Community
Maya Forum
Welcome to Autodesk’s Maya Forums. Share your knowledge, ask questions, and explore popular Maya topics.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Maya malicious script Security Update and resources

21 REPLIES 21
SOLVED
Back to Maya Category
Back to Topic Listing
Reply
Message 1 of 22
hagen.deloss
Community Manager
10182 Views, 21 Replies
‎06-23-2020 04:09 PM
‎06-23-2020 04:09 PM

Maya malicious script Security Update and resources

Hi all,

 

I wanted to share something that the Maya team has been looking into for the past few weeks.

 

A third-party malicious script has been identified and a fix has been made available. The script can execute malicious code that can corrupt the Maya environment, cause scene instability, as well as spread to other systems.The third-party script exploit can corrupt Maya’s software’s settings, run malicious code, and be propagated to other Maya files (*.ma and .mb) if scene files containing the script are loaded into Maya.

 

The fix is included in Security Tools for Autodesk® Maya, which is available at the Autodesk App Store here.

 

Autodesk highly recommends that customers download and install the Security Tools for Autodesk® Maya plug-in from the Autodesk App Store to protect themselves from the above-described exploit.For more information about how to identify the malicious script, and how to use the security tools, please see the resources linked below:

 

 

As always, we are here to help! If you are having similar symptoms, or having trouble using these tools feel free to post on our forums and we would be happy to assist. But to prevent further corruption from spreading, please refrain from sharing files you think may be corrupted on the forums directly.

 

Warm regards,

 



Hagen Deloss
Community Manager | Media & Entertainment
Installation & Licensing forums | Contact product support | Autodesk AREA


 

Report
Reply
21 REPLIES 21
Message 2 of 22
hagen.deloss
Community Manager
in reply to: hagen.deloss
‎06-23-2020 04:14 PM
‎06-23-2020 04:14 PM

The previously mention articles and Security tools should cover most of your questions.

 

 

Please reach out to @alec.andersenLP8AU or myself @hagen.deloss if you require additional help 😄 

 



Hagen Deloss
Community Manager | Media & Entertainment
Installation & Licensing forums | Contact product support | Autodesk AREA


 

Report
Reply
Message 3 of 22
zewt
Collaborator
in reply to: hagen.deloss
‎06-23-2020 11:45 PM
‎06-23-2020 11:45 PM

FYI, it's a mistake to be calling this an "exploit".  An exploit is code that exploits a security bug in your software, which isn't the case at all here.  It's never been safe to load untrusted Maya scenes, and doing that is the same as running random untrusted software on your PC.  This is just a trojan, not an exploit.

 

It's not a minor nitpick about vocabulary--calling it an exploit is telling everyone that Autodesk and Maya are partially at fault and that Maya has a security bug that needs to be fixed, and that's not true at all.

 

 

Report
Reply
Message 4 of 22
Anonymous
in reply to: hagen.deloss
‎06-29-2020 11:53 AM
‎06-29-2020 11:53 AM

Hello,

This affected my file and i cannot open the file anymore. What can i do to get it back?

Report
0 Likes
Reply
Message 5 of 22
Anonymous
in reply to: hagen.deloss
‎06-29-2020 01:49 PM
‎06-29-2020 01:49 PM

Can i send my file to you?

Report
0 Likes
Reply
Message 6 of 22
mspeer
Consultant
in reply to: Anonymous
‎06-29-2020 09:12 PM
‎06-29-2020 09:12 PM

Hi!

 

1) "please refrain from sharing files you think may be corrupted on the forums directly"

 

2) I recommend to contact Autodesk Support for any issues related to the malicious script or the Maya Security Tools.

 

3) If you provide Maya files related to malicious content or the Maya Security Tools, I recommend:

1. Use only Maya ASCII scenes and rename them to .txt

2. Give them a prefix like "exploit_", "virus_", "infected_",   or "care_" .

3. ZIP the files

This prevents any accidental execution.

Report
Reply
Message 7 of 22
mspeer
Consultant
in reply to: mspeer
‎06-29-2020 09:54 PM
‎06-29-2020 09:54 PM

3)

1. Maybe it's better to suggest to add a postfix like "_off" instead, so ".ma" becomes ".ma_off".

This will work also with other file types and no one tries accidentally to open a 500 MB Maya file with the default text editor.

Report
Reply
Message 8 of 22
Anonymous
in reply to: mspeer
‎06-29-2020 10:31 PM
‎06-29-2020 10:31 PM

Is there any way to contact auto desk support if i am not a paying user but a student?

