I had a terrible time with Blackhole yesterday, and anyone who followed me on twitter would have heard my cries of frustration. I was running Microsoft Security Essentials which totally failed to prevent or notice what was happening. At the time I was not sure exactly where it had come from.
Now I know. Somehow, Wurm Online has managed to get infected with the Blackhole toolkit; a particularly nasty piece of work. It looks like it’s in the launcher. Blackhole is quite a large malware family, with this particular example being one designed to get in via java.
Fun thing. Before it did anything else, this virus managed to send a kill message to my monitor, fooling me into thinking I was having a hardware issue. So I was messing around with cables and such while it was merrily doing its thing on my machine. Was only when I rebooted that my monitor returned to life. And I only figured out I was infected at all from reviewing my system logs when I was looking to see if my graphics drivers had failed or something similar. MSE did not consider it important enough to tell me about.
I had launched Wurm just a minute or two before my monitor died, but for some reason I never even considered the possibility that I might have gotten infected from an MMO, especially as Blackhole is usually contracted through websites. However, there is no reason why you could not contract a java version through a java game, if it had allowed its files to become infected, and the launcher accesses webpages in any case.
Funnily enough, back in the old days at Anglia Multimedia, I was responsible for making absolutely certain none of our software was infected with anything before we sent them to the CD-printer. While I appreciate that in the heady online world things move a little faster, that only makes it even more important that you fulfil your duty of care to your players.
I don’t think I have managed to eradicate it fully yet. Seems like it’s managed to get quite deep into my system.
So, for now:
- Do not launch or play Wurm.
- If you’re using MSE, try AVG’s free checker, which reportedly is doing a better job at dealing with it.
- I’ve also uninstalled java, as this version of Blackhole seems like it might be making use of it, and hiding in the java install. Uninstall it, or at least update it to the very latest version and use the option within the java controls on your Windows control panel to completely flush the cache.
- Be wary. It’s possible that there is not a quick solution to this infection, and we may be playing host to keylogggers and other dangers. I’d avoid entering my financial details anywhere until I’m 100% sure my PC is clean.
I am not best pleased. We trust Wurm to take proper precautions against this sort of thing. Being a disorganised and eccentric company is only endearing up until the point that it potentially destroys my computer, and/or gets my details stolen by keyloggers. They should have processes in place that make what has just happened impossible.
They should have shut down their server by now, and informed all the players. At the time of writing that has not been done. I hope that’s going to happen soon. The priority right now needs to be to protect the players, not Wurm’s reputation.