Garry’s Mod virus filled servers with sound of coughing

garrys_mod_sales

Last night a virus propogated itself and spread through the Garry’s Mod’s servers quickly. Very quickly.

Exploiting a weakness in the Source Engine, the virus was able to automatically download to your machine when you connected to an infected server. If an infected machine connected to an uninfected server the code would upload to the server and then download itself onto all the machines connected to it.

Developer Facepunch released a fix this morning.

“The virus works by forcing a server to download a .dll file to the computer, which then forces the users steam name to change to VINH’LL FIX IT and spam cough cough to friends and players,” writes redditor ALPB11. “Visiting other servers will force that server to download it to more people, thus spreading across the game. Currently, it just seems to spam messages, but this method could be abused to download actual viruses and destroy computers.”

The code made infected players enter “*cough*” into chat every 10 seconds. More than that players would also emit a coughing sound in the game.

“An exploit was released last night that took advantage of the Source Engine’s file sending mechanism which made it possible to send files with any extension to the client or server,” writes Garry Newman. “This exploit is likely still active in all other Source Engine games so I’m not going to go into specific details about it.

“Needless to say that this was exploited in Garry’s Mod on Windows to send dlls to clients and servers. As far as I am aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names. But to be safe I would recommend that you consider deleting your Garry’s Mod install and starting fresh. It might be a good idea to do an online virus scan too.”

It should all be fixed now.