back to article Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs

A fresh update for Capcom's Street Fighter V for PCs includes a knock-out move: a secret rootkit that gives any installed application kernel-level privileges. This means any malicious software on the system can poke a dodgy driver installed by SFV to completely take over the Windows machine. Capcom claims it uses the driver to …

  1. Anonymous Coward
    Anonymous Coward

    Secret Rootkit! HADOUKEN!!!

    Has SONY bought CAPCOM?

    1. RAMChYLD
      Pint

      Re: Secret Rootkit! HADOUKEN!!!

      Nope, but I suspect it may be a case of the Konami- ie CEO position usurped by corrupt corporate executive, who demands DRM because more money. You'd think something was up when someone as high ranking as Keiji Inafune packs up and leaves.

      1. sabroni Silver badge

        Re: who demands DRM because more money.

        It's not DRM, it's anti-cheating. Still stupid, but for a nobler reason.

    2. Anonymous Coward
      Anonymous Coward

      Re: Secret Rootkit! HADOUKEN!!!

      No, Hillary Clinton did. She needs a new server or two for her emails.

  2. VinceH Silver badge
    Facepalm

    Un-fucking-believable.

    Will any of these companies ever realise that when another company is caught with its pants down doing something stupid like this, the lesson they should learn is NOT TO DO the same thing, not TO DO the same thing.

    1. asdf Silver badge

      All it would take is for a Fortune 100 CEO (looking at you Wells Fargo) to do a perp walk (forget convicting him even if you do the SCOTUS will overturn it). Which means yeah never.

    2. Black Betty

      A few hundred thousand malicious damage charges might get...

      ...the message through.

  3. Badger Murphy

    Why the double standard here?

    Why is it that this sort of behavior is 'criminal activity' when an some folks do it, but an 'honest mistake' when companies do?

    "Whoops! Sorry about that badly written backdoor, mates! Let's just put this whole thing behinds us. No harm done*!"

    1. asdf Silver badge

      Re: Why the double standard here?

      >Why is it that this sort of behavior is 'criminal activity' when an some folks do it, but an 'honest mistake' when companies do?

      One has shareholders to blow.

      1. GrapeBunch Bronze badge

        Re: Why the double standard here?

        IANAL BIPOOTI, but intent. Admittedly intent also looks double-standardly if examined. Company putting code on your computer to harvest your private data: OK; you putting code on their computer to research their private data: crime. You accepted their software, albeit presented under pretences. They accepted your phishing email. Hmm, not much difference! Here the intent was to prevent misuse of the company's IP. But isn't there a caption for criminal negligence, reckless behaviour?

        Too serious. Time for a singsong. After me, please:

        "Fake fake fake

        fake fake fake

        fake BIPOOTI" (to the tune of "Shake Your Booty", for anyone under 50).

    2. TheSkunkyMonk

      Re: Why the double standard here?

      Limited Liability, same reason no one goes to jail when the oil companies try to save a few pennies on piping, or when the banks steel millions. can't send a bit of paper to jail, or can you?

      1. Rusty 1
        Coat

        Re: Why the double standard here?

        It's the foundries that mill steelions.

      2. Voland's right hand Silver badge

        Re: Why the double standard here?

        Limited Liability does not apply to criminal proceedings against a person. It is a strictly financial concept.

        The issue is that neither in Sony's case, nor here there was a prosecutor brave enough (and interested enough) to file charges.

        1. Robert Helpmann?? Silver badge
          Childcatcher

          Re: Why the double standard here?

          The issue is that neither in Sony's case, nor here there was a prosecutor brave enough (and interested enough) to file charges.

          Seems a class action lawyer could have a good time with this given there is an easily definable class and arguably malicious action which could lead to claims of all sorts of issues for Sony's paying customers.

        2. beep54
          Angel

          Re: Why the double standard here?

          Erm, in Sony's case they actually were sued. By, of all entities, the State of Texas. I mean, you really know you've truly fucked up when the State of Texas sues your corporate ass.

      3. Elfo74
        Headmaster

        Re: Why the double standard here?

        "Limited Liability, same reason no one goes to jail when the oil companies try to save a few pennies on piping, or when the banks steel millions."

        Banks always do that. It's called a safe. It prevents burglars from taking said millions.

