Home

You are not logged in.
Language: French

#1 2014-09-22 12:06:48

Moonie
Moderator

Beware the Auth Stealing UrT server

FS|barbatos wrote:

Hi,

There are currently at least four malicious servers trying to steal authentication keys. If your auth is suddenly refusing to work and/or you see “Unknown” in the server list instead of “FREEZE”, you probably have connected to one of those servers and downloaded at least one map.

All those maps contain malicious code.

If you think you may be affected, delete all maps downloaded on September 14 or later and change your auth key. Downloading any maps from servers you don’t know well is discouraged until further notice.

If you believe that your auth key was compromised, please go to your profile page and click on "My game auth key" in the "Manage my account" section, then click on "Get a new auth key".

http://www.urbanterror.info/forums/topi … s-servers/




At present no one knows how deep this runs.  They know it steals auth keys, but no one has ascertained if it can steal data from your documents folders and proxy them off.  So if you have a firewall that can sandbox apps, i suggest running UrT as a limited app.

From reading the thread it looks like a lot more than 4 servers are out there.  At present it looks like this is just Frag Servers.  The identifiers are 20 players on server, but when you do a server info no one shows on server.  Running one of these maps.

Code:

q_premiere_v1
ut4_aeropuerto_v1
ut4_aeropuerto_v2
ut4_amazing_v1
ut4_arena2_b4.1
ut4_arena7_v1
ut4_aztek_ruins_v1
ut4_battlefront_v2
ut4_boxtrot_v2
ut4_conf_v1
ut4_container_b3
ut4_doom16_b2
ut_macabre_b7

I would suggest using.

Code:

cl_autodownload 1

At least until they release 4.2.020 which will fix this problem.  No doubt Fenix has already patched his binary to not allow vm folders in pk3 files.  If he has, maybe he will share it.

Also watch out for new jump servers popping up with mapnames you dont know.  Query them by using our download page.  Also let us know if you find any, so we can all avoid them.

Lastly make sure you havent already been infected.  Check your q3ut4 folder for those maps.  But be aware that a real ut4_boxtrot_v2 does exist.  My copy that ive had for about 3 years has the following attributes.

Code:

Name: ut4_boxtrot_v2
Size: 1563284 bytes
MD5: 1679e65a71dd7c64e4b714785e020ad8
SHA256: a42d1c0c2a76eede45f43d29c1158fd7cc801e86fa132087d554cd91407e6488

Will replace with something useful, someday. smile

Offline

  • Top

Board footer

Powered by FluxBB - Adaptation: jmarc
Design: landouille - Icons: famfamfam