Welcome Guest.   Make a donation to an author on the site July 24, 2014, 06:01:06 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2011! Download 30+ custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Warning: Big Security Risk In Some Ubisoft PC Games  (Read 1187 times)
wraith808
Supporting Member
**
Posts: 6,081



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: July 30, 2012, 08:17:03 AM »

Reposting from a article on Rock, Paper, Shotgun. The fix is relatively simple (uninstall UPlay and the UPlay browser plugin), and the danger has been verified.


Incomplete list of games affected below:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

Not a complete list, and apparently there are a number that quietly install Uplay without user knowledge or consent. Given that the exploit is in the wild this is a very real threat.
Logged

wraith808
Supporting Member
**
Posts: 6,081



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: July 30, 2012, 08:21:41 AM »

Quote
Disable the Uplay plugin(s) in your browser ASAP.

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable

To check the vulnerability, visit this page
http://pastehtml.com/view/c6gxl1a79.html

If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
Logged

Shades
Member
**
Posts: 1,607


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: July 30, 2012, 09:20:04 AM »

After reading the title I was thinking the required always-on connection to their servers...  Wink

Hmm, come to think of it...that would be an extra vector of attack for virus writers. 
Logged
TaoPhoenix
Supporting Member
**
Posts: 3,469



0 - 60 ... then back to 0 again!

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: August 01, 2012, 09:38:29 AM »

I used to keep a semi sandboxed extra machine I called "NetScreen" to investigate nastiness like this. It was a machine designed to get pounded on, and contained mostly no important data other than stuff I was too lazy to properly double-copy to the real machine. (Heh).

Back when the world was new, and neither I nor the malware writers really knew very much about computers, I had a little bit of fun blocking a few pieces of malware by placing special null files in the designated spots. Then when the hooks tried to call the virus, it acted like a Find-Robot kind of thing for my favorite software I used every day! Whee!

Just curious if anyone has tried that in modern times, like installing a null add-on where the uplay one wants to go, hoping that the mean one will bounce. Thoughts from better geeks than I?

Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.03s | Server load: 0.19 ]