Bug in EA’s Battlefield Play4Free allows attackers to hijack players’ PCs

A frame from a video demonstrating an attack that allows attackers to execute malicious code on older Windows systems that have Play4Free installed.

If you play EA's popular Battlefield Play4Free game on an older version of Windows, a pair of researchers say they can hijack your system by luring you to a booby-trapped website.

The proof-of-concept exploit, demonstrated last week at the Black Hat security conference in Amsterdam, allows attackers to surreptitiously execute malicious code on default systems running Windows XP or Windows 2003 that have the Play4Free title installed. There are close to 1 million players of the first-person shooter game, and about 39 percent of Windows users are still on XP.

The webpage used in the exploit opens the game on a victim's computer and instructs it to load a malicious "MOD" file used to customize game settings and features, according to a document the researchers published Friday. Using some nonstandard behavior of a programming interface version found only in older versions of Windows, the MOD file is able to upload a malicious batch file that will be executed the next time the computer is restarted. The technique is successful because it overrides a whitelist that's supposed to restrict the sites that are permitted to load the Play4Free game.

Read 4 remaining paragraphs | Comments