Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 02, 2015, 04:50:28 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Warning: Big Security Risk In Some Ubisoft PC Games  (Read 1464 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,318
  • "In my dreams, I always do it right."
    • View Profile
    • wraith808
    • Donate to Member
Warning: Big Security Risk In Some Ubisoft PC Games
« on: July 30, 2012, 08:17:03 AM »
Reposting from a article on Rock, Paper, Shotgun. The fix is relatively simple (uninstall UPlay and the UPlay browser plugin), and the danger has been verified.


Incomplete list of games affected below:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

Not a complete list, and apparently there are a number that quietly install Uplay without user knowledge or consent. Given that the exploit is in the wild this is a very real threat.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,318
  • "In my dreams, I always do it right."
    • View Profile
    • wraith808
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #1 on: July 30, 2012, 08:21:41 AM »
Quote
Disable the Uplay plugin(s) in your browser ASAP.

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable

To check the vulnerability, visit this page
http://pastehtml.com/view/c6gxl1a79.html

If your browser is vulnerable, Uplay will start and the Windows Calculator will run.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 1,854
    • View Profile
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #2 on: July 30, 2012, 09:20:04 AM »
After reading the title I was thinking the required always-on connection to their servers...  ;)

Hmm, come to think of it...that would be an extra vector of attack for virus writers. 

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,385
    • View Profile
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #3 on: August 01, 2012, 09:38:29 AM »
I used to keep a semi sandboxed extra machine I called "NetScreen" to investigate nastiness like this. It was a machine designed to get pounded on, and contained mostly no important data other than stuff I was too lazy to properly double-copy to the real machine. (Heh).

Back when the world was new, and neither I nor the malware writers really knew very much about computers, I had a little bit of fun blocking a few pieces of malware by placing special null files in the designated spots. Then when the hooks tried to call the virus, it acted like a Find-Robot kind of thing for my favorite software I used every day! Whee!

Just curious if anyone has tried that in modern times, like installing a null add-on where the uplay one wants to go, hoping that the mean one will bounce. Thoughts from better geeks than I?