URGENT! gamespy download infected with Nimda

From: lsi (stuart@cyberdelix.net)
Date: 06/26/02


From: "lsi" <stuart@cyberdelix.net>
To: feedback@gamespy.com, webmaster@gamespyarcade.com
Date: Wed, 26 Jun 2002 11:03:24 +0100

Hello,

I bring to your most urgent attention that the copy of
Gamespy Arcade 1.09 available on download.com at the address

http://download.com.com/redir?pid=10107395&merid=62178&mfgid=
62178&ltype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3002-20-
10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c
om%2Fsoftware%2Finstall%2FArcadeInstallFull109.EXE

is infected with the W32/Nimda.gen@MM virus, as detected by
NAI/McAfee Viruscan.

The full URL of the infected file is:

http://launch.gamespyarcade.com/software/install/ArcadeInstal
lFull109.EXE

According to download.com, as of my writing, this file has
been downloaded 112806 times from download.com since April
29, 2002.

The virus infected my computer after I downloaded and
executed the program via http://www.download.com/ at around
21:45PM, and I'm justing finishing the cleanup now - it's
3:15AM and counting, thankyou very much.

I do understand that the file is actually served from
gamespy.com, but it was only by carefully inspecting the URLs
served by download.com that this becomes evident. A less
savvy user wouldn't make the distinction.

I suggest that every night, a download.com robot downloads
each file download.com serves, and scans it.

Meanwhile, I suggest the guilty party at gamespy be shot.

Cheers
Stuart

-- 
Stuart Udall
stuart@cyberdelix.net - http://www.cyberdelix.net/
..revolution through evolution

want to make some cash? check out http://cyberdelix.net/affiliates.htm

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com