Can you get infected from gaming?

Discussion in 'other security issues & news' started by CrusherW9, Jan 14, 2013.

Thread Status:
Not open for further replies.
  1. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    I'm pretty sure I know the answer to this, but I couldn't really find anything on this. Say I'm playing Counterstrike and I join a server. I then download whatever custom stuff the server is using to play. Can someone purposefully be using a server to infect peoples computers with malware through these "custom" game files? In the realm of pc gaming, what other ways can you become infected and what security measures can be taken?

    Also, I didn't know if this was in the correct forum or not so please feel free to move it if there is a place where it would be better suited.
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Yes you can. Gaming MODS/HACKS are riddled with Malware. Never download cracked games, including update packs.

    Basically you have to trust Valve in the case of Counterstrike. A rouge server could serve up Malware, you never know.

    The biggest worry is GFX DRIVERS, as seen recently both ATI & NVIDIA have had remote code vulnerabilities discovered in their drivers.
     
  3. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Depends.

    There are no known unfixed vulnerabilities in latest versions of CS supported by Valve. If you are using Steam and playing on VAC-servers, you're protected AFAIK.

    Otherwise (if you're using old versions of CS and playing on servers without Steam), it's possible. See:
    - http://news.drweb.com/?i=1816&c=5&lng=en&p=5
    - http://malwaretips.com/Thread-Security-flaw-in-Counter-Strike-1-6

    However, I don't think an infection will occur by simply downloading whatever the servers require at that Loading screen. Executable files can't be downloaded there.

    But always use an updated and reputable AntiVirus. :p
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    For as long as arcades and pc gaming have been around, I have been playing them. I have never, in thousands and thousands of hours playing online, had a problem brought in from a game. Not talking about installing a cracked game or something, just talking about connecting to a game server.

    These days with tunggle and hamachi gaming networks, maybe they deserve a bit more thought. But for buying a game, joining a server and playing, it is safer than ever if you ask me. Not too many years ago most games allowed you to host your own "dedicated server" (not to mention mods). Maybe you could have been exploited that way, but I never was. These days, game server farms or the developer provide the servers and don't give any LAN or dedicated options. So, IMO, even less threat.

    On a side note, if they choose to stop providing so many servers, the game you bought becomes nearly worthless for multiplayer.

    Sul.
     
  5. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Well see, that is what I was trying to get away from. I'm thinking about dropping all of my security stuff in favor of simply Sandboxie and HitmanPro for on demand, as I feel the protection from it is quite good. However when I was thinking about my usage and how I could get infected, the whole game updates and mods aspect showed up. I still think I would be pretty safe from this aspect though. I keep UAC at max so if an executable tried to run, like in the link provided by Wild Hunter about the trojan spreading through the CS 1.6 server, I would get a popup and obviously deny it. I actually don't have Steam or very many games installed right now but I'm going to install a few and then do some testing. Right now, I'm thinking I may install Steam to it's own directory under C:\ and then whitelist the required files so that even if something does get in there, it won't be able to run. The only thing I'm not sure about are scripts and batch files. I'm not sure how many addons and mods require these to run. I know one of my Amnesia mods uses a batch file to open the mod. We shall see. I'm also going to try and do a bit more research into infection from sources like this.
     
  6. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Just an update here as to my approach to this problem. I don't know why I didn't think of this, but I am going to run my games in Sandboxie. I did a few tests and when sandboxed I got the same FPS as opposed to running them unsandboxed. I was expecting there to be a performance hit but apparently there isn't. Instead of maintaining an executable and script whitelist like I had mentioned this should be much easier. Thanks for the replies everyone.
     
  7. theharlequin

    theharlequin Registered Member

    Joined:
    Nov 5, 2012
    Posts:
    24
    Location:
    Australia
    I second the suggestion of using sandboxie for all internet based games when possible. Back in the day when I played Quake I & II online it was possible to send a custom tailored packet of information that would take advantage of an exploit of the games programming allowing access to your computer over the network. I'm sure vulnerabilities like this still exist in today's modern computer games.
     
Loading...
Thread Status:
Not open for further replies.