The final hours of Portal 2 - Malware?

[PotcFdk]

The Topic
There is some malicious Code on the Valve servers.

What are you talking about?
As soon as you start "The Final Hours of Portal 2",
you automatically connect to thefinalhoursofportal2.com
This site has been hacked.
Somebody injected malicious code which I'm going to show later on.

The Problem
Your Client / The final hours of Portal 2 connects to that website, or to be more specific, some subpages.
There is an illegally inserted IFrame to pokosa.com* on the page.

The Solution
There's really nothing we can do about it. It's in Valve's Hands.
I've send them an email and contacted the Steam Support.
Steam Support told me it's my Browser's fault...

The Solution Episode One
Odessa Cubbage has posted in here that Valve is finally aware of the problem.
Also, The final Hours of Portal 2 has been disabled for all users temporarily.

Quote:

Originally Posted by Odessa Cubbage

The site owner has been notified that there's a problem.

The Solution Episode Two
The Malware seems to be removed from the servers.
The Final Hours Of Portal 2 has been reactivated
and everybody is able to play it again.
No official statement has been posted yet.


Some Information
Well then, here is some information for all the people who don't know what happened / what to do now.

There was an IFrame maliciously injected on the servers that were hosting some content for The Final Hours Of Portal 2.
This IFrame loaded a script from another webserver (mentioned before).
That script should be now be well-known and in the malware-list of your Anti-Virus solution.
It is recommended to do a full-scan of your system to make sure the script doesn't hide somewhere.
I personally also recommend to clear all kinds of Internet/Web Caches because scripts often reside in these places.


* Better don't visit that website.

[Lalee88]

I've bought it yesterday and got the same warning (I'm using Avast)...
Maybe it's a false alarm?
I haven't found anything useful about anybody else having this issue...

[kuangeleven]

Firefox says that the webpage is reported to be malicious.
Weird.

[Alililele]

"Blackhole Exploit Kit"
this is what AVG gives me

[Sparkpin]

In my back history, it DOES say pokasa.com

Both MBAM and Microsoft Security Essentials were tripped.

Mbam Said something about ccvshost.exe

I think the Final Hours of Portal 2 has been infected

[FunPika]

"Web Attack: Mass Injection Website" is what I am getting from Norton.

[e_nigma]

This should be reported to Valve, apparently, someone hacked the server that hosts the otherwise legit content and inserted malware.

[PotcFdk]

I just wrote an email to Valve.

[e_nigma]

I've just bought the thing and the malware is still there. I sent a message to Steam Support, hopefully, they'll do something about it.

[daze23]

yep, I got a warning from chrome

[lostprophetpunk]

You might want to remove that link...

[rLegolas]

This is it.

http://i.imgur.com/N9ERt.jpg

[schrodingergeek]

AVG flagged it for me too.

[PotcFdk]

Quote:

Originally Posted by rLegolas

This is it.
http://i.imgur.com/N9ERt.jpg

Nice, you have found the place where the game shows the webpage.

[Spyro Cool]

Ok. I installed it a few months ago. Do I need to delete it or just not use it.

And can my friend download it now but not use it?