Possible security vulnerability for source engine games/servers


#1

I was browsing some forums earlier and it seems an old issue has cropped back up again… link to the post in question below. He’s a Dev on that particular project (Black Mesa) and this just doesn’t apply to BM, it also applies to games like TF2.


https://steamcommunity.com/app/362890/discussions/0/412447613578762469/#c412448158140436412 - Corroboration (including someone who found the exploit to begin with)

TL;DR: Connecting to a random server on a source engine game such as CS:GO (as an example) may drop a malicious software into your computer and your account(s)/item(s) could be stolen as a result. DO NOT CONNECT TO A SERVER UNLESS YOU TRUST IT EXPLICITLY.

[quote]Hey everyone.

I hate having to write posts like this, but I’ve had a few people come
to me over the past few days warning me about a new Source Engine Server
exploit that is making the rounds across various games. There has been
some reports that Black Mesa MP Servers could be the target of
the exploit, if someone with malicious intent wants it to. Until Valve
(and then us) patch a fix in, I’ve made this post to inform everyone of
potential danger and steps on how to avoid infection.

What is the exploit?

I don’t want to go into details on how to replicate the exploit, but I
will say what it does, as I understand it. If you load up into an
infected Source Server, the exploit allows the server to inject a file
into your computers start up folder. You won’t know this happens. When
you launch your computer again (ie, it starts up again) the file will be
executed and bad stuff happens. This exploit/infection can only occur
if the server is set up to do it, that is someone needs to set up the
server to cause it to happen.

How do I know if a server is infected?

As far as I know, there is nothing that says “THIS SERVER IS INFECTED!” I
don’t know of any current ways to check. Your best bet is to make sure
that you are connecting to our official servers, or servers where you
know that the server host has personally checked to make sure the
exploit is not active. A list of our official servers are listed below,
with IP. Additionally, when you connect to a server, connect to it
directly via IP, not via the server browser list.

What can I do to prevent getting hit by this exploit?

Like I mentioned before, only connect to trusted servers via the console
command “connect .” Additionally, make sure that the server
you’re connected to is trusted to not be infected and if you can check
with the server admin to check, that is even better. Since it’s very
easy to make a server with the same name as your favourite server, this
will ensure that you are connecting to the server you want to connect
to. Also, check to see if the server you’re connecting to has a name
that is an exact copy. If there are two servers with the same name, it’s
possible that one could be infected. Use caution or avoid the server
entirely.

What should I do if I think I’ve been infected?

Immediately run a virus scan. There are many free antivirus scanners
online. I personally have used AVG and Avast! but if you have a
favourite, then you can use that. Additionally check your start up
folder to make sure that any files in there are not suspicious or
malicious.

While we all know that Black Mesa has the biggest MP population of any
MP game ever (that was sarcasm and a joke, by the way), we can make sure
everyone stays safe. If everyone is vigilant and careful with the
servers they connect to, follow the steps I’ve provided above and just
use a little bit of common sense, no one will be infected.

If you have any questions, please ask them in this thread.

  • Joe[/quote]

Written verbatim by a dev of Black Mesa.

The long and short of it is that there’s been an exploit floating around that can drop a malicious executable into your machine (such as a keylogger) and steal/spoof Steam IDs/accounts and the like. This likely won’t affect me much since the only Multiplayer game that I play is Evolve at the moment, but it is a security vulnerability that I felt I should share and inform people about.


#2

@Buckets_Sentry_Gun you better be careful now playing all that TF2!

EDIT: This sucks though. I know that I connect to only official servers, so it should be fine.


#3

Yeah, it was supposedly fixed in 2015, but it’s back. So just be careful where you tread and you should be fine.