Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
World of Warcraft: Potential Trojan Warned
SBFord
Former Associate EditorMember LegendaryPosts: 33,129
The World of Warcraft support forum has been updated with a blue post that lays out some pretty serious information about a potential trojan that has even cracked through the authenticator security mesure. The trojan can access both a player's account information and authenticator password.
We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.
If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:
Disker rundll32.exe c:users
ameappdatalocal empw_win.dll,dw Name-PCName StartupDisker64 rundll32.exe c:users
ameappdatalocal empw_64.dll,dw Name-PCName StartupWe are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.
Your MSInfo.
A list of any addons you recently installed along with where you got them.
A list of any programs you recently installed along with where you got them.
Any security programs you have run and their results.
Join the ongoing discussion on the World of Warcraft forum.
Comments
I wonder where a bunch of nerds with no life would get a trojan on the internet. Hmmmm, there has to be a place where nerds are likely to go or a certain something that they are likely to search for. I wonder what that is.
I can not remember winning or losing a single debate on the internet.
Death is nothing to us, since when we are, Death has not come, and when death has come, we are not.
Doesn't surprise me.
-Azure Prower
http://www.youtube.com/AzurePrower
Man Blizzard's security is so relaxed reminds me of Portland Mane's Airport
An automated script could do all of the above in less than 10 seconds.
As a former locksmith I'll just say, if you can get in, anyone can get in with enough work. There is no such thing as a thief-proof lock.
Authenticators are like deadbolts on a door, it's just an added lock, but it's still able to be picked.
Just because someone found a way to crack it doesn't mean it's 'relaxed'. Even the most expensive home, business, computer, or vehicle security system available won't stop an intelligent, determined professional. Such systems are designed primarily to deter more 'casual' thieves / hackers by making the required time & effort investment cost more than the end result is worth.
An authenticator is still going to be by far the best way to secure your account, on top of proper security procedures that is.
If a program can nab enough samples, I'd imagine someone could decipher the algorithm used to generate the numbers. That's one way certain unsavory types were able to figure out how to generate valid 'new' credit card numbers, after all.
AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!
We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD.
#IStandWithVic
You mean to tell me that I'm not supposed to click the ads on porn sites? This is all Blizzards fault!
MMOs finally replaced social interaction, forced grouping and standing in a line while talking to eachother.
Now we have forced soloing, forced questing and everyone is the hero, without ever having to talk to anyone else. The evolution of multiplayer is here! We won,... right?
Not too shocking. Only was a matter of time before ways around the authenticator would be pushed out. A nice tool for reducing the chance to being hacked, but never fool proof. In the end, good password practices are the best way to protect your computer, as well as being careful with surfing and having good virus protection. Only made better given you regularly change passwords, due to databases being hacked not being at all a new thing.
Honestly if your smart, an authenticator really will never be needed. If its a case you have a keylogger, your probably already screwed given they figured a way to crack the authenticator, whether then or in the future.
Happened to me AWHILE back
Okay here is what I do not understand about this article and others I find on the internet.
1.) Why does it matter if my password/login are stolen as long as I have an authenticator on my account the passwords generated are supposed to be (One Time Use) Meaning lets assume somone stole my One time password of 0000000 then this code can never be used again.
Which leads to believe that
.Blizzards Encryption, and one time password has been cracked by someone on the inside.
. The security isn't properly setup aka if I logged into my account someone from a different IP can login to my account immediately after without typing in a new code, which again it would be Blizzard fault here if this was the case.
. Or some hacker accesses the users computer using their IP address as a proxy to fool Blizzards servers into letting them in, or has remote access.
Otherwise it shouldn't matter if a person is infected or not anyone with an authenticator should be safe unless Blizzard has made a big mistake, or encryption has been broken, unless of course someone has collected enough login codes to crack the encryption to all authenticators or something to generate a one time password.
