Hackers exploiting years-old bug to infect CoD players with self-spreading malware


San Francisco, Aug 1 (IANS): Hackers have been infecting Call of Duty: Modern Warfare 2 players with a self-spreading malware for about a month, exploiting a bug reported to the game's publisher five years ago.

A X user posted a screenshot showing the code behind the self-spreading malware.

Maurice Heumann, a security researcher who for years has been finding and reporting bugs in several Call of Duty games, told TechCrunch that the screenshot reveals that the malware is using a bug and a method to exploit the game that he personally discovered and reported to Activision in 2018, the gaming giant that publishes the Call of Duty series.

"No fix was ever published. In fact, half a year later I sent a follow-up email to ask if they fixed it," Heumann said.

Heumann claimed he never disclosed the bug's specifics because Activision did not fix it and that doing so might have affected players.

Referring to the bug he reported, Heumann said that "it's super easy to exploit."

"It's a simple buffer overflow with only very few limitations," he said, referring to a well-known class of vulnerability.

"Writing a full-fledged exploit is a simple task."

A security researcher examined the malware sample for TechCrunch and verified that the strings in the screenshot are in fact present in the malware. The code Heumann is referring to is also included in the malware study published on another online repository.

Some antivirus engines have labelled the sample as a "CoDworm"

Last week, the game publisher announced that it "brought" the game "offline" on the gaming platform Steam "while we investigate reports of an issue."

Also, it is unknown what the hackers aim to achieve with this worm.

The Call of Duty: Modern Warfare 2 game was released by Activision in 2009.

 

  

Top Stories


Leave a Comment

Title: Hackers exploiting years-old bug to infect CoD players with self-spreading malware



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.