Counter-Strike 1.6 features new Zero-Day, allowing malicious servers to hack gamers' computers
If you are a Counter-Strike player, be careful, because a recent study has shown that 39% of the game's currently active online servers are actually malicious servers, is set to hack computer gamers remotely.
Accordingly, a group of network security researchers at Dr. The Web has revealed that an attacker used malicious gaming servers to silently spread malicious code and take over the computer system of Counter-Strike gamers around the world by exploiting those zero-day vulnerabilities are hidden in the game client.
- Scary data breaches in China: Information about the 'fertility' of more than 1.8 million women leaked
According to the researchers, Counter-Strike 1.6 - a popular game around the world for nearly two decades and still very popular at the moment, contains a lot of remote code execution vulnerabilities (RCE ) has not been patched in its client software, allowing an attacker to execute arbitrary code on the gamer's computer as soon as the system connects to a malicious server without requiring any other interaction from the players.
Going into the investigation, security researchers have discovered that a Russian game server developer nicknamed 'Belonard' exploited these vulnerabilities in nature to promote these. Its illegal money-making activity and creates a botnet that includes many intrusive computer systems by infecting a custom Trojan.
- Ransomware STOP started installing Trojans to steal victim passwords
This custom trojan is named after the person who created it: Belonard, and is also designed with 'high durability', which replaces the list of game servers available in client applications. install on infected systems and create proxies to continue spreading Trojans.
"As a rule, proxy servers will usually display lower pings, so other players will see them at the top of the list. After selecting one of these servers, the player will be redirected to a malicious server and then their computer will be infected with Trojan.Belonard ', the Dr. Web team said in a report published last Wednesday.
Besides, the fake Russian server developer is also distributing a modified version of the game client through his website, and learned that the site has also been infected with the Belonard Trojan.
One of the 11 components of the Trojan will serve as a malicious client protection layer that "filters requests, files and commands received from other game servers and transfers data to changes." change (transferred to the client) for the Trojan developer server ".
Below is an attack sequence diagram showing how the Belonard Trojan works and infects gamers' computers:
- KB4482887 update patched the Specter vulnerability, but it caused problems for some Windows 10 games
In addition, this malware also registered to create proxy game servers using API Steam and use encryption to store data on the system, as well as to contact the command and control server (command -and-control server) remotely.
"According to our analysis, out of 5,000 active servers and available on Steam clients, up to 1,951 systems were created by the Belonard Trojan, and this number accounts for 39% of the total number of servers. This game, a large-scale network can allow Trojan developers to promote other servers to make money, "the researchers said.
As soon as the research is completed, the team of Dr. The Web also reported vulnerabilities to Valve Corporation, the developer of the Counter-Strike 1.6 game.
In addition, Dr. researchers. The Web has also reported malicious domains used by malware developers to agencies responsible for managing website registration in Russia. The agency then suspended many domains in an attempt to remove this dangerous botnet.
Removing a few domains is a necessary action, but will generally not help prevent an attacker from setting up more malicious servers, unless the Counter-Strike developers do patch Remote code execution vulnerabilities are reported in this gaming software.
You should read it
- What is a botnet, who does it use to attack, and how can you prevent botnet?
- CS:GO 2 information, Counter Strike 2 information
- CS 2 configuration, Counter Strike 2 PC playing configuration
- Microsoft has just taken down a huge botnet network
- Counter Strike 2 upgrade points with CS GO
- Free version of Counter-Strike: Global Offensive complete, adding survival mode 'Danger Zone'
- Critical error on Apache Struts2 allows hackers to take over the web server
- Find bug in Emotet malware, prevent it from spreading for 6 months
May be interested
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement casesa code execution vulnerability in winrar has been exploited more than 100 times separately by hackers in the first week since it was revealed, and it is expected that this number will continue to increase in the future.
- If using an Android phone, be careful: You may be being tracked without knowingandroid - google's mobile operating system has behaviors that silently monitor users that make them unaware. more seriously, it can also access a user's personal data store through a large number of pre-installed applications that are virtually difficult to uninstall.
- Ransomware LockerGoga is making a big corporation miserablenorsk hydro - one of the world's largest aluminum and renewable energy corporations based in oslo, norway, was forced to suspend most of its production lines and switch to manual operation. part of a network attack is said to be related to lockergoga malicious code.
- The 13-year-old 'Hacker' enters the school's computer system to create a 'list of the most hated kids'recently, a 13-year-old 'young man' in the united states was investigated for allegedly illegally accessing and using personal data of a teacher, thereby breaking into the school's computer system to steal personal information of other students and create a blacklist of the most hated students in the school.
- Netflix test mobile movie package only 3 USD / monthnetflix, the world-famous paid-for movie service, recently revealed that it is testing the movie package with a monthly fee of only $ 3.63, exclusively for mobile phones.
- Tesla's plan to use Chromium in cars is hacked before it is completedtesla is the latest company to apply chromium tools for web browsers on cars.