What exactly happened?

When I play COD MW2 Multiplayer, I commonly get into hacked matches, also known as modded lobbies. They will rename your classes, disable your radar, etc. However, there is no threat that I have noticed through scans on my system after playing MW2. So don't worry, your network and system is most likely safe. Hope this was helpful!

"Most likely safe" doesn't exactly make me feel totally better. Your experiences sound exactly what we are dealing with.

I'm also concerned the playing environment will be disrupted as well.

Stear, do you work for Steam?

Its an exploit in the game.
Thats bad enough staying that long.

But if the game would be an entry to compromise your network, dont you think it would be taken off?

You'll need to elaborate on this "strange behavior" that your son had experienced. Without much detail, I personally cannot assist you in any direction. To further conclude that, I have no idea if your system is "safe" or not.

Q: If my son's game profile gets hacked will his progress be lost?
A: There's always the possibility if they have third party access to deranking users, however, nothing will affect his physical Steam profile. If he does get derank, then all I can say is put another cookie in the cookie jar.

There's no way of a game being able to mess with your network. The game your playing is only in a sandbox-like environment. If there's an administrator on the server, he or she is able to see where you are connecting from, which a lot of us are aware of that they can do that. But, there's no way of them being able to execute any code to touch or harm your network/computer.

Originally posted by Nasood:

But, there's no way of them being able to execute any code to touch or harm your network/computer.

Right, because shoddy written code cannot possibly be exploited to perform arbitrary code execution, right? Drive-by attacks on the web exploit exactly that type of weakness. A videogame is no different.

Ofcourse besides the fact that, unlike browsers, videogames are not regularly checked for security problems, are not built with security in mind, more often than not have code of very dubious quality due to looming deadlines and an over-emphasis on performance, etc. etc.

Infact; everything about a videogame makes it potentially worse for a drive-by attack than a browser. And it's a safe bet that something as popular as CoD would be just as attractive to exploit for a hacker as Chrome, Firefox or IE would be.

Originally posted by RiO:

Originally posted by Nasood:

But, there's no way of them being able to execute any code to touch or harm your network/computer.

Right, because shoddy written code cannot possibly be exploited to perform arbitrary code execution, right? Drive-by attacks on the web exploit exactly that type of weakness. A videogame is no different.

Ofcourse besides the fact that, unlike browsers, videogames are not regularly checked for security problems, are not built with security in mind, more often than not have code of very dubious quality due to looming deadlines and an over-emphasis on performance, etc. etc.

Infact; everything about a videogame makes it potentially worse for a drive-by attack than a browser. And it's a safe bet that something as popular as CoD would be just as attractive to exploit for a hacker as Chrome, Firefox or IE would be.

The IW engine does not support from I am aware any sort of file sending machanisms. The code for the source engine that IW uses is closed source, so anyone pen testing it really is going to have a rough time.

That being said, I conclude what I had stated. A drive-by download attack isn't even possible. There's security implenetations in these systems, beleive it or not. There's no file transferiing permissions either, so another LUA Source Engine attack with .DLL files is not possible as of now with the IW engine.

Backup the game files that contain the character things and configs from time to time.

Originally posted by Nasood:

The IW engine does not support from I am aware any sort of file sending machanisms.

There are far more ways than sending files to trigger a few buffer overflows and get an attack rolling. All you really need is something well placed.

Let me cite Nintendo's Gamecube as a nice example. You could upload shell code to it with the Phantasy Star Online MMO game and a broadband adaptor. You could re-route traffic from the Gamecube to a program running on your own machine that would emulate PSO's online server component. In actuality, that program would respond with data carefully crafted to achieve remote code execution on the Gamecube. This remotely executing code would just be a small bootstrapper, but it would be enough to open an additional network connection over which to download more code for the main program and then execute it.

Originally posted by Nasood:

The code for the source engine that IW uses is closed source, so anyone pen testing it really is going to have a rough time.

Also closed source are: Internet Explorer, Flash Player, Java, Adobe Reader. Now, what were some of the applications attacked most through the web again?

Originally posted by Nasood:

That being said, I conclude what I had stated. A drive-by download attack isn't even possible. There's security implenetations in these systems, beleive it or not. There's no file transferiing permissions either, so another LUA Source Engine attack with .DLL files is not possible as of now with the IW engine.

What drive-by download? If you're connecting to a modded lobby, then you're connected to a modded server component. Any data that a possibly compromised server sends back could in theory be specifically crafted to trigger buffer overflows and other nasties to eventualy achieve arbitrary code execution. (See my above example of PSO and the Gamecube.)

As soon as arbitrary code execution is achieved, then that can be used to pull down more code and execute it or either write it to disk. The sandbox and what it does or does not support stop mattering at that point. (Seriously; I'd find it very surprising for CoD to be running on a specially crafted security hardened sandbox the likes of Chrome or IE10+ have. And even those are not perfect!)

Why do you play games at all? If its for you just a hole in a hole?

Originally posted by Muppet among Puppets:

Why do you play games at all? If its for you just a hole in a hole?

Just correcting Nasood's factually incorrect statement.

His claim was that there is no way a hacked server could affect your network or system.
But there is. Just look at the piles of prior evidence throughout recent history.

A game that has as large an installbase as CoD could even be quite a juicy target, especially if people have come to find this phenomenon of 'modded lobbies' a commonplace thing they don't expect to be truely malicious. (Wolf in sheep's clothing.)

Hear here... I would tell him to never click any links sent to him and NEVER... I MEAN NEVER accept a voice invite... there is a well known steam voice chat exploit that is spawned by a user accepting a voice chat invitation

However anything that happens in game is locked and quarantined to the cod program... windows defender would ♥♥♥♥ a brick if steam or cod tried to write and possibly read any files that arent directly related... ie system files

Originally posted by markploch:

"Most likely safe" doesn't exactly make me feel totally better. Your experiences sound exactly what we are dealing with.

I'm also concerned the playing environment will be disrupted as well.

Stear, do you work for Steam?

nobody on these forums works for steams.

ffs just delete config.mp it will repair evrything.c: