WoW Ace Updater ad banners may contain trojans, claim some users
by Daniel Whitcomb 
Apr 16th 2008 at 9:20AM
While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here. Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.
This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.
I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.
Filed under: Analysis / Opinion, News items, Add-Ons, Account Security
Reader Comments (Page 1 of 3)
BigFire Apr 16th 2008 10:20AM
For those of you not wanting to use an executable or are using Mac, JWoWUpdater is your friend. Google it.
NeSuKuN Apr 16th 2008 10:52AM
Also you can build it yourself, as a java developer that gives me a lot of confidence as I've even modified my local copy with small features I wanted. Also it has no banners :3 (and if it had or will hav i'd have the possibility to get rid of 'em.
MightyIdle Apr 16th 2008 9:39AM
I think I can confirm this. I'm an 'information security' professional so my gear is well locked down and I have measures in place to warn me when something sneaky is trying to install itself onto my machine. The other day, while updating my mods with WoW Ace Updater, I had a drive by install attempt on my machine.
There are quite a few vulnerabilities within Microsoft products that will allow this kind of thing to happen without the user doing anything but simply viewing the harmful content in a web browser. You have to be very careful where you surf.
The biggest step you can take to protect yourself is to make sure all of your patches are up to date. Not just your Microsoft patches, but things like Java, Flash, and any other apps you have installed. Running good anti-virus, anti-spyware, and anti-rootkit software is also important. AVG makes free versions of all three product types you can download.
MightyIdle Apr 16th 2008 9:43AM
I should also add that surfing the web using Firefox with the NoScript plugin will make you a bit more secure. Internet Explorer is the biggest target for malware at the moment. It wouldn't help you in the case described above, but it'll give you some measure of protection when visiting regular websites.
Sakerin Apr 16th 2008 1:11PM
I also use Firefox with NoScript (and Adblock), and am a religious user of the Ace Updater and I must say that the way this program is hard-coded to use the inferior and insecure Internet Explorer browser has always made me nervous that something like this would happen.
Smurrf Apr 16th 2008 9:42AM
One good thing about Ace is that , if you're at all worried about the downloader or ad trojans, you can simply bypass them.
http://files.wowace.com/Omen , for instance, will always point you to the latest version of Omen.
You can do the same for Recount, PallyPower, and any other wowace addon. Make bookmarks for each page, make sure the right addon is at the end of the link (and it's case sensitive too; notice the O is capped), and you're good to go.
Does this take more time than using the downloader? Yes. Is it more secure? Oh hell yes. And I wished that other sites allowed the same method of pointing to latest updates.
Nogun Apr 16th 2008 9:44AM
And suddenly WowAceUpdater is missing it's ad banners.
Smurrf Apr 16th 2008 9:45AM
Sorry, that should have point to http://files.wowace.com/Omen/Omen.zip . D'oh.
Juju Apr 16th 2008 9:55AM
This is sickening. Sylvanaar was warned of this security vulnerability many months ago, and his only response was basically, 'Why are you being mean to me? I do this for fun."
An open-source developer should know better. Sir, your irresponsible views on security will now cause people to log on to naked characters.
souvlaki Apr 16th 2008 10:06AM
freeware opensource
souvlaki Apr 16th 2008 10:08AM
arrows were not displayed. i'll use words instead :)
freeware is not opensource
Juju Apr 16th 2008 10:16AM
Thanks, souvlaki. I was going off the comments in the sourceforge comment thread linked from the other thread, but it appears they closed the source after people complained about the ads. Pure ignorance.
http://sourceforge.net/forum/forum.php?forum_id=757575
Naix Apr 16th 2008 10:05AM
Here is some helpful security tips from an computer security professional.
1. Use Firefox - Get ad blocker - Get Noscript
2. Update your windows, flash, java patches weekly
3. Change your password to 10 or more characters
4. Put your password into an encrypted file. At the wow login screen alt+tab out copy your password and paste it into the password box.
Do this and you should be malware free.
Companies hire me to tell them to update. I think it's kinda silly but I will sill cash their checks.
Dyermaker Apr 16th 2008 10:10AM
Having Firefox installed and using it is not enough. You must make it your default browser too. Nothing is worse than allowing IE to pop up when you are not thinking about it.
Doc3216 Apr 16th 2008 10:11AM
most keyloggers/trojans do a memory scan making C&P passwords just as vulnerable as people who type them in.
Juju Apr 16th 2008 10:13AM
None of those things would save you in this case.
And if you really think Copy-and-pasting is a viable way around keyloggers, I really think you should think that through. Because it's wrong.
Ryan Apr 16th 2008 10:20AM
I prefer sandboxie (which confines malicious scripts) over noscript. With the latter I always end up having to temporarily allow script on nearly every site I visit, which gets really old really fast.
Naix Apr 16th 2008 10:38AM
"None of those things would save you in this case."
Wait wait Wait wait Wait wait.....WHAT?!?
So using a browser with no support for activex, disabling all pop ups and banner ads, and taking it a step further by not allowing flash or scripts to run would not save you?
Having security updates to software (antivirus, windows, java...) that use network protocols does not save you?
Using a strong password that is changed frequently does not save you?
Based on the nature of how key loggers operate a key logger by definition tracks keyboard input. Besides if the key logger reads all of your memory the person the key logger is sending the data to would have 1000's of lines of code to read threw. Do a memory dump sometime and see just how much readable data you can pick out.
Please do a little research on computer security before you babble out a response.
Juju Apr 16th 2008 10:44AM
Naix, according to the Sourceforge thread linked from the Wowace thread, the program embeds IE to display the ads. So yes, running firefox won't save you.
The trojans don't capture a snapshot of your entire memory. They specifically grab the password out of Wow's memory space. They also capture the clipboard, and download all of your saved passwords from your browser.
Naix Apr 16th 2008 10:45AM
Juju
I guess we should call every corporate company in the world and tell them "Juju said that security patches, anti virus, and strong password can not keep your systems safe."
Next we should call Symantec and let them in on the good news they can close their operations based on Juju's findings.
Lastly Microsoft will be happy to hear they can eliminate the windows update group because they are no longer needed.
Way to go Juju information security experts everywhere thank you for showing us the way.
BAHAAHHAHAHA!!!!!