RE: URGENT! gamespy download infected with Nimda

[Karen Cobb <cobby () exchange gamespy com>]

Hi Stuart,

Thanks for alerting us to the possible presence of a virus in the GameSpy Arcade Installer.  We verified that the 
GameSpy Arcade Installer did indeed contain the W32.Nimda.E@mm virus shortly after receiving your e-mail.  The infected 
file was immediately replaced with a virus-free version of the installer.

Your computer may be at risk of infection.  Fortunately, the virus maybe easily removed by using this free tool from 
Symantec:

http://www.networkingfiles.com/AntiVirus/w32e.htm

We thank you for your help in alerting us to this problem and hope that you enjoy using GameSpy Arcade.

Karen "Cobby" Cobb
Customer Service Manager
GameSpy Industries
karen () gamespy com

-----Original Message-----
From: lsi [mailto:stuart () cyberdelix net]
Sent: Wednesday, June 26, 2002 5:03 AM
To: feedback () gamespy com; webmaster () gamespyarcade com
Cc: John.Morris () cnet com; press.releases () theregister co uk;
cw360editorial () cw360 com; incidents () securityfocus com
Subject: URGENT! gamespy download infected with Nimda


Hello,

I bring to your most urgent attention that the copy of 
Gamespy Arcade 1.09 available on download.com at the address

http://download.com.com/redir?pid=10107395&merid=62178&mfgid=
62178&ltype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3002-20-
10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c
om%2Fsoftware%2Finstall%2FArcadeInstallFull109.EXE

is infected with the W32/Nimda.gen@MM virus, as detected by  
NAI/McAfee Viruscan.  

The full URL of the infected file is:

http://launch.gamespyarcade.com/software/install/ArcadeInstal
lFull109.EXE

According to download.com, as of my writing, this file has 
been downloaded 112806 times from download.com since April 
29, 2002.

The virus infected my computer after I downloaded and 
executed the program via http://www.download.com/ at around 
21:45PM, and I'm justing finishing the cleanup now - it's 
3:15AM and counting, thankyou very much.

I do understand that the file is actually served from 
gamespy.com, but it was only by carefully inspecting the URLs 
served by download.com that this becomes evident.  A less 
savvy user wouldn't make the distinction.

I suggest that every night, a download.com robot downloads 
each file download.com serves, and scans it.  

Meanwhile, I suggest the guilty party at gamespy be shot.

Cheers
Stuart

-- 
Stuart Udall
stuart () cyberdelix net - http://www.cyberdelix.net/
..revolution through evolution

want to make some cash? check out 
http://cyberdelix.net/affiliates.htm

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com