February 2, 2026

Worms, Doom, and EA doomscrolling

Article URL →HN comments →

General Graboids: Worms and Remote Code Execution in Command and Conquer

Old game, new chaos: hackers spawn “worms,” fans roast EA, and someone ran Doom

TLDR: Researchers found serious flaws in Command & Conquer: Generals, showed a self-spreading “worm,” and even ran Doom through it; EA said it’s out of scope. The community roasted EA, cheered the hackers, and memed about worms, while pointing to fan-made patches—proof old games can still bite and the fans will fix them.

Command & Conquer: Generals just got hit with a nostalgia quake and a tech scare, and the comments are having a field day. Researchers dug into the early‑2000s strategy classic and found flaws big enough to drive a tank through—then proved it with a self‑spreading “worm” and even made it run Doom inside the game. They shared code on GitHub, and pointed to community-made fixes from modders. “Remote code execution” sounds scary, but it just means a stranger could make your computer run programs if you’re playing online. Yikes—and also, hilarious, according to the crowd at Districtcon’s Junkyard talk.

The real action is in the comments. One camp is roasting EA for shrugging at a 23‑year‑old mess—“respect the balls” for even emailing them! Others are cheering the researchers for breathing chaotic new life into a classic. A few veterans chimed in with “finally,” saying this write‑up was overdue. And the meme machine? Fully online. “Atredis has detected wormsign” and Graboid jokes slithered through the thread while folks cackled about Doom booting inside C&C. The gentle drama: corporate “out of scope” vs fan patch heroes. Verdict from the bleachers: the community will fix it, and have way more fun doing it.

Key Points

  • Researchers disclosed vulnerabilities in Command & Conquer: Generals enabling remote code execution and built a worm to demonstrate impact.
  • EA released source code for Generals and Zero Hour in early 2025, facilitating detailed analysis.
  • The game uses UDP port 8086 for lobby meta-commands and UDP port 8088 for in-game synchronization and actions.
  • Despite peer-to-peer architecture, each client must expose both ports, creating a broad attack surface (including LAN scenarios).
  • PoCs and full worm source were published on GitHub, and community patches are available to address the issues.

Hottest takes

“respect the balls… expecting them to push a bug fix for a ~23 year old game” — joe_mamba
“hilarious to see Doom inside of C&C” — client4
“Atredis has detected wormsign” — hexasquid

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.