Also I would Beware of Curse Gaming. Because this is the site I used when my account was compromised twice in a row years ago one of the add-on's from their site was infected with a keylogger. Also some friends recently have been discussing things like Derp-Trolling, and rumor has it that groups of people like this could put malicious content in add-on's and use other peoples computers as Botnets especially when it comes to a 13 year old downloading an add-on unaware of what a .exe file is and they click on it, sure its a real add-on, but it installs a back-door for a hacker to use as a proxy or a keylogger for that matter, so no matter it be curse or not you have to be really careful where you get the add-on's.
What? Porn sites are in general make up a huge portion of the internet, and are some of the most visited. Furthermore a great deal of WoW players fall into the 'horny teenager' age group, which is the prime target of said sites. It makes perfect sense to put them there, as the exposure (no pun intended) would be tremendous. The fact that such sites don't give a crap about their user's security also means that nobody cares enough to check ads for malicious software, and on top of that they have a well-documented history of installing trojans and the like.
Getting the virus from an ad or script on a porn site (some of which even advertise gold-selling companies) is completely realistic, and very probable.
Oh, and who said this virus is specific to WoW? It could very well be looking for multiple online games.
AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!
We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD.
#IStandWithVic
For those who do not understand why authenticators can be "cracked" google "Man in the middle".
They aren't cracked, they are circumvented using the weakest point of the system, the end-user and their ability to be fooled into installing a trojan in the first place.
An Authenticator remains a reliable method of protecting your account in much the same way they protect confidential data at the Hospital I work at, although professionally they are called RSA tokens.
So two things need to go wrong (all outside of the control of Blizzard) for this Trojan to be a successful.
Blizzards servers are not being directly hacked by this Trojan it's a "man in the middle" attack this is ALL outside of the control of blizzard, what they could possibly do build in some scanner into the WoW launcher but the moment they do that people will say "theyz stealingz myz detailz OMG".
all too true.
Blizzard have done the best they can in order to help protect users accounts, but at the end of the day, no matter how 'idiot proof' they try to make things, people with little or more often than not, no experience or knowledge of internet security, will allow what they can do, to be circumvented.
Authenticators do protect accounts, but that doesn't mean that people should just ignore things, protecting their PC's OS's etc should be something everyone knows at least the basics of, the number of times however, that i have had to 'fix' peoples, or in this case 'friends and family' members PC's because they managed to get them 'infected' or just plain lack of maintenance, is kind of scary, and annoyingly time consuming.
Sometimes i think if people can't handle even the basics of internet security, then they should step away from PC's and buy a console, they may be in a locked in system but at least they can't break it.
-Prior story writer for MMORPG.com
I wonder why so many people can't detect sarcasm.
Blizzard already has a scanner as part of WOW -- Warden
http://www.wowwiki.com/Warden_%28software%29
EQ2 fan sites
Is anyone surprised?
I mean the game launched with the most basic UI ever & lacked any depth of options,
so few you could count on one hand, in fact the game didn't even have a timestamp in chat!
In comparison to previous mmo's at that time such as SWG with full UI customisation & an
options menu deeper than WoWs crafting system to date.
Im not surprised players welcomed mods, yet i always thought this was a bad move, i mean
firstly you have to consider security of the user via the sites the mods come from, plus the
mod itself, but the fact that game code can be fiddled with was alarming enough for me to
start with.
Im not saying mods are the cause of this virus, but Blizzard's laziness is/was shocking for
allowing mods in the first place as this is an potential security hole, but players needed
mods to make up for their slack work, any MMO that requires/allows 3rd party mods etc
is poor imo, but with the money Blizzard make it's a complete joke & is not surprising when
things like this happen.
i've never been hacked as im not dumb
The Deathstar destroyed planets...Lucas Arts destroyed Galaxies
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Played:
SWG | EVE | WOW | VG | LOTRO | WAR | FML | STO | APB | AOC | MORTAL | WOT | BP | SW:TOR