A botnet of servers used for the popular gaming title Call of Duty have been hijacked and used in a 10 gigabit distributed denial of service (DDoS) attack.
The attack bombarded a small unnamed business with a UDP flood by exploiting a flaw that is still present in thousands of game servers.
The flaw meant that servers did not require a valid player session in order to process replies.
This allowed attackers to write code to send UDP packets to the victim by spoofing the IP address.
European anti-DDoS vendor VistNet, which moved to block the attack, said thousands of vulnerable sites could be found with a “quick Google search”.
Administrators could apply a patch to fix the flaw, which rate limited reply packets to a given IP address.
The fix logged an attackers’ IP address when query packets were sent, and ignored further queries for a set time.
Administrators of hacked Call of Duty 4: Modern Warfare servers had initially thought VistNet was behind the attacks. Few understood how their servers were compromised, the company said.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
