Last year I encountered a virused map!
It happens with the Custom Data contained,it was an infected Mp3 file,then game sometimes crashed when it played!
So I went in the Editor and Saved it,scanned it,and it had positive for infection![]()
honestly id love for this 'exploit' to stay, and theres not much they can do about it probably.... although blizz could have its own virusscan that scans a file after dl, for known virus's (only ones that are known to have been on wc3), they should also keep IP of the creator saved incrypted in the map at creation, this would be atleast a little protection, since maps could be traced back
really though, with this you can have actual save/load rpgs, without codes, all it has to do is save a file on the comp, in the wc3 folder, or possibly even ON A SERVER. that would greatly decrease the ability to cheat. btw no im not an rpg fan, im just useing rpgs since they would probably benifit the most from this.
that or maybe any executable file, could be registered by the owner at battle.net, then the virus scan would find any unregistered files, or files onlist as viruses. It would not have to be ran by blizz employies, but rather the comunity, except when a virus is detected (then blizz ban's the submitters key) not to mention, mods would be alot more widespread, if they could be dled over bnet, and or synced
I don't play wc3 anyways.
First the fail maps flood, now this!!!!
/me explodes is angreh!
At least I don't play on battle.net, he he...
To be honest a large number of us no longer make warcraft III maps or resources, as well as many of us who no longer play warcraft III at all
Nevertheless this is indeed slightly worrying, and I hope Blizzard make patching this a priority.
Icefrog for example would have to be a complete idiot to implement a keylogger for stealing passwords as it would cause his map to lose all popularity near instnantly as well as several suicides.
The fact is that you have to be a really good programer to use this in a dangerous way. The fact is also that 95%+ of programmers are too stupid to. Also a fact is that main stream custom maps will not abuse this as the makers want their maps to be popular and not to ruin peoples lives. Icefrog for example would have to be a complete idiot to implement a keylogger for stealing passwords as it would cause his map to lose all popularity near instnantly as well as several suicides.
Warcraft Custom Map Virus, a Must Read! There's been a big fuss lately on Battle.net because a new exploit has been circulated amongst hackers. The exploits allows for a custom map to execute arbitrary code on a client and install trojans/viruses/keyloggers outside of the Warcraft III engine. In simple words, by just join an unknown person who host the Warcraft III virus map, your pc will be infected when the game started. And Dota is now become the largest target of this virus. This is not hoax or rumor, Dota-Allstars forums (and Battle.net forums) already stickied this topics. I really recommend that you read this article until finish for your own good.
Hackers created fake Dota maps that use the same file extension/directory as DotA 6.59d. Therefore you will see the loading screen displayed in your custom game list and it is effectively impossible to take precautions against, as it has no discernible difference from joining a normal DotA game. It is highly recommend that you stop playing public dota games until blizzard can patch this exploit. They have already had it brought to their attention.'
For those who doubt how dangerous this is; by mimicing dota, anyone who has already downloaded the legitimate map will see the game displayed in the custom game screen with the proper loading image, and it finishes downloading before you switch to the game lobby screen, as it is a tiny file size. Once you enter the game, the virus will unpack itself and infect your computer, allowing malicious code to be executed at the whim of the hacker. This means a malicious user will be able to grab everyone's cd-keys in a game, plant a keylogger in your computer, any known virus etc.
Props go to [email protected] forums for bringing this to attention.
Battle.net - English Forums -> Error
Don't join games of DotA hosted by people you don't know. This applies to public games, TDA, etc. The best precaution you can take at the moment if you want to continue to play DotA, is to keep your Warcraft III maps folder open, and see if any new files are downloaded when you join a game. If they are, immediately leave the game lobby, before the host can start the game (and infect you), and delete the new map file. If your computer has been infected, you should run the best antivirus software you can find, and Don't log into any accounts on your computer, Warcraft III, email, etc, as there is a high probability of getting your password keylogged. If you are certain your computer is infected, the only surefire way to eliminate it is to reformat your computer.
COMODO is the only known program at the moment to prevent Warcraft from running the malicious code as of now. Every other AV/firewall/anti-malware program other than that does not currently prevent this exploit from being used.
This is what ChildLikEmperor, Dota-Allstars forums moderator, said on his thread. But if you have another AntiVirus that can detect it, feel free to share it here.
Blizzard has been notified about the issue. The safest thing to do at the moment is to not play DotA or any other custom map until Blizzard release new patch. OR, you can carefully choose your host when joining a game even though certain risk is still there. Honestly, i prefer the second choice, because it will be hard to stop playing Dota ~_~
Update:
Thanks for anonymous who give this information.
Name of virus: HackTool.Win32.Sniffer.WpePro.w
Contaminated sites are here:
C:\WINDOWS\TEMP\omfg_wtf.dll
Looks like the virus file is on : \WINDOWS\TEMP\omfg_wtf.dll
Warcraft III Custom Map Security Warning
We have identified an exploit that could allow malicious software to be spread through Warcraft III maps. We have applied a temporary fix to address this issue when playing on Battle.net, and we are working on a patch to permanently address the issue when playing on a LAN or playing single-player custom maps. In the meantime, we recommend that players avoid downloading maps from unofficial sources or websites they do not trust -- be aware that corrupted maps may share the same name as other popular maps. If you encounter custom maps that no longer function or other issues related to this fix, please post details below.
This fix patches the area of the game where it runs inappropriate scripts. Beyond that information, I don't have much else for you. You just need to log onto Battle.net to get an updated bncache.dat file, which contains that fix.
They should much rather address the map curroption issue so that undownloaded maps do not appear downloaded. Also things like map size checks when you join would be good as you would not have like a 40 KB DotA. Equally well, they just have to stop WC3 running or starting other programs with this exploit, and restrict its domain to only a sub folder of WC3 and it will become pretty harmless.
The big problem is it is quite possiable they will eithor totally rework the function reference system so that that type no longer allows dangerous code to be run (possiably resulting in WC3 behaving differently and becoming buggy with existing systems) or they will fix the type conversion bug (the cause of this exploit) so that nearly every JASS spell and system stops functioning.
Thus if you do want the exploit removed, you better hope that they do not remove it and purly restrict its domain to that of it being unable to cause damage. Also hope that whatever they do, it does not slow WC3 down.
A rough guess would have me reconing that blizard will just add an exception preventing the type convstion of X to code and code to X, which may slow down other conversions slightly but will prevent the exploit form being used at all. They should atleast reward us if they do that by adding some new handy native to use, like built in faster type converters or better unit stat control natives.
I agree with this althought it's dangerous it's worth it. This could open for new better stuff (Sadly bad stuff aswell). Insteed off having it removed there should be a scanner in bnet that checks the triggers and if it finds something like this it would warn us first.
People, you forgot something important, if blizzard dont fix this, this hack may continue to SC2! that means the HAVE to fix it! or they may not sell anything.