39 percent of Counter-Strike 1.6 servers are ridden with malware, security analysts claim

Polycount

Posts: 2,844   +575
Staff member

As you can imagine, all of that rapid action appeals to quite a few people - so much so that even the original Counter-Strike (known as Counter-Strike 1.6) still has thousands of dedicated servers and players.

Unfortunately, according to a study from Dr. Web (spotted by Hard OCP), a sizable portion of those dedicated servers are downright dangerous to join.

Apparently, malicious server owner "Belonard" used his platform to infect players with a new type of Trojan, which exploits vulnerabilities in Counter-Strike 1.6's client architecture to force unwitting players to spread the virus to other players.

How does this happen? To start with, a player has to connect to Belonard's infected server. Upon doing so, the Trojan in question sets itself up in that individual's computer and turns their PC into an infected proxy server that will then show up in the Counter-Strike 1.6 server list for other players.

These infected servers generally show lower ping, making them considerably more appealing to other players. Once a player connects to this proxy server, they too become infected, and the cycle repeats.

So, what's the end goal of this Trojan? Apparently, Belonard uses this malware to promote other servers in exchange for money - infected players will have a much higher chance of seeing promoted servers pop up when they browse for a new place to play.

It's a nasty business, but likely a lucrative one. According to Dr. Web, a whopping 39 percent of all Counter-Strike 1.6 game clients were infected with Belonard's Trojan. That amounts to roughly 1,951 servers in total.

Fortunately, Dr. Web says their analysts have largely stopped Belonard's malware in its tracks:

Doctor Web’s analysts took all necessary measures in order to neutralize the Belonard trojan and stop botnet from growing. The delegation of the domain names used by the malware developer was suspended with the help of REG.ru domain name registrar. Since redirection from a fake game server to the malicious one happened via domain name, CS 1.6 players will no longer be in danger of connecting to the malicious server and getting infected by the Belonard trojan. This interrupted work of almost all the components of the malware.

Apparently, Dr. Web has forwarded their findings to Valve, but the company hasn't given a timeline for potential fixes yet.

Permalink to story.

 

Puiu

Posts: 4,490   +3,321
TechSpot Elite
I seriously doubt that they'll patch it unless it is something really easy and someone else does the work for them (a modder).
 

amghwk

Posts: 1,015   +926
I thought servers bugged with malware is old news? Especially for popular servers such as CS servers....
 

texasrattler

Posts: 1,125   +523
People still play CS lol. The game has been a breeding ground for cheating, now malware.

Nice how Valve just ignores it's own games and people wonder why devs and others don't like or trust them anymore.

When will the sheep ever learn, when they are slaughtered because there is nothing to teach anymore, you died.
 

ghostf1re

Posts: 414   +265
People still play CS lol. The game has been a breeding ground for cheating, now malware.

Nice how Valve just ignores it's own games and people wonder why devs and others don't like or trust them anymore.

When will the sheep ever learn, when they are slaughtered because there is nothing to teach anymore, you died.

As of now (3:17 p.m. CST), Counter-Strike: Global Offensive is the top played game on Steam with 526,067 current players. Yes, people still play CS. A lot of people.