Malware – MMO Fallout

leland_yee.0 (1)

Capcom very quickly rolled back an update to Street Fighter V on PC meant to curb cheating on the platform. The update introduced a rootkit that, according to tech savvy users, includes a vulnerability that grants kernel-level privileges to any installed application. Capcom.sys shuts off crucial security defenses on the computer before running whatever instructions are given to it, before turning those protections back on. In short, it’s a fully open back door for hackers.

We are in the process of rolling back the security measures added to the PC version of Street Fighter V. After the rollback process to the PC version, all new content from the September update will still be available to players. We apologize for the inconvenience and will have an update on the time-frame for the PC rollback solution soon.

It is important to note that the update does not uninstall the driver if it is present, but merely no longer installs it. A user on Reddit has already offered a couple of methods of detecting and removing the driver.

Rootkits of this type are not just harmful for users, they can also be a massive liability for the companies that install them. Sony has paid out millions to settle various lawsuits over the BMG rootkit scandal from more than ten years ago that saw countless computers infected thanks to anti-piracy software on Sony music CD’s.

(Source: Steam)

Hindsight is twenty twenty, and no doubt gamers of days to come will one day look back at Pando Media Booster and remember it for what it was: One of the worst program to plague PC users since the Bonzai Buddy. As advertised, Pando Media Booster became rather widely used by a number of MMOs as a peer to peer sharing system to mitigate bandwidth and hopefully provide faster download times.

It also had the side effect of slowing the internet speeds of many down to a crawl, and was generally seen as bloatware carefully toeing the line between legitimate software and malicious malware. Last August, to the relief of gamers everywhere, Pando closed its business down and shut down the Pando Media Booster servers.

So Pando may be dead, but as decades of Friday the 13th movies have shown us, the dead often do not rest in peace. Pando Media Booster has been hijacked and users are receiving notices that the program requires an update despite the service having shut down last year. The supposed update is actually the Sweet Page browser hijacker virus, which redirects browsers to the Sweet Page search engine.

A number of MMO clients are still being distributed with Pando Media Booster.

(Source: CSTM)