WARNING: Source 2013 multiplayer exploit found. AFFECTS (almost) ALL SOURCE GAMES! VAC bans and account hijackings reported. [UPDATE]

[Newton10]

UPDATE:

Note: NOT ALL GAMES ARE FIXED YET PLEASE READ MORE BELOW 

 

The following is an update from the OP from a moderator on the /r/steam subreddit:

 

Update 8/09/2015 from Eric.

We've released a beta update for the Source SDK Base 2013 Multiplayer depot. The updated depots include several security fixes. The name for the beta branch is "beta_test". If you're running a game that depends on the Source SDK Base 2013 Multiplayer tool, please give the beta a try and report any problems. You can email me directly with any problems you find.

Clients can opt-in to the beta using the Betas tab of the Properties dialog for the Source SDK Base 2013 Multiplayer tool (select "beta_test" in the dropdown menu)

Dedicated servers can find information about how to use a beta here:https://developer.valvesoftware.com/wiki/SteamCMD

We're also working on updates for Counter-Strike: Source, Day of Defeat: Source, and Half-Life 2: Deathmatch. We'll have more information about those soon.

Thanks.

-Eric

 

Note: This is ONLY a Source 2013 update, and people who run mods and host servers still have to manually opt into the beta branch.

Updates for games like CS:S weren't released yet. I'd also like to remind everyone that the only patched Source games SO FAR are TF2, CS:GO and Dota 2.

 

 

I recommend that you play on Valve/trusted servers only until this is resolved. If you want another way to fix it, watch the video below. Please be careful.

 

Stay safe,

 

-Newton

 

Update Youtube Video:

 

Original Post:

 

Note: I will edit this post once the exploit is fixed in all source games/mods.

 

The following is a PSA by a moderator of the /r/steam subreddit:

Hey,

Today it was brought to our attention that a new exploit has been discovered. I can't go into technical details but the exploit uses a glitch with sprays. The vulnerability allows the attacker to run malicious files on your computer. This can result in lost items.

This exploit affects every single Source mod running on the Source 2013 MP Base engine branch. If you have (or had to) install Source 2013 MP Base from your library>tools menu to play a mod, that mod is affected.

The games affected include:

1. Fistfull of Frags
2. Team Fortress 2 Classic
3. Fortress Forever
4. No more room in hell
5. Vikings and knights 2

A workaround:

• Open console
• cl_allow download 0
• cl_allowupload 0
• cl_customsounds 0
• And disable sprays.

The exploit has been reported and should be fixed within a couple days.

Stay safe,

/r/Steam moderators.

 

Please also note that Counter Strike Source has also been affected and that modern, non-modded, titles have been patched (vanilla TF2, CS:GO and DOTA 2)

 

This also doesn't just affect Source 2013 games. ALL unpatched Source games should be considered vulnerable.

 

Normally I wouldn't quote the entire message, but because this may result in a VAC ban, as well as losing your entire steam inventory, I believe this is an exception to the standard news rules. For more information about the how it was discovered check out the Youtube video below by a channel dedicated to news on Valve. 

 

Source: https://www.reddit.com/r/Steam/comments/3jja73/source_2013_mp_base_file_upload_and_execution/

 

Youtube Video:

 

[noisebomb44]

saw this in the morning, scary stuff

 

If have 200 games, if i got vac banned, i would literally die

[werto165]

Team fortress 2 classic? isn't it just tf classic? EDIT: Nope doesn't matter./ 

[Newton10]

Team fortress 2 classic? isn't it just tf classic? EDIT: Nope doesn't matter./ 

 

TF2 Classic is a mod to TF2. And you are correct it doesn't really matter.

[Guest]

Is Insurgency affected?

[Newton10]

Is Insurgency affected?

 

I would assume so, although I cannot confirm it. 

 

It would probably be best to play it safe though since we cannot deny it at this point.

[cesrai]

I would assume so, although I cannot confirm it. 

 

It would probably be best to play it safe though since we cannot deny it at this point.

 

Is Insurgency affected?

Games affected https://www.reddit.com/r/Steam/comments/3jja73/source_2013_mp_base_file_upload_and_execution/

[Newton10]

 

Games affected https://www.reddit.com/r/Steam/comments/3jja73/source_2013_mp_base_file_upload_and_execution/

 

That list was never updated since it was first posted. At first it was thought that it just affected Source 2013, but a CS: Source player had his account hijacked, VAC banned, and inventory cleared out. 

 

This also doesn't just affect Source 2013 games. ALL unpatched Source games should be considered vulnerable.

[boboman342]

That list was never updated since it was first posted. At first it was thought that it just affected Source 2013, but a CS: Source player had his account hijacked, VAC banned, and inventory cleared out. 