    3. allthecoolshortnamesweretaken Silver badge

      Re: Why the double standard here?

      Technically, not a double standard as somewhere deep in the T&Cs/EULA there will be a clause to the effect of "If you click the 'I agree' button this will give us the right to fuck with your gear at any level and in any way we see fit, because."

      1. Anonymous Coward
        Anonymous Coward

        T&Cs/EULA

        However, it is generally the case that T&Cs cannot be used to negate legal rights!

        1. beep54
          Unhappy

          Re: T&Cs/EULA

          "However, it is generally the case that T&Cs cannot be used to negate legal rights!" That might be the case where you are, but I am not at all sure it is true here in the US.

      2. Anonymous Coward
        Anonymous Coward

        Re: Why the double standard here?

        somewhere deep in the T&Cs/EULA there will be a clause to the effect of "If you click the 'I agree' button this will give us the right to fuck with your gear at any level and in any way we see fit, because

        This company will be begging on its knees hoping that you forget that you cannot bind someone contractually to accept what is a criminal offence, because the "contracting party" as it were that you would have to deal with is the government, not the user.

        You can't put in a contract "by playing this game you permit us to rob you blind and murder your first born" because both are classed as criminal offences.

        The problem is thus not the contract, but law enforcement. No doubt the company is already busy hastily filling the coffers of relevant election campaigns to prevent any DAs from picking this up as something worth dragging through the courts. It can feel confident that it has at least some protection in that area, because the first DA to actually do the right thing would create a precedent that could harm a great many of these campaign contributions, for none of these companies would be able to cast the first stone. Yes, I'm a cynic, so sue me.

        But by God, the industry needs a harsh kick up its collective rear ends for going back to respecting its customers, a kick harsh enough to resonate for a couple of years.

  4. Anonymous Coward
    Anonymous Coward

    The article fails to mention that after such update, the majority of PC players was unable to launch the game AT ALL.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Anonymous coward

      "the majority of PC players was unable to launch the game AT ALL"

      Source?

      C.

      1. nematoad Silver badge

        Re: Anonymous coward

        "The article fails to mention that after such update, the majority of PC players was unable to launch the game AT ALL."

        Grammar?

        1. Steve Graham

          Re: Anonymous coward

          Grammar. "Majority" is a singular noun, therefore "was" was correct.

          1. The Mole

            Re: Anonymous coward

            The majority is referring to which group of players was being discussed, the players being a plural therefore were is more correct.

            1. Steve Graham

              Re: Anonymous coward

              Incorrect.

              (I take it you aren't a programmer? If you don't stick exactly to the language rules, stuff won't compile.)

      2. Bronek Kozicki Silver badge
  5. Stevie Silver badge

    Bah!

    Well, as long as it was for something important ...

  6. Kurt Meyer

    Capcom

    I don't remember buying any Capcom games in the past, and I don't believe I'll be buying any in the future.

    1. MrDamage

      Re: Capcom

      They do the Resident Evil series, which I've been looking at getting legit versions of. Guess I won't be doing that now, and will seek them elsewhere.

      1. Geoffrey W Silver badge

        Re: Capcom

        RE: "and will [now] seek them elsewhere"

        Yep. Why pay for your rootkit when you can get rootkit elsewhere for free.

  7. Anonymous Coward
    Anonymous Coward

    to uninstall...

    Press: Down, UP, Left Shoulder Button, Right Shoulder button, A, B and Start....that should soft out the update.....or give you 10 STAR TURBO speed, i can't remember which?

    1. Robert Grant

      Re: to uninstall...

      I thought that did a combo breaker?

      (Oh sorry, that's the other other one.)

  8. Will Godfrey Silver badge
    FAIL

    History? Learn?

    You know the rest... Apparently, they don't.

  9. Dan 55 Silver badge
    Alert

    SMEP

    Too late explaining the acronym in the next paragraph, I Googled it at the second mention thinking it wasn't going to get explained and got something completely different.

  10. Daniel B.

    So that's M Bison's new power

    Rootkit attack! Your PC is now working for Shadaloo!

    1. Fibbles

      Re: So that's M Bison's new power

      Seems like something more at home in a Metal Gear game. When Psycho Mantis first read the contents of my PS1 memory card it blew my mind.

