Codemasters distributes a virus?

 Today, your beloved SahraniRadio's news-reporter visited the "Operation Flashpoint Dragon Rising" website.
As a good reporter should be well informed, i decided to  sign up on the Codemasters forums and started nosing around.
Directly i noted the large amount of 'known' people - that forum is crawling with members of the ArmA Community.


After reading the storyline of OFP2:DR and checking some interesting forum topics, i decided to get something to eat.
Directly after i filled my tummy,  noted that i received a weird 'present' from Codemasters.

The Email

To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Subject: Beware of virus!
From: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
X-Scanned-By: MailControl A-08-50-13 (www.mailcontrol.comwww.mailcontrol.com) on 10.69.0.168

Dear JerryHopper,
Because of a virus infiltrated to our site your confidential information may be threatened, please install the patch, which prevents the spread of the virus to avoid the loss of your information.

Patch:
hxxp://community.codemasters.com/forum/archive/patch.exe

Administration of CodeMasters.co.uk.

As you can see, the email was quite disturbing! Codemasters hacked? a patch to fix it!?

I started to investigate this, and to my surprise the email wasnt a spoof!
Hell, they knew my email address! And since i signed up today, this email must really originate from codemasters.

I started to check the 'Patch' and my Virus-scanner said there was nothing wrong with the 44.5kb patch.
Next to all 'Valid' links & email info i stayed suspicious,  i only signed up to a Forum - and i now need to install a Patch that protects my confidential information? 


A virus!

A quick search on the forums showed me that two other people had received this emailtwo other people had received this email, but no confirmation on the legitimacy of this email & file.
After double-checking if the file was really residing at the Codemasters forums, i decided to download the patch.
36 different virus-scanners scanned this file, only 5 marked it as an virusonly 5 marked it as an virus!

HOLY CRAP - i thought! What is going on here?  Someone clearly doesnt like 'Codemasters'

Was it just 1 hacker?
Or maybe the Chinese? ( i BET they are not happy with the  OFP2 storyline!)
 


What happened!? 

One thing is for sure, it seems somebody hit Apache-Webserver and succeeded which has a serious impact on the forum users.
These hackers were able to send an email from the codemasters SMTP mailer, send out emails to people that just signed up - which implies that they can look into the user database!
Its scary, especially when hackers can upload .EXE files to Codemasters' website, and distribute it to 1,604,381! potential victims!

This use of codemasters 'trusted' resources by hackers is a nasty situation, and i suggest everybody to change his password at the Codemasters forums.
Theoretically, the hackers could have copied the database with your login/password details and run the all these encrypted passwords against some MD5 list. ( www.MD5decrypter.co.ukwww.MD5decrypter.co.uk )

I informed the Codemasters Moderators about this subject, and hope for the best.

One thing i know for sure : At least you don't have to worry about your private information anymore, As they are already compromised. and the funny thing is that the email didn't completely lie. - A virus did infiltrate!

Boy, that was a HELL of a First day at Codemasters.... i wonder what tomorrow will bring. 


Regards,

Jerry Hopper

 

[UPDATE]
Codemasters confirmed our suspicion. the malicious file was removed from their servers.

Hi folks,

We would like to stress that this mail did NOT come from Codemasters.

It would appear someone has spoofed our e-mail address which makes it look as though the e-mail comes from us.

We are investigating the e-mail in question and will take action accordingly. In the meantime we'd like to ask you all to delete the e-mail and especially do NOT click on any links that appear in it as they could be malicious scripts/files that could harm your PCs and/or cause data loss.

In the future, should you receive any e-mail that appears suspect please let us know immediately via an e-mail to This e-mail address is being protected from spambots. You need JavaScript enabled to view it Please do not post the mail to the forums where other users could fall victim to any potential malicious attacks.

Thank you,
__________________
Satine.
Director, Community Relations