For the past month, players of the classic game, Call of Duty: Modern Warfare 2, have found themselves ensnared in a tangled web of cyber threats. A self-spreading malware, or worm, has been coursing through the veins of the game’s servers, exploiting an unpatched bug that was reported to the publisher, Activision, five years ago.
The worm incident was brought to light when a Twitter user posted a screenshot of the code that powered the malicious software. A prominent security researcher with a track record of identifying bugs in several Call of Duty games, confirmed the troubling facts. The bug at the heart of the malware was the same one he had discovered and reported to Activision in 2018.
The malware, now identified as “CoDworm” by some antivirus engines, takes advantage of a ‘buffer overflow’ vulnerability. Exploiting this type of vulnerability was a straightforward task for anyone with a decent understanding of coding.
While the specifics of how the worm operates remain unclear, the fact that it has been linked to an unpatched bug represents a significant security oversight. Activision has yet to comment on the situation.
The incident underscores the importance of timely addressing reported bugs, especially for a game that, despite its age of 14 years, still has an active online community and is still being sold to players. The lax approach to known vulnerabilities leaves a gap for hackers to exploit, potentially compromising user data or sabotaging the gameplay experience.
In response to the escalating issue, Activision took the game offline on the gaming platform Steam last week to investigate the matter. The publisher has not yet provided an estimated timeframe for when the game will be back online.
Gamers had developed an open-source, modified version of Call of Duty: Black Ops III. This customized version patched serious vulnerabilities that they had discovered in the game. The version was seen as a haven for players who wanted to enjoy the game securely. However, in May, they received a cease and desist letter from Activision, to shut down the project.
While the hackers’ objective with this worm remains unknown, the Call of Duty: Modern Warfare 2 incident serves as a stark reminder of the need for robust cybersecurity measures in online gaming. The industry must address these vulnerabilities to protect the integrity of their games and, more importantly, the security of their user communities.
Want to secure your devices and data from cyber threats? Download ZoneAlarm