Does no one use steam guard or?

[Newton10]

Does no one use steam guard or?

 

This was quoted from the person who was hacked:

 

 

Apparently from inside my PC they were able to steal the steamguard files and put them on their own PC so steamguard was completely circumvented.

 

Source: https://www.reddit.com/r/GlobalOffensive/comments/3jpyhh/do_not_join_unkown_cs_source_servers_via_ip/

[cesrai]

That list was never updated since it was first posted. At first it was thought that it just affected Source 2013, but a CS: Source player had his account hijacked, VAC banned, and inventory cleared out.

Is it confirmed it was using this exploit ? maybe it used another exploit ?

[boboman342]

 

This was quoted from the person who was hacked:

 

Source: https://www.reddit.com/r/GlobalOffensive/comments/3jpyhh/do_not_join_unkown_cs_source_servers_via_ip/

This guy man... Valve better check that users information change log or something and get him all his shit back or riot. What kind of bullshit is "Thanks for the report, we are working on a fix for this." as a response from valve's security team?!?!

 

Does valve think that since their servers are "so secure" that they can drop the ball on local steam security too? Obviously that isn't the case...

[Newton10]

Is it confirmed it was using this exploit ? maybe it used another exploit ?

 

I can say it is using this exploit with 99.9% certainty. The description of the attack perfectly matches the exploit. 

 

The guy went on to a custom server. There were probably some custom files, which is one way how this exploit works.

[captain cactus]

I knew about this for quite some time now. It's an old exploit that's now being fixed by Valve right as we speak. Basically, only play on trusted and/or official servers for the respective games you're playing until Valve has a fix ready.

[NeatSquidYT]

saw this in the morning, scary stuff

 

If have 200 games, if i got vac banned, i would literally die

VAC bans only mean that you are permanently banned from accessing any in game server with VAC protection afaik

[captain cactus]

VAC bans only mean that you are permanently banned from accessing any in game server with VAC protection afaik

It means that your whole Steam account can't be used in any Source game on any VAC protected server, which is like 99% of the servers. If you're VAC banned, you're boned.

[NeatSquidYT]

It means that your whole Steam account can't be used in any Source game on any VAC protected server, which is like 99% of the servers. If you're VAC banned, you're boned.

not really. Especially if you never play Valve or source games like me.

[Newton10]

VAC bans only mean that you are permanently banned from accessing any in game server with VAC protection afaik

 

Also keep in mind that accounts can be hijacked as well. The exploits even bypass Steam Guard.

[EChondo]

It means that your whole Steam account can't be used in any Source game on any VAC protected server, which is like 99% of the servers. If you're VAC banned, you're boned.

Actually, according to: https://support.steampowered.com/kb_article.php?ref=7849-Radz-6869

 

 

Cheating in one of the following Source games will result in a VAC ban for all games in the list and your items from Team Fortress 2 will be removed except any items that have been purchased:

 

• Counter-Strike: Source
• Half-Life 2: Deathmatch
• Day of Defeat: Source
• Team Fortress 2

 

Cheating in one of the following Gold Source games will result in a VAC ban for all games in the list:

 

• Counter-Strike
• Condition Zero
• Ricochet
• Day of Defeat
• Team Fortress Classic
• Half-Life: Deathmatch
• Deathmatch Classic

 

So, getting a VAC ban in CSGO will only effect your VAC status on CSGO. Being banned on say, MW2, won't effect other games, only MW2. However being banned on CSS will also get you banned from TF2, DoD, and HL2:DM.

[noisebomb44]

VAC bans only mean that you are permanently banned from accessing any in game server with VAC protection afaik

yes, but if that happened to me i would have to constantly switch accounts whenever i wanted to play a source game, and having a game in the background while playing a source game would not work

 

The whole reson why i use steam is so that i can have everything collected at one place, this would ruin that

[SirSquid]

Does no one use steam guard or?

There is ways around steam guard like if a program was to copy your SSFN file they can log into your account with knowing your steamID/password or having steam guard pop up.

[XTankSlayerX]

This...

I saw this coming.

It seems like Valves stuff is full of loop holes and exploits... Another reason why I sold all my CSGO stuff.

[boboman342]

There is ways around steam guard like if a program was to copy your SSFN file they can log into your account with knowing your steamID/password or having steam guard pop up.

Most other games use some sort of ip address verification along with google authenticatior...

[Lazmarr]

-snip-

Title is misleading/clickbait since it doesn't affect ALL source games. It only affects those that you had to install a tool for.

[evilarceus]

Good, cause the only Source game I play is TF2