DayZ hack fears due to "misinformed" dev overreaction, says mod creator

day z diary

A series of posts from members of the DayZ team have triggered fears of a potential security breach, as mentioned over on Kotaku . A Google groups email and forum post from team member, Tonic, warned that someone had managed to grab the devs' FTP details after accessing their email address, and had proceeded to upload bad data to the US file host. He declared that the culprit had been discovered and banned and the affected US file server closed.

But RPS note that the mod's creator, Rocket, has posted a different message. That one mentions only that forums had been vandalised, and states that the original Tonic messages were "misinformed" and had "overreacted" to the threat. Here's Rocket's take.

  • Fact: One of our Artist's PC's was hacked by a person known to him.
  • Fact: The hacker used the Artist's password to attack the forum's.
  • Fact: This was detected almost immediately, initially it was thought that this person was in fact the artist themselves.
  • Fact: DayZ has RDP/Admin access to less than 15% percent of the servers hosting DayZ.
  • Fact: The forums were vandalized, and this was detected and rolled back immediately.
  • Fact: A staff member, in a rush to inform everyone, was misinformed and overreacted resulting in the infamous google groups message .

The Tonic message originally claimed that a malicious bot file had been distributed.

"The file was called dayz_auto_updater.exe

This malicious software is lead to be a backdoor / bot. Below is the ThreatExpert report on this file.

"ThreatExpert also explains where this malicious application installs / moves its processes to stay hidden within your computer. So if you are a user who has downloaded the .exe called dayz_auto_updater.exe from the US Mirror is to scan their computer against viruses and read the description by ThreatExpert on where to locate this if your Virus detector does not pick it up."

A very specific threat warning, there. Rocket says that "Tonic is under an extremely large amount of pressure and is required to devote a large amount of time to dealing with increased security threats. Nobody can be expected to get everything right every time."

He also reiterates that the team only has access to less than 15% of all servers. "Any claims that anything being compromised would allow the rise of us wielding a network that could be a "giant botnet" are incorrect and misinformed," he writes.

Tom Senior

Part of the UK team, Tom was with PC Gamer at the very beginning of the website's launch—first as a news writer, and then as online editor until his departure in 2020. His specialties are strategy games, action RPGs, hack ‘n slash games, digital card games… basically anything that he can fit on a hard drive. His final boss form is Deckard Cain.