A group of fans recently released Sonic 2 HD, an alpha version of a very fancy home-made tribute to Sega’s classic platformer. They even, inadvertently, threw in a bonus: free keyloggers for everyone!
Both the dev team and a “professional antivirus employee” have confirmed that copies of the game include “a keylogging program as part of the Sonic 2 HD alpha software”.
Keyloggers are employed to monitor the keys pressed on a keyboard by a user, and can be used – depending on the type of keylogger used – to capture a user’s passwords.
Here’s the dev team’s statement in full:
Earlier today, I was contacted by a professional antivirus employee who was interested in why Sonic 2 HD consistently popped up as a threat by multiple antivirus software programs and did some investigation. His results showed that a keylogger is part of the Sonic 2 HD software. After receiving this notification, we conducted our own independent tests and found that there is indeed a keylogging program as part of the Sonic 2 HD alpha software.
I want to emphasise that at this time, we have found no evidence that the software has been “phoning home” any data-only that we have found the capability exists.
Because this vulnerability has been found, we are strongly advising that the software be removed. You will need to delete the files included with the Sonic 2 HD zip, as well as the registry keys hooked at HKEY_CURRENT_USER/Software/NakaSMK (if you are unfamiliar on how to do this, go to Start->Run.., type regedit, follow the folder path, and then delete the NakaSMK folder.)
We will have more information on the situation as it evolves.
UPDATE: Seems there’s previously been quite a bit of drama behind the scenes on this project.
UPDATE 2: A team of developers involved with the project tells us the original Sonic Retro report was incorrect, saying what’s tripping people’s virus alerts is “Just a bug (or lazy code) from DirectInput that causes it to read input even when the window is out of focus”.
UPDATE 3: The original report, appearing on Sonic Retro, has been removed, the author stating “I f**ked up. This is totally my fault and I take full responsibility for that. The article has been redacted and there will be another one going up shortly that explains the situation.”