Report
Reply
Message 9 of 22
lynn_zhang
Community Manager
in reply to: Anonymous
‎07-08-2020 02:17 AM
‎07-08-2020 02:17 AM

Hi @Anonymous 

 

You can contact our Education Support from here: https://www.autodesk.com/education/support/edu-contact-us-form





Lynn Zhang
Community Manager
Report
0 Likes
Reply
Message 10 of 22
ksG3XE2
Explorer
in reply to: hagen.deloss
‎10-29-2020 11:51 PM
‎10-29-2020 11:51 PM

Hi, my TD went through the Scanner and it seems that the scanner might not be picking up variants of the malicious script. He reported that in one of our file, some changes where made to the original malicious script which will render it undetected by the mayaScanner. Our MayaScanner was already updated to v1.0.2.

Report
0 Likes
Reply
Message 11 of 22
mspeer
Consultant
in reply to: ksG3XE2
‎10-30-2020 10:18 AM
‎10-30-2020 10:18 AM

Hi!

 

@ksG3XE2 

Please contact Autodesk Support directly, which is better suited in this case, cause this is an open user-to-user forum and in your case the exchange of sensitive data and infected files could be necessary.

Report
0 Likes
Reply
Message 12 of 22
Anonymous
in reply to: hagen.deloss
‎11-04-2020 11:41 AM
‎11-04-2020 11:41 AM

Hello,

We have made the security tool available to all our systems in the company. As we are in game dev, we literally have tens of thousands of Maya files on network shares and in our version control systems. We were hoping there was a way to script scanning a directory containing all our Maya files. It is unclear to us how to do this or set it up so that we get a bill of health or status after the scan. Has anybody done this? Is there a general recipe or guideline to achieve this?

 

Thanks in advance for any assist.

Report
Reply
Message 13 of 22
chaneyx
Advocate
in reply to: hagen.deloss
‎01-14-2021 12:46 PM
‎01-14-2021 12:46 PM

Which script is it and what is the source? 

Report
Reply
Message 14 of 22
gw01
Community Visitor
in reply to: hagen.deloss
‎01-19-2021 06:58 PM
‎01-19-2021 06:58 PM

I have tried to download the security tools in the app store, however, the link appears to be broken and gives an "App not found" page. Can you please confirm that this app is still alive

Report
Reply
Message 15 of 22
hagen.deloss
Community Manager
in reply to: gw01
‎01-20-2021 09:49 AM
‎01-20-2021 09:49 AM

Hi @gw01 

 

Shoot, sorry for the trouble! This Security Tools app store link right here works for me! let me know if you continue to have trouble downloading or using the tools 😄

 

Warm regards,

 



Hagen Deloss
Community Manager | Media & Entertainment
Installation & Licensing forums | Contact product support | Autodesk AREA


 

Report
Reply
Message 16 of 22
andy.johns
Observer
in reply to: hagen.deloss
‎05-05-2021 02:48 AM
‎05-05-2021 02:48 AM

I notice that the Security tool is for Maya 2015-2020 . What does this mean for those of us using Maya 2021 or 2022 ?

Cheers.

Andy

Report
Reply
Message 17 of 22
mspeer
Consultant
in reply to: andy.johns
‎05-05-2021 06:19 AM
‎05-05-2021 06:19 AM

Hi!

 

Maya 2022 has a built-in version, so it's no longer required there. (There is no Maya 2021.)

Report
Reply
Message 18 of 22
andy.johns
Observer
in reply to: hagen.deloss
‎05-05-2021 08:19 AM
‎05-05-2021 08:19 AM

Ahh so there isnt...thanks for the update.

Report
0 Likes
Reply
Message 19 of 22
dhanad
Enthusiast
in reply to: hagen.deloss
‎05-20-2021 01:47 PM
‎05-20-2021 01:47 PM

Looks like I am the latest victim of this annoying script. We receive work from our external vendors in our studio. We have repository of hundreds if not thousands of .ma files that are being accessed across our network in the studio. I have currently recommended everyone at our studio to update to Maya 2022 so that we can detect any malicious script upon opening a .ma file. However, I am not sure Maya 2022 is able to detect any newer variants? Any leads on this? I lost 3 months worth of work last night, when I attempted to back up my files, the .ma file would delete itself if I tried to move, or copy/paste. Using data recovery did not help either as the file  seems to be retaining its orignal file size but the scene appears empty. Help!

Report
0 Likes
Reply
Message 20 of 22
mspeer
Consultant
in reply to: dhanad
‎05-20-2021 02:30 PM
‎05-20-2021 02:30 PM

Hi!

Please don't post duplicate messages, that's against forum rules. You already created 2 threads about this issue.

"I lost 3 months worth of work last night, when I attempted to back up my files, the .ma file would delete itself if I tried to move, or copy/paste."

- That's for sure not a problem related to Maya scripts as these have no impact on any OS related actions, they only can become active when opened in Maya. Maybe your disk got corrupted or there was any other issue.

Report
Reply
Reply

Forums Links

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Technology Administrators


Autodesk Design & Make Report

Report a website issue