Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Virus infected Fraps steals account information? [UPDATED]

WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.

What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.

This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.

What can you do to prevent this from happening?

Two things:
  1. Change your password, now!
  2. When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so.
We've alerted the makers of Fraps to the problem, and if appropriate, will post their reply.

Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.

Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.

Virus scan readout:


C:\Fraps\fraps.exe

[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyLocked.J

C:\Program Files\NetMeeting\mstinit.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

Filed under: News items, Account Security

Reader Comments (Page 1 of 4)

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events

Event Date
Hallow's End 10/18 - 11/1
Day of the Dead 11/1 - 11/3
Darkmoon Faire 11/2 - 11/9
BlizzCon 2014 11/7 - 11/8

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories