Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gamespy Installer Spreads Nimda

Posted by michael on from the more-than-you-bargained-for dept.

NSG writes "Yahoo News is running this story about the Nimda virus infecting some Gamespy Arcade 1.09 installers. Approximately 3,100 infected files were served in a seven hour period. What responsibility does Gamespy have to the users who downloaded the infected file?"

6 of 171 comments (clear)

  1. Now I've seen it all by mcpkaaos · · Score: 3, Interesting

    I was one of the original Gamespy employees from a few years ago, and I never thought I'd see Gamespy as the subject of a /. story. It just goes to show, before long everything ends up on this site. ;)

    It doesn't surprise me in the least that this has occured, though I hate to bash on my old company (especially since when I left, I left with enough stock to really want the company to succeed, or liquidate and get it over with, hehe.) Truth be told, the company has always been run by a man who truly couldn't care less about customers, a development manager who can't understand why you don't call virtuals from a constructor, and a project lead who thinks UI coding is the end-all-be-all of computer science. Put them together and you end up with very little experience trying to manage a product that has long since outlived its usefulness.

    And before you flame me or whatever, I do know a little bit about which I speak... having written much of the original Arcade myself (though I'm not too proud of the outcome, having followed its progress since I left in '00.)

    All in all, you can continue to expect inferior product from an inferior company, shameful as it is. I often lament on how things might have changed were L-Fire and I given a little more freedom to get stuff done. C'est la vie.

    /me waits to get flamed by crt and Walla now

    --

    [McP]KAAOS

    --
    It goes from God, to Jerry, to me.
    1. Re:Now I've seen it all by kzadot · · Score: 2, Interesting

      Why cant you call virtuals from a constructor?

    2. Re:Now I've seen it all by mcpkaaos · · Score: 2, Interesting

      Actually, I did. The summer after leaving Gamespy (Summer '00) I designed and implemented a server browsing platform that used URLs rather than command lines to launch a game and connect to a remote host. Addtionally, for Windows users, it integrated completely within the Windows Shell, allowing servers to be browsed like files, games and game types browsed like folders, anywhere, anytime, in any explorer window. It also persists its UI and in-memory server lists to disk when you launch a game (releasing some of the memory that is much better spent on the game itself, not the server browsing software you don't care about at that moment.) I had originally wanted to do something similar for Arcade, but none of the coders (and I use the term loosely) at Gamespy seemed interested. Too bad, I thought it was a rather cool idea.

      It's actually a pretty slick system, though I didn't spend enough time on it then to iron out some of the wrinkles (I think a total of 80-90 hours was spent on it over the course of 6 weeks.) I would have spent more time on it, but a non-compete agreement I had signed (lasting 2 years from my resignation date) prohibited me from releasing the source (as I'm an open-source kinda guy) or releasing a freeware product (as I don't need gamers' hard-earned cash.. they need it to buy more games and video cards!) Now that the non-compete has expired (as of this past March 8), I might think about starting up a new project based on the old idea.

      If anyone would be interested in such a project, please email me (kaaos at clanmcp dot com). The project would be for no money, sorry to say, as I don't see the need for charging for a product that anyone could implement with enough time and desire (sorry Gamespy).

      --

      [McP]KAAOS

      --
      It goes from God, to Jerry, to me.
  2. Re:Liability? Read their TOS. by Sloppy · · Score: 2, Interesting
    People need to quite taking that kind of stuff literally. That statement from GameSpy is merely their fantasy of how they want things to be. It is not a legal document.

    If that document were legal, then the author of Nimda itself could make the same claim, and be off the hook.

    They trafficked in malware. It was probably accidental, not deliberate. But they still did it, and it they are partly responsible for what happens as a result, just as anyone else who spreads a virus is.

    There are some people who, systematically, do not ever spread viruses. And there are some who do spread them. There is a difference between the two groups, and it's not just luck or fate. It's responsibility vs negligence and recklessness. It's voluntary -- a person gets to choose which of those two groups he is in. And because of that, spreading viruses is not excusable.

    With all that said, I don't think it's practical to really punish them. But it is justifiable to do it.

    HYBTT?
    Hah! I think I see something!
    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. Re:They screwed up - so what? by pyrote · · Score: 3, Interesting

    Doesn't matter, as a whole, we are moving to a 'computer' mono-culture. Every app is being ported to everything, hell, my palm runs gameboy, and has a simple dos prompt.
    with all of linux's efforts it's only a matter of time someone writes a virii designed to abuse all the windows compatibility software (read:wine), or codes a hybrid.

    eventually no one will care which OS we run, like now, in the handheld market, we don't care which Processor we run. we have ARM, MIPS, PowerPC, SH, and X86.

    It will come down to speed, and at thaat time, everything will talk to each other and virii won't care. it's the future.

    As for permissions, how many newbies will actually run a linux box on a sub user? hell, every XP box I see is run in admin mode. no newbie cares what a particular person or app needs access to... they want plug and play, which means no logging in or out to install crap.

    So there.

    -
    Hey I gave you a nickel, give me my 3 cents back!

    --
    THE WORLD IS GOING TO END!!!! eventually.
  4. Xbox Meets Gamespy Meets Nimda by Scotch+Game · · Score: 2, Interesting

    My girlfriend's kids downloaded GameSpy yesterday, ironically, so they could hook the Xbox up to the router and look for other Halo devotees. And they succeeded.

    They also succeeded in hosing two W2K systems on our home network via the file share traversal vulnerability. One was my girlfriend's system, the only one with out-of-date virus protection and, of course, the only unprotected machine with truly irreplaceable files. Sigh.

    Well, I downloaded AVG and it's getting clean as I type this, but I thought it might be of interest to those who posted saying that only those machines running IIS can be infected. That ain't the truth. The two infected machines on this network were W2K systems, neither of them running IIS. They were just poorly monitored and vulnerable.

    It's /., actually, posting this story that made me realize the source of my pain. And for that I say thanks, because for those of you that said so-what-big-deal, well, it's true that this didn't really constitute a national emergency but, speaking now from experience, I can honestly say that NIMDA SUCKS.

    But here's the rundown: I've got nine machines networked here at home, four W2Ks, four Linux, and one Xbox. Well, two of the W2Ks met Nimda first hand, but two others didn't since all of the extant fileshares require logons. Email wasn't a factor, and on the one W2K system that IS running IIS and was potentially vulnerable to attack, well, I've got all the latest patches installed and everything on that machine is clean.

    The Linux boxes, of course, didn't even raise an eyebrow ...

    Peace.