Azeroth Security Advisor: Patient patching prevents pestilence
by Jon Eldridge 
Jun 16th 2008 at 3:30PM
Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.
It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez!
Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right?
Don't do it.
Really. Don't do it. Downloading executable files from an unknown host is a huge security risk. It's possible to take bigger risks but you'd need a Ouija board and a used electric chair. Just kidding. That would be dangerous. Anyway where was I? Downloading a .exe program opens you up to every form of virus, Trojan horse, malware, adware and Internet pie in the face imaginable. For most of you the lesson ends here. Either you know better or you embrace the time honored historical fallacy "I do it all the time and I've never had a problem" which is central to most of the amusing YouTube videos involving explosives (skip to 1:40 for the good stuff note the clever lack of a fuse and fun loving horseplay after the initial explosion).
Still here? Need more convincing? Want to see more explosions (language warning)? OK here we go. Getting infected with malware can seriously mess up your PC and your happiness. It can certainly prevent you from showing up to that raid you were worried about. Getting a virus (great reading on this link don't miss it) that deletes your Windows directory or otherwise forces you to restore or rebuild your computer can really put a dent in your weekend. You do keep a current backup image of your PC using a utility like Norton Ghost for just such an emergency right? Don't worry, almost nobody else does either which is why you should avoid unknown .exe files like the plague they may actually be.
Even if you are spared the outright destruction of your PC there are more potential delights awaiting the unwary. Your PC could be turned into a zombie and forced to enlist in a botnet army for the purposes of spreading adware, spyware, email spam or launching denial of service attacks against perfectly legitimate businesses or websites. Botnets are a growing concern as organized crime replaces the angst ridden teen hacker we usually associate with computer high jinx... and yes I'm old enough to use "high jinx" with a mostly straight face.
Gamer specific threats often come in the form of a password stealing Trojan horse. Attacks against the login information of online gamers is not new but it is also not going away. Attacks targeting WoW players are not uncommon at all because your login information is worth... you guessed it... MONEY! Not only can somebody gut your bank for gold and unbound items but the account itself can be sold as well. I'd provide some exciting links but frankly I really don't trust most of these sites so I'm not about to send you to them. Recent attempts at stealing WoW login data have come from innocent looking digital picture frames purchased from Best Buy. Worse yet this is not the first time hardware has come from China packed with a covert threat to Azeroth. Last year it was a Maxtor hard drive. But wait there's more. Even WoW information sites have packed a malicious payload.
The biggest problem with wanting to download a WoW patch from the Internet is that you have no way of knowing what you have until it is too late. Even after it is too late you might not realize the full extent of the damage until you find you can't log in to your account. Some game companies release the exact hash value (unique identifier) for each patch thus allowing players to verify the hash of a downloaded patch prior to running the executable on their computer but Blizzard has chosen not to. I'd like to see Blizzard offer more than one option to their user community in order to help stem the tide of malware that affects their customers.
There are indeed third party sites that attempt to provide legitimate options for downloading WoW patches but they do not (can not and should not) try to take responsibility for the actual content of the file you download. Take careful note of the disclaimer at the top of the wowwiki mirror site in the link above. File sharing networks like the Pirate Bay also contain links to alleged WoW patches but the spread of malware via these methods is so pervasive that is not hard to find comments added below a torrent link by other users such as "WoW virus you suck" or my personal favorite "Even if it isn't a virus you are highly retarded and should never post torrents again. In fact, throw your computer out the nearest window and die." Once again I'd provide links but these pages have live links to suspected viruses so you'll just have to trust me.
So there you have it. Downloading random .exe files is like chewing gum you found under your seat on the bus. You might not get sick, but don't go bragging to your friends about it.
Filed under: Patches, Account Security, Azeroth Security Advisor
Reader Comments (Page 1 of 1)
Jamie Jun 16th 2008 3:37PM
Are you Howard Hughes?
But yeah, good god, what are we doing even connecting to the internet!? Are we insane??
Shadowfury Jun 16th 2008 3:57PM
Of course we are, what would you expect? To be normal?
Never, ever, download files from mirrors. Trust only official links.
heath Jun 16th 2008 3:55PM
my keylogging experience came from one of the three filesharing sites RECOMMENDED by blizz (i want to say fileplanet but my memory isn't 100% acurate). the wow downloader wasn't working (this is when 2.4 came out) so my impatient self went to blizz's tech support site and clicked on one of the recommended sites and got the patch.
woke up 2 days later to some emails saying my toon transferred servers and changed his password.
pretty sure it was a mouseover event from an ad as i didn't download anything other than the actual patch and i sure as heck didn't click on any ads.
Badger Jun 16th 2008 4:03PM
How about we knock off this sensationalist crap and start pointing people to the Patch page at WOW Wiki?
allen Jun 16th 2008 4:04PM
so wait, do i have to worry about this on my mac?
Tekkub Jun 16th 2008 4:04PM
Wow, out of all that ramble and scare tactics, you actually manage to touch on two very good things, yet not make the CONNECTION.
1) Hash values are good, they let you validate the file
2) wowwiki provides a big list of mirrors
And the missing connection? Wowwiki also provides the hash values for every file so you can validate the file you downloaded from a mirror before you run it!
It's great that you want to deter people from doing this for their own safety, but for some people bittorrent is not an option. That's why the mirrors exist. So how about actually EDUCATING users on how to protect themselves instead of just trying to scare them into never ever touching an exe file ever again?
Oh, and on a side note, wowinterface also provides hashes for every addon they host. Had you taken the time to educate people on how to validate hashes, you could have shown them that the same security measure can be used with their addons as well.
Candina@WH Jun 16th 2008 4:54PM
The Bloggers Point is valid.
