New tf2 virus?

[Ohstopyou 42]

So I've been seeing this topic spread across the internet like wild fire. It started on FacePunch, then it moved to Reddit, and now its at Tf2Banana. It's about how this possible virus can be downloaded from malicious servers, and then it will crash your computer and trash your steam account.

 

I am not sure if this is true (I feel as if it is a hoax), but at the rate that the information is spreading it appears it could be true.

 

I've seen plugins that force your computer to download certain files from a server, but that was only with sound files. I mean it could be theoretically possible that a virus could be downloaded through it; however, I am unsure of how it would execute automatically.

 

Anyway, if you are paranoid, you might want to change your download settings, on the tf2 options multiplayer tab, so that it will only download maps from the servers. And you may only want to go to xG servers or Valve servers. This could be a massive trolling spree, but you can never be too safe.

 

I'd like some feedback if you guys have any information. @Nomulous @kbraszzz @ColdEndeavour @Moosty @TwoZeroFour @John_Madden @Gwoash @KendrickLlama

[Seanman 0]

Oh wow. This could cause a lot of shit to go down.

[KendrickLlama 1]

sounds bad

[BonfireCentipede 77]

+1 Thanks for warning us about this, Could never be too sure with viruses.

[Ohstopyou 42]

I don't want to cause a panic. Just want to let everyone know so they aren't caught off guard, on the offhand chance this is true.

[Nomulous 14]

There is a very low possibility of getting a virus from downloading files, but rather a hidden MOTD opener to a zero day exploit website. This would cause more issues, though a plugin that downloads files, spoofing the ending, and executing the malicious file is very odd and would require potentially a MM:S plugin. Which would just want to exec and inject into TF2, so if anything, the "virus" is a code injection into TF2 while force downloads a malicious file and executes it. Even though this is unlikely, I do not participate in malicious activities, so our TF2 servers are safe to download any custom files.

 

Though if you're worried about 0-day exploits, turn off your internet since just browsing on websites can get you infected with a ring3 rootkit virus.

[Muzzle 9]

The same thing happened to Garry's mod once. I'm sure valve can handle it.

[Ohstopyou 42]

There is a very low possibility of getting a virus from downloading files, but rather a hidden MOTD opener to a zero day exploit website. This would cause more issues, though a plugin that downloads files, spoofing the ending, and executing the malicious file is very odd and would require potentially a MM:S plugin. Which would just want to exec and inject into TF2, so if anything, the "virus" is a code injection into TF2 while force downloads a malicious file and executes it. Even though this is unlikely, I do not participate in malicious activities, so our TF2 servers are safe to download any custom files.

 

Though if you're worried about 0-day exploits, turn off your internet since just browsing on websites can get you infected with a ring3 rootkit virus.

I'm not saying you are participating; however, we've already seen exploits against the xG website. If there is a way, I don't doubt someone would exploit this.

[Nomulous 14]

I'm not saying you are participating; however, we've already seen exploits against the xG website. If there is a way, I don't doubt someone would exploit this.

The ONE exploit we had on our website was our careless mistake, nothing was broken though. Though the only virus I assume is just an MM:S injection or a binded sound file, when once executed on servers also infects the users due to a binded file. I could investigate in this.

[Kittylicious 5]

thought it was going to be the hoax about don't add a guys name because hes a virus and will hack you lol :D

 

I don't play any other servers except xG and official ones anyway so I'm safe.

[Fink 64]

thanks for telling me these, now i can hire a server dev to add worms that steal steam accounts if i make a server

[Fink 64]

The same thing happened to club penguin once. I'm sure valve can handle it.

[Ohstopyou 42]

Another reliable source has just posted it.

 

Quote from http://scrap.tf/:

 

A recent major security hole has been discovered in TF2. It is not exactly clear how it works at this time, but there are a few reports of infected servers being able to download a file to your computer that contains a virus currently called "Trojan.SteamBurglar.1". All of this is currently unconfirmed by Valve or any security experts.

 

Here are some hotfixes you can use to stay away from this:

 

Avoid using the quickplay function, as you may end up on an infected server. Also avoid joining servers "with random numbers for name and the name changes after some time". Under options -> multiplayer you can toggle server downloads to mapsonly, or alternatively you can use the console command:

cl_downloadfilter mapsonly. As always, ensure you use an antivirus and don't click on untrustworthy links.

 

It is currently unclear whether this is TF2 only or across all source games. Report servers with weird names to Valve.

 

Stay safe!

[Gugomo 0]

This could potentially get out of hand, but I trust Valve will fix this. Thanks for the heads up.

[SupremeWolf 1]

Thanks for the warning. Guess I won't be getting new sprays anytime soon then. (y)