Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

World of Warcraft: Potential Trojan Warned

SBFordSBFord Former Associate EditorMember LegendaryPosts: 33,126

The World of Warcraft support forum has been updated with a blue post that lays out some pretty serious information about a potential trojan that has even cracked through the authenticator security mesure. The trojan can access both a player's account information and authenticator password. 

We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:

Disker rundll32.exe c:users
ameappdatalocal empw_win.dll,dw Name-PCName Startup

Disker64 rundll32.exe c:users
ameappdatalocal empw_64.dll,dw Name-PCName Startup

We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.

Your MSInfo.

A list of any addons you recently installed along with where you got them.

A list of any programs you recently installed along with where you got them.

Any security programs you have run and their results.

Join the ongoing discussion on the World of Warcraft forum.

image


¯\_(ツ)_/¯ 


«1

Comments

  • Dreamo84Dreamo84 Member UncommonPosts: 3,713
    Wow that's crazy

    image
  • JakdstripperJakdstripper Member RarePosts: 2,407
    WoW is the Trojan....RL Trojan.
  • TheLizardbonesTheLizardbones Member CommonPosts: 10,910

    I wonder where a bunch of nerds with no life would get a trojan on the internet. Hmmmm, there has to be a place where nerds are likely to go or a certain something that they are likely to search for. I wonder what that is.

    I can not remember winning or losing a single debate on the internet.

  • krondinkrondin Member UncommonPosts: 106
    I dont see how its possible for them to use the info, the authenticator number resets every 30 seconds. they would have to be ready to log into your account, nabbing the auth number and inputting it before it resets, all while you just used it to log in yourself. I guess anything is possible, but i dont see how this can be. The only way i can see it happening is if the problem is on blizzards side, so the hackers get the new auth number as it resets and logs into your account to steal it.
  • AmjocoAmjoco Member UncommonPosts: 4,858
    This just crushed my complete and total confidence in the authenticator for not only this game, but all games that use them. 

    Death is nothing to us, since when we are, Death has not come, and when death has come, we are not.

  • LehoxLehox Member UncommonPosts: 19
    Everything you use, let calculate (authenticator), or uses a series of created numbers follows an algorythmen, if you know it or how to identify you can prolly do what you want.
  • AzureProwerAzurePrower Member UncommonPosts: 1,550

    Doesn't surprise me.

  • ohgodtherats707ohgodtherats707 Member UncommonPosts: 85

    Man Blizzard's security is so relaxed reminds me of Portland Mane's Airport

     

     

  • dreamscaperdreamscaper Member UncommonPosts: 1,592
    Originally posted by krondin
    I dont see how its possible for them to use the info, the authenticator number resets every 30 seconds. they would have to be ready to log into your account, nabbing the auth number and inputting it before it resets, all while you just used it to log in yourself. I guess anything is possible, but i dont see how this can be. The only way i can see it happening is if the problem is on blizzards side, so the hackers get the new auth number as it resets and logs into your account to steal it.

     

    An automated script could do all of the above in less than 10 seconds.

    <3

  • GravargGravarg Member UncommonPosts: 3,424
    Originally posted by Amjoco
    This just crushed my complete and total confidence in the authenticator for not only this game, but all games that use them. 

    As a former locksmith I'll just say, if you can get in, anyone can get in with enough work.  There is no such thing as a thief-proof lock.

     

    Authenticators are like deadbolts on a door,  it's just an added lock, but it's still able to be picked.

  • Solar_ProphetSolar_Prophet Member EpicPosts: 1,950
    Originally posted by ohgodtherats707

    Man Blizzard's security is so relaxed reminds me of Portland Mane's Airport

     

     

    Just because someone found a way to crack it doesn't mean it's 'relaxed'. Even the most expensive home, business, computer, or vehicle security system available won't stop an intelligent, determined professional. Such systems are designed primarily to deter more 'casual' thieves / hackers by making the required time & effort investment cost more than the end result is worth.

    An authenticator is still going to be by far the best way to secure your account, on top of proper security procedures that is.

    Originally posted by krondin
    I dont see how its possible for them to use the info, the authenticator number resets every 30 seconds. they would have to be ready to log into your account, nabbing the auth number and inputting it before it resets, all while you just used it to log in yourself. I guess anything is possible, but i dont see how this can be. The only way i can see it happening is if the problem is on blizzards side, so the hackers get the new auth number as it resets and logs into your account to steal it.

    If a program can nab enough samples, I'd imagine someone could decipher the algorithm used to generate the numbers. That's one way certain unsavory types were able to figure out how to generate valid 'new' credit card numbers, after all.

    AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!

    We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD. 

    #IStandWithVic

  • simsalabim77simsalabim77 Member RarePosts: 1,607
    Originally posted by Solar_Prophet
    Originally posted by ohgodtherats707

    Man Blizzard's security is so relaxed reminds me of Portland Mane's Airport

     

     

    Just because someone found a way to crack it doesn't mean it's 'relaxed'. Even the most expensive home, business, computer, or vehicle security system available won't stop an intelligent, determined professional. Such systems are designed primarily to deter more 'casual' thieves / hackers by making the required time & effort investment cost more than the end result is worth.

    An authenticator is still going to be by far the best way to secure your account, on top of proper security procedures that is.

     

    You mean to tell me that I'm not supposed to click the ads on porn sites? This is all Blizzards fault! 

  • RattenmannRattenmann Member UncommonPosts: 613
    I wonder why so many people think an add on a porn side would include trojans to hack a very specific game. Maybe try to stay closer to realism and stop making up stuff that may sound "cool" or "fun" but coult not be further away from truth.

    MMOs finally replaced social interaction, forced grouping and standing in a line while talking to eachother.

    Now we have forced soloing, forced questing and everyone is the hero, without ever having to talk to anyone else. The evolution of multiplayer is here! We won,... right?

  • PurutzilPurutzil Member UncommonPosts: 3,048

    Not too shocking. Only was a matter of time before ways around the authenticator would be pushed out. A nice tool for reducing the chance to being hacked, but never fool proof. In the end, good password practices are the best way to protect your computer, as well as being careful with surfing and having good virus protection. Only made better given you regularly change passwords, due to databases being hacked not being at all a new thing.

     

    Honestly if your smart, an authenticator really will never be needed. If its a case you have a keylogger, your probably already screwed given they figured a way to crack the authenticator, whether then or in the future. 

  • AridArid Member UncommonPosts: 14

    Happened to me AWHILE back

  • RenoakuRenoaku Member EpicPosts: 3,097

    Okay here is what I do not understand about this article and others I find on the internet.

    1.) Why does it matter if  my password/login are stolen as long as I have an authenticator on my account the passwords generated are supposed to be (One Time Use) Meaning lets assume somone stole my One time password of 0000000 then this code can never be used again.

     Which leads to believe that

    .Blizzards Encryption, and one time password has been cracked by someone on the inside.

    . The security isn't properly setup aka if I logged into my account someone from a different IP can login to my account immediately after without typing in a new code, which again it would be Blizzard fault here if this was the case.

    . Or some hacker accesses the users computer using their IP address as a proxy to fool Blizzards servers into letting them in, or has remote access.

    Otherwise it shouldn't matter if a person is infected or not anyone with an authenticator should be safe unless Blizzard has made a big mistake, or encryption has been broken, unless of course someone has collected enough login codes to crack the encryption to all authenticators or something to generate a one time password.

    Also I would Beware of Curse Gaming.  Because this is the site I used when my account was compromised twice in a row years ago one of the add-on's from their site was infected with a keylogger. Also some friends recently have been discussing things like Derp-Trolling, and rumor has it that groups of people like this could put malicious content in add-on's and use other peoples computers as Botnets especially when it comes to a 13 year old downloading an add-on unaware of what a .exe file is and they click on it, sure its a real add-on, but it installs a back-door for a hacker to use as a proxy or a keylogger for that matter, so no matter it be curse or not you have to be really careful where you get the add-on's.

  • Solar_ProphetSolar_Prophet Member EpicPosts: 1,950
    Originally posted by Zaradoom
    I wonder why so many people think an add on a porn side would include trojans to hack a very specific game. Maybe try to stay closer to realism and stop making up stuff that may sound "cool" or "fun" but coult not be further away from truth.

    What? Porn sites are in general make up a huge portion of the internet, and are some of the most visited. Furthermore a great deal of WoW players fall into the 'horny teenager' age group, which is the prime target of said sites. It makes perfect sense to put them there, as the exposure (no pun intended) would be tremendous. The fact that such sites don't give a crap about their user's security also means that nobody cares enough to check ads for malicious software, and on top of that they have a well-documented history of installing trojans and the like.

    Getting the virus from an ad or script on a porn site (some of which even advertise gold-selling companies) is completely realistic, and very probable.

    Oh, and who said this virus is specific to WoW? It could very well be looking for multiple online games.

     

    AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!

    We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD. 

