Paul Wilders
June 27th, 2002, 06:13 AM
-{ Quote: "Stuart Udall (stuart_at_cyberdelix.net) noted the following on the Incidents mailing list: I bring to your most urgent attention that the copy of Gamespy Arcade 1.09 available on download.com at the address
http://download.com.com/redir?pid=10107395&merid=62178&mfgid=
62178 10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c
om%2Fsoftware%2Finstall%2FArcadeInstallFull109.EXE
(HNS Note: URL above is wrapped for better viewing purposes)
is infected with the W32/Nimda.gen@MM virus, as detected by NAI/McAfee Viruscan.
The full URL of the infected file is:
http://launch.gamespyarcade.com/software/install/ArcadeInstallFull109.EXE
According to download.com, as of my writing, this file has been downloaded 112806 times from download.com since April 29, 2002.
The virus infected my computer after I downloaded and executed the program via http://www.download.com/ at around 21:45PM, and I'm justing finishing the cleanup now - it's 3:15AM and counting, thank you very much.
I do understand that the file is actually served from gamespy.com, but it was only by carefully inspecting the URLs served by download.com that this becomes evident. A less savvy user wouldn't make the distinction.
I suggest that every night, a download.com robot downloads each file download.com serves, and scans it.
Meanwhile, I suggest the guilty party at gamespy be shot.
Karen Cobb, Customer Service Manager at GameSpy Industries replied on the same mailing list: "Thanks for alerting us to the possible presence of a virus in the GameSpy Arcade Installer. We verified that the GameSpy Arcade Installer did indeed contain the W32.Nimda.E@mm virus shortly after receiving your e-mail. The infected file was immediately replaced with a virus-free version of the installer."" }-
Source: HNN Security
http://download.com.com/redir?pid=10107395&merid=62178&mfgid=
62178 10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c
om%2Fsoftware%2Finstall%2FArcadeInstallFull109.EXE
(HNS Note: URL above is wrapped for better viewing purposes)
is infected with the W32/Nimda.gen@MM virus, as detected by NAI/McAfee Viruscan.
The full URL of the infected file is:
http://launch.gamespyarcade.com/software/install/ArcadeInstallFull109.EXE
According to download.com, as of my writing, this file has been downloaded 112806 times from download.com since April 29, 2002.
The virus infected my computer after I downloaded and executed the program via http://www.download.com/ at around 21:45PM, and I'm justing finishing the cleanup now - it's 3:15AM and counting, thank you very much.
I do understand that the file is actually served from gamespy.com, but it was only by carefully inspecting the URLs served by download.com that this becomes evident. A less savvy user wouldn't make the distinction.
I suggest that every night, a download.com robot downloads each file download.com serves, and scans it.
Meanwhile, I suggest the guilty party at gamespy be shot.
Karen Cobb, Customer Service Manager at GameSpy Industries replied on the same mailing list: "Thanks for alerting us to the possible presence of a virus in the GameSpy Arcade Installer. We verified that the GameSpy Arcade Installer did indeed contain the W32.Nimda.E@mm virus shortly after receiving your e-mail. The infected file was immediately replaced with a virus-free version of the installer."" }-
Source: HNN Security