Security Incidents mailing list archives
RE: URGENT! gamespy download infected with Nimda
From: Karen Cobb <cobby () exchange gamespy com>
Date: Wed, 26 Jun 2002 09:02:30 -0700
Hi Stuart, Thanks for alerting us to the possible presence of a virus in the GameSpy Arcade Installer. We verified that the GameSpy Arcade Installer did indeed contain the W32.Nimda.E@mm virus shortly after receiving your e-mail. The infected file was immediately replaced with a virus-free version of the installer. Your computer may be at risk of infection. Fortunately, the virus maybe easily removed by using this free tool from Symantec: http://www.networkingfiles.com/AntiVirus/w32e.htm We thank you for your help in alerting us to this problem and hope that you enjoy using GameSpy Arcade. Karen "Cobby" Cobb Customer Service Manager GameSpy Industries karen () gamespy com -----Original Message----- From: lsi [mailto:stuart () cyberdelix net] Sent: Wednesday, June 26, 2002 5:03 AM To: feedback () gamespy com; webmaster () gamespyarcade com Cc: John.Morris () cnet com; press.releases () theregister co uk; cw360editorial () cw360 com; incidents () securityfocus com Subject: URGENT! gamespy download infected with Nimda Hello, I bring to your most urgent attention that the copy of Gamespy Arcade 1.09 available on download.com at the address http://download.com.com/redir?pid=10107395&merid=62178&mfgid= 62178<ype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3002-20- 10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c om%2Fsoftware%2Finstall%2FArcadeInstallFull109.EXE is infected with the W32/Nimda.gen@MM virus, as detected by NAI/McAfee Viruscan. The full URL of the infected file is: http://launch.gamespyarcade.com/software/install/ArcadeInstal lFull109.EXE According to download.com, as of my writing, this file has been downloaded 112806 times from download.com since April 29, 2002. The virus infected my computer after I downloaded and executed the program via http://www.download.com/ at around 21:45PM, and I'm justing finishing the cleanup now - it's 3:15AM and counting, thankyou very much. I do understand that the file is actually served from gamespy.com, but it was only by carefully inspecting the URLs served by download.com that this becomes evident. A less savvy user wouldn't make the distinction. I suggest that every night, a download.com robot downloads each file download.com serves, and scans it. Meanwhile, I suggest the guilty party at gamespy be shot. Cheers Stuart -- Stuart Udall stuart () cyberdelix net - http://www.cyberdelix.net/ ..revolution through evolution want to make some cash? check out http://cyberdelix.net/affiliates.htm ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: URGENT! gamespy download infected with Nimda Karen Cobb (Jun 26)
- <Possible follow-ups>
- URGENT! gamespy download infected with Nimda lsi (Jun 26)