His main assertion is --- USE THE OFFICIAL UPDATER.
Any other means of grabbing the patch can be compromised, PERIOD.
And hash values are not 'magic'. If Blizz is not giving out the hash value for the source file, any hash value created after the fact is suspect.
Scenerio: Person A, who is associated with FilePlanet, downloads the patch onto their server. The downloading machine or the server is hacked to add a 'wrapper' to all EXE files. This wraper installs a trojan. Person A faithflully creates the hashcode for the file on the drive and publishes it. the File on the drive contains the virus + the wow update, and the user created hashcode reflects this.
Person B downloads said file from FilePlanet, checks it's hash, it matches. Person B installs the file and feels safe.
Story ends badly for both FilePlanet and Person B.
Rules of security thumb:
1.) If it is not coming from the vendors site, it is suspect.
2.) Never run automatic installation/update programs [I don't even trust Microsofts]. These auto-updaters are key hack targets. [I'm looking at you Curse Gaming]
3.) Never run an .exe, .com, .scr, or .bat associated with any email.
I've followed my rules for 15 years of internet use. I've been hacked ONCE. And that was a microsoft exploit that was patched within 15 hours.
Gamer sites will get you infected. If you don't believe it, you probably think that cigarettes don't cause cancer and sex doesn't get girls pregnant.
Zali Jun 17th 2008 4:49PM
WHAT???? Girls can get pregnant from sex? Like... all girls? What about casual sex? Or phone sex?
Wait... define sex.
jay Jun 16th 2008 4:15PM
@ Tekkub
You flame the blogger for not educating others on hash values, but you yourself proved to be just as unhelpful.
I guess what I'm trying to say is, don't mention it unless your prepared to explain what they are, complaining about the fact makes you look like a jerk off.
Joshua Ochs Jun 16th 2008 4:38PM
Or use a Mac, which has NONE of these problems.
Candina@WH Jun 16th 2008 4:57PM
Never say 'none', Just say 'much fewer'. Mac has had to patch it's OS several time in the past three months due to several security exploits targeting the Mac.
The truth remains, the majority of exploits target the dominant OS -- Windows.
keith Jun 16th 2008 5:12PM
There have been VULNERABILITIES in Mac OS X discovered. But no exploits circulating in the wild, and no known usage of these extant vectors to cause any damage.
Get your own facts straight before you call others on theirs.
And there's no entity or company named Mac that does any Patching. Thats Apple, the manufacturer of Macintosh Computers and Mac OS X.
Matt Jun 16th 2008 5:47PM
You mean spend $1200+ on a computer just to even play WoW? No thanks!
(Correct me if I'm wrong, but that's the cheapest Mac that will play WoW at a decent framerate)
Candina@WH Jun 17th 2008 11:02AM
Dude, I am an Apple supporter. Get off your high horse and read the info I posted.
Apple has been hit with exploits. Apples gets hit with Virus's. It is not immune. It is, however, a much more stable, much less vulnerable platform.
It is not, IMMUNE.
My next PC will be an Apple. My next phone will be an iPhone.
And for all of you who make the 'apple is to0 expensive' argument. They are within 10-15% more expensive than a high quality gaming PC. Their LCDs, vid cards, and sound systems are top of the line.
And you one of the best pieces of hardware to run XP on.
And if you stay with the Mac OS, you will never stare at a blue screen of death again :-D
makishima Jun 16th 2008 6:07PM
"Mind totally polluted on bad tasting energy drink? Ch3cK!"
Thank you for making my day
Eternalpayn Jun 16th 2008 6:12PM
For everyone with the damn Mac argument:
http://antivirus.about.com/od/macintoshresource/Macintosh_Viruses_and_Mac_Virus_Resources.htm
Viruses happen for you too. The more you try to say you are immune, the more people are going to make them out of your ignorance. Do yourself a favor, don't talk about your lack of viruses.
keith Jun 16th 2008 7:08PM
"Inqtana is a proof-of-concept worm, coded with a stop date of February 24th and confining its spread to very specific bluetooth addresses. In other words, Inqtana in its current form poses no real threat to Mac users."
Also, flaw since patched.
"In its current incarnation, the code doesn’t really do anything malicious, such as deleting files, changing permissions, or moving around applications. However, due to a bug in its code, Leap-A will prevent infected applications from running. The only solution to this problem is to install clean copies of the original applications."
Also flaw since patched.
Every other virus or vulnerability in the document you linked is a) Targetted at the 'classic' mac OS, which cannot run WoW, and is acknowledged to be significantly less secure than Mac OS X. It's also nearly 10 years old and is equivalent to attacking the security of Windows Vista based on a flaw in Windows 98.
b) Targets a vulnerability since patched. If your system is not up to date on all security updates and patches, any problems are YOUR FAULT, not the fault of the developer of your operating system.
or
c) Theoretical.
Please don't post this garbage. Macs are not invulnerable, it's true. However, they are miles more secure than any other consumer computing platform, and, more to the point, AT THE PRESENT TIME, there are no live security exploits or viruses capable of causing any notable harm to any up to date mac.
honem Jun 17th 2008 10:16PM
I also like to add to Keith's comments by putting out that most of the information on that page you linked was last updated in 2004.
And Apple's averages putting out security updates at least every month if not every 2 weeks.
So that so called authoritive information you posted was out of date around 3 years 11 months ago.
Prehaps you should of read that information you posted huh ?
Theserene Jun 17th 2008 6:51AM
I've had members of my guild who really should read things like this. We've had a few people's accounts hacked because they used auto-updaters from other sites to update their addons.
I only trust the patches when they come down from Blizzard themselves and I only manually update my addons.
I've had a machine destroyed in the past due to a particularly nasty virus and I'm not having that happen again.