Main Area and Open Discussion > DC Gamer Club
Warning: Big Security Risk In Some Ubisoft PC Games
(1/1)
wraith808:
Reposting from a article on Rock, Paper, Shotgun. The fix is relatively simple (uninstall UPlay and the UPlay browser plugin), and the danger has been verified.
Incomplete list of games affected below:
Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved
Not a complete list, and apparently there are a number that quietly install Uplay without user knowledge or consent. Given that the exploit is in the wild this is a very real threat.
wraith808:
Disable the Uplay plugin(s) in your browser ASAP.
How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins
In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete
In Chrome:
Visit about:plugins and disable
To check the vulnerability, visit this page
http://pastehtml.com/view/c6gxl1a79.html
If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
--- End quote ---
Shades:
After reading the title I was thinking the required always-on connection to their servers... ;)
Hmm, come to think of it...that would be an extra vector of attack for virus writers.
TaoPhoenix:
I used to keep a semi sandboxed extra machine I called "NetScreen" to investigate nastiness like this. It was a machine designed to get pounded on, and contained mostly no important data other than stuff I was too lazy to properly double-copy to the real machine. (Heh).
Back when the world was new, and neither I nor the malware writers really knew very much about computers, I had a little bit of fun blocking a few pieces of malware by placing special null files in the designated spots. Then when the hooks tried to call the virus, it acted like a Find-Robot kind of thing for my favorite software I used every day! Whee!
Just curious if anyone has tried that in modern times, like installing a null add-on where the uplay one wants to go, hoping that the mean one will bounce. Thoughts from better geeks than I?
Navigation
[0] Message Index
Go to full version