New Warcraft III security exploit...

[Dr Super Good]

That's cool, don't even mention who discovered it, or give any credit whatsoever, because I'm sure after tinkering and discovering such things Jesus4Lyf would hate such mentions.

Well, "Jesus4Lyf" is just a user name on that site the person uses. There is no garuntee that other "Jesus4Lyf" users on different sites are that person. Mentioning that name could allow people to falsly take credits in the case of someone else using that name. I personally felt linking the thread would be far more effective as it garuntees the correct person is referd.

This was also more of a warning so that people are not caught off gaurd. If I was writing a full documentation on it I would ofcourse credit the correct person directly.

I am suprized you did not complain at me for not even mentioning the language it executes.

 

[tooltiperror]

you simply did not mention it. You very rarely write reports on books and do not mention their authors.

 

[Dr Super Good]

Well, in the thread he never mentioned his name... Like I said, you can not use account names as a reliable ID cause people could spoof them.

 

[tooltiperror]

Well, in the thread he never mentioned his name... Like I said, you can not use account names as a reliable ID cause people could spoof them.

<Dr Super Good> I hate all the minorities in the world.

I think people will be able to tell that I am not Dr Super Good.

inb4 'that's not spoofing' argument.

 

[Dr Super Good]

The author is credited (although indirectly via a link to his post). No person is falsely credited for discovering this (for example, I do not say I found it).
I also imagine this post was proof read by administration before being put up and they did not seem to have any problems with it in its current form.

I am amazed that hackers still have not made their move, this is such an easilly exploitable bug.

 

[War3Cadu]

Im tested map.

Any map hackers you can will loser key. Why? Bucase you have regedit in your key warcraf 3 or any games.

Any map hackers you can send email keys. too regedit

So i have visual basic 2010

(sorry for the english bad)

Edit:
Or yours game.dll, Storm.dll have keys

 

[azlier]

Luckily (or perhaps just the opposite), Blizzard has to do something or else they might face legal trouble because of how they assure you that no virus will ever come from Battle.net. So they have to either fix it or shut down Battle.net. Hmm.

 

[War3Cadu]

Can i post tutorial "How do i see script for virus and report it" ?

If it allowed

Edit:
I go sleep now
there 3:40 am xD

 

[mnadeau1992]

I HATE HACKKKERS
KILL THEM ALL

Or can't they kill themselves?

ps: have the hive wc3 and hive sc2 merged? looks cool

 

[War3Cadu]

Hmmmm
This script can create anti-maphack. ^^

@mnadeau1992
Now i dont download maps never!

I hope warcraft 3 patch xD

 

[Ironside]

Well, as said before, it's easy to counter. It really isn't much of a threat.

 

[Vercas]

I am of opinion that Blizzard must be patched first so they can patch Warcraft III.

 

[Dr Super Good]

Blizzard has no obligation to patch old games unless they are legally forced to. They will legally be forced to if people start exploiting this.

How many games from pre 2000 still get patches on a regular baisis? Games, like all software, have an expected lifecycle. WC3 is reaching the end of it where it is still kept running but is no longer subject to regular maintence and attention.

 

[takakenji]

oh damn oh damn

 

[Bloodbane7]

Not to break your highly interesting conversation, but this virus/hack can only be used if that JASS script is the map right? So you can use all of your previous maps and any new ones you make and not have to worry about it as long as you don't go on Bnet? This makes sense but Idk much about JASS.

 

[Dr Super Good]

Logically if you make the map, you will know if it is dangerous or not as that code requires something to put it in the map. Unless a virus is made to infect your machine and inserts the code into all maps you own or inserts code into the editor to make it insert the code into all maps it makes.

Old maps are also not safe, cause this exploit has always been around, just it has only been publicly revealed recently. There could me maps using it to infect people years ago for all we know. However as a rule of thumb, older maps by average people should be safe if the link is old. For example, Julians RPG or Final Fantays Forever will be safe if the version is old.

 

[Bloodbane7]

Alright, just wanted to make sure. Just kind of freaked that I read the news one day and was all like WTF I start map making again and this happened? It shouldn't affect me then, as I haven't used Bnet in forever.

 

[Tleno]

Alright, just wanted to make sure. Just kind of freaked that I read the news one day and was all like WTF I start map making again and this happened? It shouldn't affect me then, as I haven't used Bnet in forever.

Not just B.net. You can just download and run a map that is infected and get infected.

Oh, so there might be a virus that infects all your maps? Kinda wanted to ask like something like that could be happening, but whatever... so anyway theoretically infecting other maps is possible?

 

[Ironside]

Definitely could be done if you ask me.

 

[Vercas]

Definitely could be done if you ask me.

Yes, but I doubt someone would bother doing such complicated tasks.
It would require opening MPQ archives, finding a suitable function in which to add code and then add the code. Making a nice virus would also require recursion, which is not supported in Jass!
This would be nice, tho.

 

[elfian]

Yes, but I doubt someone would bother doing such complicated tasks.
It would require opening MPQ archives, finding a suitable function in which to add code and then add the code. Making a nice virus would also require recursion, which is not supported in Jass!
This would be nice, tho.

What does making a virus have to do with recursion...

 

[Dr Super Good]

The viruses are proper viruses made in lanugages like C/C++ that run when your computer boots up. The people who make them would have no problem infecting all your maps, afterall they can write stuff which gives AV software a run for its money.