  11. JeffyPoooh Silver badge
    Pint

    Door is securely locked. Jiggle handle to open.

    "...an application simply has to pass control codes 0xAA012044 and 0xAA013044 to the IOCTL, and a pointer to some instructions, and the driver will then jump to that block of code with full kernel permissions."

    Seriously?

    I'm not saying that some (Microsoft in this case) coders are incompetent morons, but if they were....what would be different?

    1. Dan 55 Silver badge

      Re: Door is securely locked. Jiggle handle to open.

      What's MS got to do with this?

      1. JeffyPoooh Silver badge
        Pint

        Re: Door is securely locked. Jiggle handle to open.

        Dan asked "What's MS got to do with this?"

        It's a PC, presumably Windows.

        So this OS security failure has nothing to do with the OS then?

        OS can't accept any responsibility for such root kits?

        Really?

        1. Anonymous Coward
          Anonymous Coward

          Re: Door is securely locked. Jiggle handle to open.

          It's a CPU level security feature. It's intel and AMDs fault for alllowing it to be disabled in the first place!!

          No OS can be secure with such a gaping security hole in the hardware!!

          Oh, wait. This can only happen if you install a malicious binary and click through the security dialogs? Maybe you should just not do that then...

          1. JeffyPoooh Silver badge
            Pint

            Re: Door is securely locked. Jiggle handle to open.

            AC "...you install a malicious binary..."

            "You" who? You mean, like, manually? With bent paperclips and a battery? Or is the OS involved?

            I don't think it's tenable position to claim that the OS is blameless here. Especially one that claims to provide security.

            Why would the OS even allow USER CODE access to the CPU's security feature? Clear MS FAIL. They'll probably patch it next month.

            AC "...click through the security dialogs..."

            Are you sure that there were explicit warnings from the OS about the root kit that came with this game? I'll betcha that there were not any such thing.

            It seems that my point stands. Arguable, sure. But still clearly valid.

            1. JeffyPoooh Silver badge
              Pint

              Re: Door is securely locked. Jiggle handle to open.

              Me, "Clear MS FAIL. They'll probably patch it next month."

              Same or very similar to this...

              El Reg: "The MS16-098 patch, issued in August, fixes privilege escalation bugs in kernel-level drivers..."

              1. Dan 55 Silver badge

                Re: Door is securely locked. Jiggle handle to open.

                It's not an escalation bug, it's done by design.

                If someone installed some software on Linux which included a Linux kernel module which when called executed arbitrary code with kernel permissions, would that be Linux's fault or the software developer's? I'd say it's the second.

  12. Anonymous Coward
    Anonymous Coward

    What... nobody mentioned the NSA yet? Reg Commentards are getting slack these days.

    1. Anonymous Coward
      Anonymous Coward

      We are tired.

      We are just waiting for the hammer to fall.

      (Now the Obama administration is starting to look into Trumpic "Kremlin ties" ... I kid you not. Do they have anything to do? Except walk away from negotation tables like butthurt chihuahuas? The priorities in this world are very clear. Very, very clear.. Let fire from heaven take them all!)

      1. Anonymous Coward
        Anonymous Coward

        Re: We are tired.

        Now the Obama administration is starting to look into Trumpic "Kremlin ties"

        Well, that has taken them long enough. Anyone else publicly encouraging the Russians to break into ANY US entity's resources, let alone commit a clear hostile act by attacking government resources at that would have had a visit from people with a penchant for dark suits and sunglasses by now, but there appears to be an exemption for people with orange skin and weird hair (which, rumour has it, would include a large portion of Essex youth, but let's stay with the topic).

        Do Presidential candidates get a free pass from criminal prosecution?

    2. Anonymous Coward
      Anonymous Coward

      Sorry I'm late...

      NSA-mandated backdoor, obviously.

  13. Old Handle

    anti-crack solution (note: not DRM)

    Uh-huh. Call it what you want, it's still malware.

    1. Anonymous Coward
      Anonymous Coward

      Re: anti-crack solution (note: not DRM)

      Uh-huh. Call it what you want, it's still malware.

