topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday December 11, 2024, 12:44 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

« previous next »
Pages: [1] • bottom

Author Topic: Warning: Big Security Risk In Some Ubisoft PC Games  (Read 4826 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Warning: Big Security Risk In Some Ubisoft PC Games
« on: July 30, 2012, 08:17 AM »
Reposting from a article on Rock, Paper, Shotgun. The fix is relatively simple (uninstall UPlay and the UPlay browser plugin), and the danger has been verified.


Incomplete list of games affected below:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

Not a complete list, and apparently there are a number that quietly install Uplay without user knowledge or consent. Given that the exploit is in the wild this is a very real threat.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #1 on: July 30, 2012, 08:21 AM »
Disable the Uplay plugin(s) in your browser ASAP.

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable

To check the vulnerability, visit this page
http://pastehtml.com/view/c6gxl1a79.html

If your browser is vulnerable, Uplay will start and the Windows Calculator will run.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,939
    • View Profile
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #2 on: July 30, 2012, 09:20 AM »
After reading the title I was thinking the required always-on connection to their servers...  ;)

Hmm, come to think of it...that would be an extra vector of attack for virus writers. 

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Warning: Big Security Risk In Some Ubisoft PC Games
« Reply #3 on: August 01, 2012, 09:38 AM »
I used to keep a semi sandboxed extra machine I called "NetScreen" to investigate nastiness like this. It was a machine designed to get pounded on, and contained mostly no important data other than stuff I was too lazy to properly double-copy to the real machine. (Heh).

Back when the world was new, and neither I nor the malware writers really knew very much about computers, I had a little bit of fun blocking a few pieces of malware by placing special null files in the designated spots. Then when the hooks tried to call the virus, it acted like a Find-Robot kind of thing for my favorite software I used every day! Whee!

Just curious if anyone has tried that in modern times, like installing a null add-on where the uplay one wants to go, hoping that the mean one will bounce. Thoughts from better geeks than I?

Pages: [1] • top
« previous next »