Skip to main content

Valve patches ‘Team Fortress 2’ bug that could install a trojan when you died

Team Fortress 2 Medic healing a Heavy.
Valve Software
Dying in a first-person shooter is not usually as big a deal as in other genres, but in one case researchers found it could be very detrimental to your PC. Valve has now fixed a bug brought to its attention, which in Team Fortress 2 and various other Source titles, allowed hackers to remotely install trojans and other malware upon a player’s death.

Described by researchers as a “buffer overflow vulnerability,” the exploit was one that had to be loaded onto a victim’s machine through a custom map file. There, the researchers were able to install a custom ragdoll model file, which would, in turn, be loaded up when a player died. But instead of displaying a realistic or comical figure during death, that file executed malicious code.

Recommended Videos

Discovered by One Up Security, the bug has now been patched by Valve for all affected Source games, including Counterstrike: Global Offensive, TF2, Half-Life 2 Death Match, Portal 2, and Left 4 Dead 2. However, they do suggest that Source mod makers update their mods with the patch linked. One Up Security also provides guidelines and advice for mod makers to help them avoid the potential problems caused by this sort of exploit.

Please enable Javascript to view this content

However, users can also take steps to protect themselves from exploits through games. For starters, One Security’s Justin Taft suggests that games should not be installed on work machines. He suggests that gameplay should be maintained on an entirely separate network to business-related functions.

He highlights in his discussion of the bug that this unlikely to be common place, as games are quite a common sight in break rooms and on the home computers of employees — but recommends as much separation as possible to avoid this kind of exploit from affecting corporate interests.

For average gamers who want to add some extra security to their own setup to avoid any potential future exploits that leverage Valve’s popular Source titles, he recommends disabling third-party content with a specific console command. That will leave you unable to enjoy some of the wider variety of custom maps and mods out there, but if security is more important to you than gameplay, it may be worth considering.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Our final Nintendo Switch 2 reveal predictions
An image of the Nintendo Switch - OLED Model Mario Red Edition.

The day is almost upon us. After years of speculation, we're very close to an official reveal of the Nintendo Switch 2. Thank goodness for that, as we've been locked in a tidepool of fake leaks and rumors for far too long. The new console hype cycle can be fun in moderation, but the long road to Nintendo's next console has only become more exhausting over time. We had AI companies faking its release date for clout, hardware manufacturers sharing 3D printed mock-ups, and every so-called insider on the planet flinging out conflicting information.

It'll all come to an end soon when Nintendo reveals its new console. While that's a relief, there is something bittersweet about it. The mystery of a new gaming device is part of the fun. What will it look like? What games will launch with it? Will it be backward compatible? These are the kinds of questions make for fun social fodder; I've had plenty of speculative conversations with friends over the past two years. In some twisted way, I'll miss that once reality sets in.

Read more
Former Witcher and Cyberpunk devs unite to create The Blood of Dawnwalker
A vampire appears in The Blood of the Dawnwalker.

Rebel Wolves, a new studio created by former The Witcher 3 and Cyberpunk 2077 developers, announced its new game, The Blood of Dawnwalker.

The Blood of Dawnwalker looks to be Gothic fantasy on par with The Witcher. It features a character who, much like Geralt, traded humanity for power. Coen, the main character, combines human traits with vampiric power to take down foes.

Read more
One of my most anticipated games of 2025 just got a release date
A rabbit sits at a desk in Rusty Rabbit.

Rusty Rabbit | Release Date Trailer

Rusty Rabbit, an upcoming Metroidvania published by NetEase, will launch on April 17 for PS5, Nintendo Switch, and PC.

Read more