Ohstopyou 42 Posted September 25, 2014 So I've been seeing this topic spread across the internet like wild fire. It started on FacePunch, then it moved to Reddit, and now its at Tf2Banana. It's about how this possible virus can be downloaded from malicious servers, and then it will crash your computer and trash your steam account. I am not sure if this is true (I feel as if it is a hoax), but at the rate that the information is spreading it appears it could be true. I've seen plugins that force your computer to download certain files from a server, but that was only with sound files. I mean it could be theoretically possible that a virus could be downloaded through it; however, I am unsure of how it would execute automatically. Anyway, if you are paranoid, you might want to change your download settings, on the tf2 options multiplayer tab, so that it will only download maps from the servers. And you may only want to go to xG servers or Valve servers. This could be a massive trolling spree, but you can never be too safe. I'd like some feedback if you guys have any information. @Nomulous @kbraszzz @ColdEndeavour @Moosty @TwoZeroFour @John_Madden @Gwoash @KendrickLlama 1 4 Gugomo, Seanman, Sora_ and 2 others reacted to this Share this post Link to post Share on other sites
Seanman 0 Posted September 25, 2014 Oh wow. This could cause a lot of shit to go down. Share this post Link to post Share on other sites
KendrickLlama 1 Posted September 25, 2014 sounds bad 1 Chrono reacted to this Share this post Link to post Share on other sites
BonfireCentipede 77 Posted September 25, 2014 +1 Thanks for warning us about this, Could never be too sure with viruses. 1 Sora_ reacted to this Share this post Link to post Share on other sites
Ohstopyou 42 Posted September 26, 2014 I don't want to cause a panic. Just want to let everyone know so they aren't caught off guard, on the offhand chance this is true. 1 Sora_ reacted to this Share this post Link to post Share on other sites
Nomulous 14 Posted September 26, 2014 There is a very low possibility of getting a virus from downloading files, but rather a hidden MOTD opener to a zero day exploit website. This would cause more issues, though a plugin that downloads files, spoofing the ending, and executing the malicious file is very odd and would require potentially a MM:S plugin. Which would just want to exec and inject into TF2, so if anything, the "virus" is a code injection into TF2 while force downloads a malicious file and executes it. Even though this is unlikely, I do not participate in malicious activities, so our TF2 servers are safe to download any custom files. Though if you're worried about 0-day exploits, turn off your internet since just browsing on websites can get you infected with a ring3 rootkit virus. 1 1 realBelloWaldi and Sora_ reacted to this Share this post Link to post Share on other sites
Muzzle 9 Posted September 26, 2014 The same thing happened to Garry's mod once. I'm sure valve can handle it. 1 KendrickLlama reacted to this Share this post Link to post Share on other sites
Ohstopyou 42 Posted September 26, 2014 There is a very low possibility of getting a virus from downloading files, but rather a hidden MOTD opener to a zero day exploit website. This would cause more issues, though a plugin that downloads files, spoofing the ending, and executing the malicious file is very odd and would require potentially a MM:S plugin. Which would just want to exec and inject into TF2, so if anything, the "virus" is a code injection into TF2 while force downloads a malicious file and executes it. Even though this is unlikely, I do not participate in malicious activities, so our TF2 servers are safe to download any custom files. Though if you're worried about 0-day exploits, turn off your internet since just browsing on websites can get you infected with a ring3 rootkit virus. I'm not saying you are participating; however, we've already seen exploits against the xG website. If there is a way, I don't doubt someone would exploit this. Share this post Link to post Share on other sites
Nomulous 14 Posted September 26, 2014 I'm not saying you are participating; however, we've already seen exploits against the xG website. If there is a way, I don't doubt someone would exploit this. The ONE exploit we had on our website was our careless mistake, nothing was broken though. Though the only virus I assume is just an MM:S injection or a binded sound file, when once executed on servers also infects the users due to a binded file. I could investigate in this. Share this post Link to post Share on other sites
Kittylicious 5 Posted September 26, 2014 thought it was going to be the hoax about don't add a guys name because hes a virus and will hack you lol :D I don't play any other servers except xG and official ones anyway so I'm safe. 2 SiliconDragon and KendrickLlama reacted to this Share this post Link to post Share on other sites
Fink 64 Posted September 26, 2014 thanks for telling me these, now i can hire a server dev to add worms that steal steam accounts if i make a server Share this post Link to post Share on other sites
Fink 64 Posted September 26, 2014 The same thing happened to club penguin once. I'm sure valve can handle it. Share this post Link to post Share on other sites
Ohstopyou 42 Posted September 26, 2014 Another reliable source has just posted it. Quote from http://scrap.tf/: A recent major security hole has been discovered in TF2. It is not exactly clear how it works at this time, but there are a few reports of infected servers being able to download a file to your computer that contains a virus currently called "Trojan.SteamBurglar.1". All of this is currently unconfirmed by Valve or any security experts. Here are some hotfixes you can use to stay away from this: Avoid using the quickplay function, as you may end up on an infected server. Also avoid joining servers "with random numbers for name and the name changes after some time". Under options -> multiplayer you can toggle server downloads to mapsonly, or alternatively you can use the console command: cl_downloadfilter mapsonly. As always, ensure you use an antivirus and don't click on untrustworthy links. It is currently unclear whether this is TF2 only or across all source games. Report servers with weird names to Valve. Stay safe! Share this post Link to post Share on other sites
Gugomo 0 Posted September 26, 2014 This could potentially get out of hand, but I trust Valve will fix this. Thanks for the heads up. Share this post Link to post Share on other sites
SupremeWolf 1 Posted September 26, 2014 Thanks for the warning. Guess I won't be getting new sprays anytime soon then. (y) 1 StarmiX reacted to this Share this post Link to post Share on other sites