Security experts are blaming known but unpatched vulnerabilities in Microsoft Corp.s Internet Explorer for the theft and distribution of the source code for a much anticipated new video game.
The source code for Valve Corp.s Half Life 2, a sequel to the popular shoot-em-up game that was due out by December, was posted on the Internet on Thursday, according to a statement from Valve Managing Director Gabe Newell.
The theft of the code, which was made available for download on the Net, came after a monthlong concerted effort by hackers to infiltrate Valves network. Malicious activity in the Valve network included denial-of-service attacks, suspicious e-mail activity and the installation of keystroke loggers, Newell added.
This theft is only one item on a long list of security-related problems for the Redmond, Wash. software maker this week. Other happenings included the discovery of more security flaws in Internet Explorer and the filing of a class-action lawsuit against Microsoft over such vulnerabilities in both applications and system software. And the company was also stung by a recent report arguing that the dominance of Windows is a hindrance to computing security.
“This is what happens when you have 31 publicly known unpatched vulnerabilities in IE,” wrote Thor Larholm, senior security researcher for PivX Solutions LLC, in a posting to the NTBugTraq mailing list. “I have seen screenshots of successfully compiled HL2 installations, with WorldCraft and Model Viewer running atop a listing of directories such as hl2, tf2 and cstrike.”
Newell is seeking the Internet and gaming communities help in tracking down the code thieves. The company has set up an e-mail address, helpvalve@valvesoftware.com, to collect information and tips on the hack.
Discuss this in the eWEEK forum.