ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > DC Gamer Club

Warning: Big Security Risk In Some Ubisoft PC Games


Reposting from a article on Rock, Paper, Shotgun. The fix is relatively simple (uninstall UPlay and the UPlay browser plugin), and the danger has been verified.

Incomplete list of games affected below:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

Not a complete list, and apparently there are a number that quietly install Uplay without user knowledge or consent. Given that the exploit is in the wild this is a very real threat.

Disable the Uplay plugin(s) in your browser ASAP.

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable

To check the vulnerability, visit this page

If your browser is vulnerable, Uplay will start and the Windows Calculator will run.

--- End quote ---

After reading the title I was thinking the required always-on connection to their servers...  ;)

Hmm, come to think of it...that would be an extra vector of attack for virus writers. 

I used to keep a semi sandboxed extra machine I called "NetScreen" to investigate nastiness like this. It was a machine designed to get pounded on, and contained mostly no important data other than stuff I was too lazy to properly double-copy to the real machine. (Heh).

Back when the world was new, and neither I nor the malware writers really knew very much about computers, I had a little bit of fun blocking a few pieces of malware by placing special null files in the designated spots. Then when the hooks tried to call the virus, it acted like a Find-Robot kind of thing for my favorite software I used every day! Whee!

Just curious if anyone has tried that in modern times, like installing a null add-on where the uplay one wants to go, hoping that the mean one will bounce. Thoughts from better geeks than I?


[0] Message Index

Go to full version