Valve has patched several games after a particularly innovative hack was detected. It involved a vulnerability with the Source SDK, which allows custom animations to be used in-game. From there, it was a matter of triggering the animation and opening the way for hackers to get in.
The idea is that custom animations have to be transmitted to other players in order for them to see it happen. Doing this, the hackers designed a ragdoll mod that would trigger a buffer overflow; allowing them to remotely execute more code on the victim. All they would need to do is get into a game and start killing people to activate the ragdoll death animation.
Fortunately, no real malware was spread using this method. Valve moved very quickly to patch some very popular games, such as Counter-Strike: Global Offensive, Team Fortress 2, Portal 2, and Left 4 Dead 2. Closing the vulnerability off to cybercriminals who might have used it for their own gains.
It’s rare that one hears of vulnerabilities in video games being used to spread malware, but it could indicate that hackers are exploring new ways of circumventing security software. If this keeps up, the best bet for players is to avoid being killed by hackers playing the game.
[Source: One Up Security]