      Yup. That implementation amounts to causing wilful damage to a computer. Well, OK, so does installing Windows, but that's generically a bad idea that is industry accepted, but making it worse has definitely a criminal aspect to it. What's more, they've just admitted so by stating they won't stop doing it, no, they will only change what they're doing which translates as making the backdoor harder to find..

  14. Anonymous Coward
    Anonymous Coward

    UWP

    Surely a reason for software houses to create more UWP apps. I don't want a game to be able to take over my pc and leave it open to all and sundry.

  15. Chewi
    Linux

    Linux version

    I wonder if they tried to pull a similar stunt in the Linux version.

    If you didn't know, I'm not kidding, there really is a Linux version.

  16. Pascal Monett Silver badge
    FAIL

    "We apologize for the inconvenience"

    No, what you should apologize for is confusing your game with your right to the user's computer. And for being too stupid to not let the user cheat locally where there is no problem, and not being capable of finding a server-based solution to check server-based multiplayer.

    I suggest you meekly go, hat in hand, and beg Blizzard to tell you how they prevent cheating on Diablo III without fucking over people's personal property.

    You might even gain some intelligence in the process. God knows you seem to need it.

    1. Kurt Meyer
      Pint

      Re: "We apologize for the inconvenience"

      @ Pascal Monett

      Thank you for saying that. All of that.

    2. Not That Andrew

      Re: "We apologize for the inconvenience"

      Ask Blizzard? Reallly? did they implement offline single player & LAN multiplayer while no-one was looking?

  17. JLV Silver badge
    Windows

    bit confused about the technical aspects

    >the capcom.sys kernel-level driver

    Why is Windows structured in such a fashion that a game retailer's code can reach deep into its guts and pull off something like this?

    I realize that malicious code can hack its way where it's not supposed to. That's true on Linux, OSX, Windows, whatever. If there is a vulnerability and the cracker uses it, game over. Don't trust code blindly.

    But is this what happened here? Seems like Windows is perfectly happy to play along - there is no indication of a vulnerability being used. "Just" a dishonest company - whose decision makers in this case should be liable for jail time for computer tampering, just as any old crook. Just like Sony's CD rootkit in fact. Is this really by design???

    Or, am I in the wrong, and even on Linux you could do this crap without doing a kernel recompile? Or kernel module load of some sort, that you would need to agree to? Or, of course, an unpatched vulnerability - but that's still not by design.

    1. JLV Silver badge

      Re: bit confused about the technical aspects

      On reread - in linked articles, there seems to be an indication that Windows was making the users aware of the kernel access.

      If that warning was displayed through normal Windows process vetting mechanisms - and not through some particularly savvy Windows user's configuration and system auditing - that would put the onus on users to run like hell, but perhaps kinda exonerates Windows.

  18. Robin 12

    Not just Capcom that requires high level access

    I just setup up a gaming machine to run Windows for one of my children. During the install, the ESEA (esea.net) client required Administrator access. I thought that was okay but it turned out, to play the game, they needed to run as Administrator to run the game.

    As the Windows partition is only for this game, I am not super concerned. Of course ESEA was caught running a bitcoin miner with their anti-cheat client where details are on the net.

    They know that they may lose the Windows if there are any major issues due to this issue. Even the EULA agreement is very broad.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not just Capcom that requires high level access

      What install needed ESEA? And what the heck is ESEA? (I went to the web site and couldn't figure it out...)

      Also what version of Windows? I haven't had to use admin to run apps and games since the Windows XP version.

  19. Avatar of They
    FAIL

    Erm.

    Sorry the article also suggested this game had in app purchases. For a PC game you also have to buy?

    Oh dear.

  20. Anonymous Coward
    Anonymous Coward

    OK - how is this even possible.

    An app can disable a key aspect of your security and open a backdoor? seriously you're using an OS that allows that to even happen? You deserve everything you get.

    1. Anonymous Coward
      Anonymous Coward

      Re: OK - how is this even possible.

      Of course applications can disable security features if the user gives them permission to do so, which is exactly what is happening in this case. It's the same on pretty much every other OS in existence, because the alternative is a locked-down OS where users don't have root/kernel level access, such as iOS and Android, and pretty much every console OS.

  21. MrZoolook
    Megaphone

    Isn't this actually a criminal offence?

    I thought I was under the impression that the deliberate spreading of malware was a criminal offence?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019