GameSpy Arcade Linked on Infected With Nimda
Posted on 27.06.2002
Stuart Udall ( noted the following on the Incidents mailing list: I bring to your most urgent attention that the copy of Gamespy Arcade 1.09 available on at the address
62178 10107395&ontId=20&destUrl=http%3A%2F%2Flaunch.gamespyarcade.c

(HNS Note: URL above is wrapped for better viewing purposes)

is infected with the W32/Nimda.gen@MM virus, as detected by
NAI/McAfee Viruscan.

The full URL of the infected file is:

According to, as of my writing, this file has been downloaded 112806 times from since April 29, 2002.

The virus infected my computer after I downloaded and executed the program via at around 21:45PM, and I'm justing finishing the cleanup now - it's 3:15AM and counting, thank you very much.

I do understand that the file is actually served from, but it was only by carefully inspecting the URLs served by that this becomes evident. A less savvy user wouldn't make the distinction.

I suggest that every night, a robot downloads each file serves, and scans it.

Meanwhile, I suggest the guilty party at gamespy be shot.

Karen Cobb, Customer Service Manager at GameSpy Industries replied on the same mailing list: "Thanks for alerting us to the possible presence of a virus in the GameSpy Arcade Installer. We verified that the GameSpy Arcade Installer did indeed contain the W32.Nimda.E@mm virus shortly after receiving your e-mail. The infected file was immediately replaced with a virus-free version of the installer."

Information on Nimda family of worms can be found over here:

Nimda Removal tools:
+ BitDefender AntiNimda
+ Symantec Nimda.A Removal Tool
+ Symantec Nimda.E Removal Tool


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th