan would exploit the port that is opened by Call of Duty when you are a listen server (when you are the host of a game) to send you the Trojan without your knowledge.
Here is a screenshot provided by Matje on the forums where his anticheat has picked up on the Trojan.
Additional information on the virus can be found
here and
here.
Stay tuned as we try to find out more about the Trojan and how it is exactly being spread. Due note that it is not 100% confirmed that it is actually Modern Warfare 2 (and an exploit in the game) sending you this virus.It could very well be a false positive! We have still to hear an official reaction to this news.
* update *Another community member of ours has tracked down the location of the virus on his PC and found it to be located here: C:\Documents and Settings\
yourusername\Local Settings\Temp with the file names
~B8.tmp and
~B8.vir. (windown XP)
The most important discovery however is that the files were created when the player was playing Modern Warfare 2 and he was set up as the host of the game!
gl people with mw2
but still.. iw fo
edited 2009-11-18 16:19:59
On a serious note, you are correct, thou my bro bought the game in uni and he can't play it, WIN!
Now find a way to crash IW.net
[Solved] TR/Crypt.XPACK.Gen Trojan- in quarantine- is computer ok?
Nicolae Moldoveanu
Avira GmbH
Date of registration: May 22nd 2006
Version: Avira Prem. Security Suite
Location: Bucharest
Yesterday, 11:45am
Hi,
The sample was re-analyzed and it is clean. The detection is already removed, just update.
Nicolae Moldoveanu
Avira GmbH
The amount people talk about this game, I sometimes wonder if they hate it as much as they say or if they are just being retarded ¬_____¬
I don't have that directory and im running XP :s
I'm sure i have seen that directory before though.
Won't be going on MW2 any time soon then.
Around 2-3 today, I did a scan because I was curious to see about this "trojan". So I installed the program and got all the updates from then and did the scan, heres how it turned out with file locations.
"Apologies for small image"
As you can see, the file location is correct and theres one of the two files, the 1st one, I deleted outta pure shock tbh. The second I kept just to see if it would update.
The detection there, I made about 5 mins prior to this post and it's still coming up as detected, this could be because it's still not updated "updated prior to screenshot" so really, i'm not sure what is going on, but when people are playing on family PC's, a little warning doesn't help, now go try annoy someone else.
"My bro bought the game but his Uni connection is shite so I can play the game which my bro wasted his money on"
edited 2009-11-18 19:24:45
Look cool slating MW2? I have repeatedly said it's fun to play with mates and that it's shit for anything competitive. So shhhh and stop raging on the internet :)
(From unreals post....)
[Solved] TR/Crypt.XPACK.Gen Trojan- in quarantine- is computer ok?
Nicolae Moldoveanu
Avira GmbH
Date of registration: May 22nd 2006
Version: Avira Prem. Security Suite
Location: Bucharest
Yesterday, 11:45am
Hi,
The sample was re-analyzed and it is clean. The detection is already removed, just update.
Nicolae Moldoveanu
Avira GmbH
-----
Avira is the only program it comes up on... no other major scanners/firewalls... Its a false threat on Avira... As stated by one of their employees above?
If it starts being detected by other programs, then I'd begin to worry.
I read all 36 post about the trojan, but that isn't hte same situation atm. That's given the fact of another file being infected with the same trojan. Also it was date @ October "first post" and the file which was infected, is in a completely different directory than mine (mine being in Temp) and his being system32
If i'm wrong, well that only means my key won't be stolen "Should I really be happy for that xD"
Not wicked but it aint bad ;)
I've been raging :(
I'm sure I'll like playing again 2moz :P
C:\Users\Username here\AppData\Local\Temp
I think its the same for vista, cant confirm though.
@bmxliveit It is possible to get a virus while playing the game. It is close to possible to get a virus FROM the game or from the servers.
2 minutes ago from HootSuite in reply to bmxliveit
on twitter from ATVI_Amber. she first assaulted me with:
@bartjen Activision here. Where are you getting your information regarding this? It is not possible to get a virus by just playing #mw2
AV is taking zah blame
And if that is true well... we can wait for ages
ez
wtf is going on? I updated avira and it do not stop ? :(
i hope this Trojan destroy all the hardware you have maybe in a short time we dont hear anymore about mw2