    #IStandWithVic

  • Tenaka30Tenaka30 Member UncommonPosts: 82

    For those who do not understand why authenticators can be "cracked" google "Man in the middle".

    They aren't cracked, they are circumvented using the weakest point of the system, the end-user and their ability to be fooled into installing a trojan in the first place.

    An Authenticator remains a reliable method of protecting your account in much the same way they protect confidential data at the Hospital I work at, although professionally they are called RSA tokens.

  • ste2000ste2000 Member EpicPosts: 6,194
    My D3 account has been hacked 3 months after I stopped playing so I am sure the fault is not on my part. Just can't be arsed reclaiming my account, the game is crap

  • expressoexpresso Member UncommonPosts: 2,218
    1. You first need to get the trojan installed on your machine and in ALL cases that's the users look out
    2. Your antivirus needs to pick up on the trojan and stop it, that's your AV's look out

    So two things need to go wrong (all outside of the control of Blizzard) for this Trojan to be a successful.

    Blizzards servers are not being directly hacked by this Trojan it's a "man in the middle" attack this is ALL outside of the control of blizzard, what they could possibly do build in some scanner into the WoW launcher but the moment they do that people will say "theyz stealingz myz detailz OMG".

  • PhryPhry Member LegendaryPosts: 11,004
    Originally posted by expresso
    1. You first need to get the trojan installed on your machine and in ALL cases that's the users look out
    2. Your antivirus needs to pick up on the trojan and stop it, that's your AV's look out

    So two things need to go wrong (all outside of the control of Blizzard) for this Trojan to be a successful.

    Blizzards servers are not being directly hacked by this Trojan it's a "man in the middle" attack this is ALL outside of the control of blizzard, what they could possibly do build in some scanner into the WoW launcher but the moment they do that people will say "theyz stealingz myz detailz OMG".

    all too true.

    Blizzard have done the best they can in order to help protect users accounts, but at the end of the day, no matter how 'idiot proof' they try to make things, people with little or more often than not, no experience or knowledge of internet security, will allow what they can do, to be circumvented.

    Authenticators do protect accounts, but that doesn't mean that people should just ignore things, protecting their PC's OS's etc should be something everyone knows at least the basics of, the number of times however, that i have had to 'fix' peoples, or in this case 'friends and family' members PC's because they managed to get them 'infected' or just plain lack of maintenance, is kind of scary, and annoyingly time consuming.

    Sometimes i think if people can't handle even the basics of internet security, then they should step away from PC's and buy a console, they may be in a locked in system but at least they can't break it.image

  • Agathos88Agathos88 Member UncommonPosts: 92
    hmm.... interesting.

    -Prior story writer for MMORPG.com

  • simsalabim77simsalabim77 Member RarePosts: 1,607
    Originally posted by Zaradoom
    I wonder why so many people think an add on a porn side would include trojans to hack a very specific game. Maybe try to stay closer to realism and stop making up stuff that may sound "cool" or "fun" but coult not be further away from truth.

     

    I wonder why so many people can't detect sarcasm. 

  • NadiaNadia Member UncommonPosts: 11,798
    Originally posted by expresso
    what they could possibly do build in some scanner into the WoW launcher but the moment they do that people will say "theyz stealingz myz detailz OMG".

    Blizzard already has a scanner as part of WOW -- Warden

    http://www.wowwiki.com/Warden_%28software%29

     

  • ukforzeukforze Member Posts: 331

    Is anyone surprised?

    I mean the game launched with the most basic UI ever & lacked any depth of options,

    so few you could count on one hand, in fact the game didn't even have a timestamp in chat!

    In comparison to previous mmo's at that time such as SWG with full UI customisation & an

    options menu deeper than WoWs crafting system to date.

     

    Im not surprised players welcomed mods, yet i always thought this was a bad move, i mean

    firstly you have to consider security of the user via the sites the mods come from, plus the

    mod itself, but the fact that game code can be fiddled with was alarming enough for me to

    start with.

     

    Im not saying mods are the cause of this virus, but Blizzard's laziness is/was shocking for

    allowing mods in the first place as this is an potential security hole, but players needed

    mods to make up for their slack work, any MMO  that requires/allows 3rd party mods etc

    is poor imo, but with the money Blizzard make it's a complete joke & is not surprising when

    things like this happen.

     

    i've never been hacked as im not dumb

    The Deathstar destroyed planets...Lucas Arts destroyed Galaxies

    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Played:
    SWG | EVE | WOW | VG | LOTRO | WAR | FML | STO | APB | AOC | MORTAL | WOT | BP | SW:TOR

Sign In or Register to comment.