Virus infected Fraps steals account information? [UPDATED]
by Adam Holisky 
Apr 30th 2008 at 3:47PM
WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.
This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.
What can you do to prevent this from happening?
Two things:
- Change your password, now!
- When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so.
Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.
Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.
Virus scan readout:
C:\Fraps\fraps.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyLocked.J
C:\Program Files\NetMeeting\mstinit.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
Filed under: News items, Account Security
Reader Comments (Page 1 of 4)
deviationer Apr 30th 2008 3:52PM
lol the only way a worm got into fraps is if people were downloading a shady pirated version of it. Either spend the $37 for it or make sure you aren't getting a shady version (or just make sure you virus scan your pirated downloads)
Adam Holisky Apr 30th 2008 3:59PM
I can vouch for some of the people who are reporting this, and say that they did not pirate the program. I have no doubt about this, even if I don't have screenshots or logs to back it up.
But your point is valid - pirated software often does contain viruses and is never a good thing to use.
jrb May 1st 2008 6:42AM
obviously, no one will admit to running pirated software, but if you do, please please please run it with a non-administrator account. if your windows PC is up-to-date you can cut your risk of infection to almost NIL by running as a non-administrative, and non-power user.
secondly, a question to ask is why the mac version of WoW has movie capture built in, but the PC version does not?
Mera_LaCroisadeEcarlate May 1st 2008 6:58AM
what about someone hacking fraps website and replacing the original Fraps ?
boronak May 1st 2008 3:57PM
Well I paid for fraps and use the current official and after reading this uploaded to an online virus checker and here is the result a couple of false positives but its clean.
If you down load pirated software expect there to be virus, trojans, keyloggers, thats all I can say. I have no sympathy
[url]http://www.virustotal.com/analisis/954a362e5cddef6fc09db34c30996eb9[/url]
Muu Apr 30th 2008 3:53PM
My password hasn't changed in 4 years, and I've never been hacked. Just don't be an idiot and you can avoid most viruses/spyware. Use a virus checker and ALWAYS scan your downloads, no matter how small. Also, if you haven't already, switch to Firefox 3.
Aticus Apr 30th 2008 4:48PM
i fully agree. I change my password here and there just to be safe but you can never be too safe! Firefox has really cut down on files that SpyBot, Ad-aware, and Norton have picked up.
Don't be an idiot. The insurance is worth having because these are YOUR files. I run my virus protections once a week, right before dinner so the system can scan while I eat. I've yet to have one single virus or pop-up on my computer for the last 2 1/2 years using this technique.
-Aticus, http://www.paladintales.blogspot.com
apoxic May 1st 2008 7:36AM
I had the same password for 3 years.
This one morning my friend says "hey you we're online just now". That was the worst feeling ever since I woke up just a minute ago and had no access to a computer before that. Obviously I'd been hacked, in one way or the other. And it bugged me out that I couldn't find a single trace on my computer for trojans or whatever.
3 days later the very same friend who's computer I've logged in on ONCE, found a trojan. He also has an account (And just dinged 70, contrary to my golds in thousands and 3 well-decked lvl70 chars) but it reimained untouched as far as we know.
Personally I'm biting my nails hoping I will get all of my things back, even though it will cost a couple of thousands to replace all the gems/enchants which I believe you never get back.
You can always protect your own system, but think twice before you log in somewhere else.
Xailia Apr 30th 2008 3:53PM
yet another reason to run linux.
Jason G Apr 30th 2008 4:10PM
or osx
Charlie Apr 30th 2008 4:18PM
Hey, if you run OSX, you don't even need fraps! Gogo built-in video recorder =D.
G Apr 30th 2008 4:23PM
This just in: Microsoft (MSFT) CEO Steve Ballmer today announced that they are changing the name of their latest operating system to "Vistax" because "obviously, an OS than ends in 'x' is more bad-guy-proof." When asked for further comment, Mr. Ballmer picked up his chair and threw it through the window, then ran off with arms flailing, yelling "Yahooooo!"
Brian Arnold Apr 30th 2008 5:10PM
G, that's the best thing I've read all day.
PJ Apr 30th 2008 5:35PM
If anybody actually used Linux there would be viruses for it as well.
Ahriman Apr 30th 2008 6:04PM
There are actually viruses written for Linux now, but because of the way that the OS is designed, you have to manually run them yourself, after explicitly giving the virus admin (root) privileges. So, sort of like Irish Viruses then ...
And the way that it is designed means that it looks to stay that way, even when it rises more in popularity.
Sakerin May 1st 2008 8:28AM
"you have to manually run them yourself, after explicitly giving the virus admin (root) privileges"
How is this different from Windows users double clicking on the files and clicking through UAC prompts. You can add all the security you want, but in the end the OS is only secure as the person at the keyboard.
deviationer Apr 30th 2008 3:54PM
http://housecall.trendmicro.com/
or
http://housecall.antivirus.com/
free online virus scan (it's legit and has been available for years now)
Todd Apr 30th 2008 4:04PM
So what is fraps?
Charlie Apr 30th 2008 4:18PM
Fraps is a video recorder. Its how most Machinima (in-game) is recorded.
JohnC Apr 30th 2008 4:09PM
Does anyone know if this trogan is recent, because the internet (email as the target point) is expected to be hit hard on May 1st with many emails that run exploitive scripts. (This is more of an insider tip for those of you that are probably unaware of what will happen.)
So basically from now till the next few days be extremely wary of any emails that seem the slightest bit suspicious.