Garry's Mod "Cough" virus is cured, but it could have been worse

Emanuel Maiberg at

You may have noticed some strange behavior in Garry’s Mod if you played it a couple of days ago. An exploit that took advantage of the Source Engine’s file sending mechanism made it possible to send files with any extension to the client or server. Strangely, this was used to change users’ Steam name to “VINH'LL FIX IT,” and using them to spam friends and players with the word “cough” over chat. The exploit is mostly fixed now, but Garry’s Mod’s own Garry Newman tells us it could have been a lot worse.

“The worm as I understand it was transferred to the client as a dll, then when it loaded it crashed the client, in the hope that they'd join another server,” Newman told PC Gamer in an email. “When they did it downloaded the server's config file and looked for a rcon password.” RCON, or “remote console,” allows you to control a server remotely. “If it got one, it infected the server by uploading the dll and running it (it didn't need rcon to upload the dll, only to run it). And then the cycle continued.”

Newman said he patched Garry’s Mod within an hour of finding out about it, and that Valve did the same, but that it’s still possible for the bug to spread via different Source Engine mods, so be careful what you download.

“The effects of the worm were mostly non-destructive as far as we know,” Newman said. “Luckily the creator kept it pretty tame. It could have been a hell of a lot worse. I hope by being proactive and patching it quickly we avoided anyone using it maliciously.”