 

[Vercas]

What does making a virus have to do with recursion...

Waste a minute of your life thinking.

 

[elfian]

Waste a minute of your life thinking.

Waste a minute of your life explaining, because the definition of a computer virus does not include the word "recursion" in it.

 

[Vercas]

Waste a minute of your life explaining, because the definition of a computer virus does not include the word "recursion" in it.

I was talking about efficiently infecting another map with the same code.
Does it sound possible to you, knowing the features of Jass?

 

[elfian]

I was talking about efficiently infecting another map with the same code.
Does it sound possible to you, knowing the features of Jass?

Yes? The .vbs in startup can enumerate the Maps folder and can do file I/O as far as I'm concerned... But all this can be simply stopped by making a program that watches over your startup folders and gives out warnings when a new file appears. Still, I don't see where recursion comes in here? If not recursion, you can use loops? No?

 

[Vercas]

Yes? The .vbs in startup can enumerate the Maps folder and can do file I/O as far as I'm concerned... But all this can be simply stopped by making a program that watches over your startup folders and gives out warnings when a new file appears. Still, I don't see where recursion comes in here? If not recursion, you can use loops? No?

How do you insert the exact virus code in another map?

 

[Ironside]

I'm certain it can be done, it could use nearly the same way as jasscraft, just that you already preset what it will include and not let them write it.

 

[Vercas]

I'm certain it can be done, it could use nearly the same way as jasscraft, just that you already preset what it will include and not let them write it.

I hate myself.
HOW WOULD YOU WRITE THE SAME VIRUS CODE TO ANOTHER MAP???

 

[Ironside]

Make a program that writes it?
Which can be done by using the exploit to download your file.

 

[Vercas]

Make a program that writes it?
Which can be done by using the exploit to download your file.

I give up on life.

 

[Dr Super Good]

The whole problem is this allows you to run arbitary code on computer startup. Using C++ you can make programs that do infect all WC3 maps with the same download code to redownload itself.

 

[Vercas]

The whole problem is this allows you to run arbitary code on computer startup. Using C++ you can make programs that do infect all WC3 maps with the same download code to redownload itself.

Or maybe I'll hold on to my life a little more.

 

[Ironside]

Or maybe I'll hold on to my life a little more.

That's what I meant in my post, you can create a C++ program and use the exploit to create a VBS to download your program and on startup it will be executed...

 

[Vercas]

That's what I meant in my post, you can create a C++ program and use the exploit to create a VBS to download your program and on startup it will be executed...

Meh. In my deep thoughts I forgot to take in consideration downloading viruses.

 

[Ironside]

I kind of thought so

 

[Addamondes]

Kill the haxxors

 

[GreenHocker]

I say it's stupid to be scared by this. If it hasn't happened to that many people, then its probably going to stay rare until Blizzard people themselves start to make sure all WC3 maps have viruses. (trying to shut down the game to empty out servers for sc2?)

 

[Ironside]

As said many times before, one who knows that it will activate on the next reboot is safe from the exploit. As he can just check startup folder after playing a map.

 

[elfian]

I say it's stupid to be scared by this. If it hasn't happened to that many people, then its probably going to stay rare until Blizzard people themselves start to make sure all WC3 maps have viruses. (trying to shut down the game to empty out servers for sc2?)

Makes sence.

 

[LumZor]

SC2 is probably safe cause it is better designed.

true ...

 

[Vercas]

Kill the haxxors

I am feeling threatened.

 

[Ironside]

Wanted to write that myself, but kept myself from doing so.

 

[Superz_Ze_Man]

I only join games i have lready downloaded or i host my own ^^

 

[Dr Super Good]

Hosting your own is safest.

Joining games you appear to have downloaded is dangerous. The last exploit had a virus DotA allstars map which it appeared was already downladed (matched the hash of the real map) but when you joined it downloaded a very small (broken) map which started instantly (due to bot) and ran a virus which messed with all your maps.

 

[Superz_Ze_Man]

Hosting your own is safest.

Joining games you appear to have downloaded is dangerous. The last exploit had a virus DotA allstars map which it appeared was already downladed (matched the hash of the real map) but when you joined it downloaded a very small (broken) map which started instantly (due to bot) and ran a virus which messed with all your maps.

well then. That makes me feel great... I guess im gonna stick with hosting for now even though it can be a pain.

 

[Ironside]

Hosting your own is safest.

Joining games you appear to have downloaded is dangerous. The last exploit had a virus DotA allstars map which it appeared was already downladed (matched the hash of the real map) but when you joined it downloaded a very small (broken) map which started instantly (due to bot) and ran a virus which messed with all your maps.

Yeah but if this new exploit runs on the next startup, you can check the folder and remove the new files (if any) before it gets the chance to activate at all.

 

[Vercas]

Wanted to write that myself, but kept myself from doing so.

I usually say my thoughts out loud.

 

[Superz_Ze_Man]

does anyone know what these files it creates are called? Im not ure what to look for in my system 32 folder or wherever the folder is created...?

 

[Ironside]

I usually say my thoughts out loud.

What are you trying to say with that?

does anyone know what these files it creates are called? Im not ure what to look for in my system 32 folder or wherever the folder is created...?

Sure, the created files will usually be .bat (batch file) or .vbs (visual basic script file), they will be created in your startup folder (Start > All Programs > Startup).

All you have to do is delete that file from the folder and you are safe once more.