March 27, 2012
Competition among owners of game servers is traditionally high, especially, if the servers are at the top of gametracker’s ratings. Back in February, several applications rendering GoldSource servers non-operational appeared in the public domain. One of them, added to the Dr.Web virus database as Flooder.HLDS, is a program that has a graphical interface and emulates a large number of connections to a game server which can make the server freeze and cause errors.
Flooder.HLDS.2 is another malevolent program that sends a certain data packet to the server which causes it to crash. The program offers several options to communicate with the server. Both applications have been widely spread via gaming forums, and the number of attacks on game servers that were orchestrated using these applications increased significantly during this month.
Interestingly such programs can cause damage to the systems of intruders who try to bring down game servers. Doctor Web's virus analysts got hold of copies of Flooder.HLDS.2 from game forums. When run, some of these programs infect the system with DarkNess.47 backdoor and Trojan.Wmchange.14. The first acts as a backdoor and DDoS bot, while the Trojan horse changes WebMoney wallet IDs in the memory of the compromised computer to steal money from a user’s account. Thus, would-be criminals become victims of virus attacks and subject their computers to the risk of infection.
All the threats are added to the Dr.Web virus databases. More detailed information can be found in our video review: