Two new keylogging worms to watch out for
by Natalie Mootz 
Jun 26th 2008 at 4:45PM
Microsoft's malware blog is warning of two new worms that attempt to steal account information for online games from Windows XP or Vista users. These worms are breaking previous keylogging success rate records and are worth educating yourself about.The first one is called Taterf which has infected over 1.2 milion machines worldwide during its first week. The other worm is called Frethog and has so far a 650,000+ machine first-week infection rate. These rates are stunning to malware specialists who are used to seeing these kinds of numbers only after a month of the worm's existance. These worms take advantage of Windows' autoplay and autorun functions that run for CDs, DVDs, and some USB sticks. They can be sneaky about it too. They try to disquise autorun with other pop-up dialog boxes, like "Show me these awesome pictures." You do need to confirm this action manually, but this obstacle hasn't much limited the spread of the worms to date.
Make sure you read the instructions on Microsoft's support site for how to protect yourself from these worms. The short answer is to disable autorun from CDs under XP (a registry change) or to change the same option from the Vista control panel. You should also disable autoplay as an even greater precaution. Also, of course, make sure you check the box on the WoW login screen to save your account name. That way if you do get infected with a keylogger, they won't be able to see your keystrokes for both your account name and your password.
Filed under: News items, Account Security
Reader Comments (Page 1 of 2)
Todd Jun 26th 2008 5:08PM
I'm soooo getting two of those dongle secureID deals when they start selling them.
ryan Jun 26th 2008 8:57PM
Derek Smart would love to kick that vending machine for nostalgia.
Waynn Jun 26th 2008 5:24PM
A great way to avoid keyloggers is to copy and paste your password into WoW. Simply open notepad (or whatever typing program you prefer), and write a garbled string of text. As you write the text, type your password somewhere in it.
Save the document, and whenever you wish to play WoW, just copy the password (ctrl+c) and paste (ctrl+v) it onto the login screen.
Jeremy Jun 26th 2008 5:47PM
It's pretty trivial for the logger to grab the contents of the clipboard at the logon screen, too. It can also look at what data the WoW client sends over the network.
If malware owns your machine, it owns your machine.
peaglemancer Jun 26th 2008 5:56PM
No offense, but this copy-paste security myth should be killed and people need to stop spreading it around.
Imogen Jun 26th 2008 6:33PM
The advantages to copy paste for a password as I see it are.
1. It allows you to use a far more complex password than normal.
2. If it is really complex you are unlikely to remember it and log in from any machines you dont own.
Regretfully it is easy to grab the clipboard contents and the account name can be found easily by a directory listing.
But every little helps and you should copy paste as long as you realise it is part of a larger awareness of security in general.
istarman Jun 27th 2008 9:19AM
That doesn't work. Good keyloggers will read what's in your clipboard.
LAWfull Jun 26th 2008 5:37PM
I love all these keylogers and malwares and virus,they fill me with joy.When people comment of them or cry about them.
I use a mac btw.
FantomRedux Jun 26th 2008 6:07PM
you're also an arrogant asshat. Just because you use a mac doesnt means theres nothing which could go wrong. It just means theres a lower possibility of it happening
peaglemancer Jun 26th 2008 6:16PM
@ LAWfull
People like you fuel the myth that all Mac users are smug arrogant tits. It's not true, but comments like that are just making it worse for the normal mac/pc user who realizes there is essentially no difference between the platforms, except the naive brand divisions some easily led imbeciles create.
Slayblaze Jun 26th 2008 6:27PM
@peaglemancer
Yes it IS true.
They really are.
Aaron Jun 26th 2008 7:06PM
a number of people have gotten keylogged on macs, what do you say now?
Jason Jun 26th 2008 8:22PM
And 2 new trojans were just discovered for OSX this week. Macs have their share of keyloggers as well.
And i'm typing this in Leopard.
Schadow Jun 26th 2008 9:01PM
The fewer number of viruses and trojans attacking the Mac platform is more a matter of numbers than any inherent superiority. There is more malware written for Windows PCs for the same reason there is more software written for Windows PCs: More people use them.
When there are some nasty bugs written for Mac, I imagine most Mac users will be caught with their pants down because they have not as yet needed to be prepared.
Silvermane Jun 26th 2008 11:36PM
I use LINUX BTW = better than a Mac (And cheeper too!)
Margot Jun 26th 2008 6:08PM
Thanks for the update. It's good to stay informed.
Khaz Jun 26th 2008 8:14PM
I know that the common argument to the copy/paste method of account password "security" is that a keylogger typically culls info from the clipboard as well as logging keys. However, can those who know better answer me this:
Say I choose a password that contains, for a simple example, 26 digits. And those digits are either 1 or 0, such as 0101010101010101... repeating to 26 digits. I record this sequence in a notepad document, and copy/paste into WOW when I log on.
Then I use my mouse to select a digit somewhere in that 26 digit password, and delete a 0. As long as my actual WOW password is 25 digits long, and I have deleted the correct 0 digit, would that not work? Would the kelogger be able to tell whether my password is 101010101... or 0110101... or 010110101...?
I know that this is a simple example, but I can make it more complicated by using an alpha string abcdabcdabcd etc.
What does the collective think about this?
Jeremy Jun 27th 2008 8:05PM
Heh, they then have a list of 26 possible passwords where you delete one of the characters [+1 where you hit Delete at the end, not deleting an actual character].
Ghel Jun 26th 2008 6:15PM
In addition to the copy-paste myth in the comments above, the article itself presents another useless security measure, suggesting that saving the account name in the sign-on screen is a deterrent to keyloggers.
If you're on a Windows PC, have a look at C:\Program Files\World of Warcraft\WTF\Account. There's your account name, in plain text, and the names of all the characters associated with it, including what realm you play on. Account-theft programs don't need to capture your account name as you type it, they just need to check that directory to obtain it.
HunterZ Jun 26th 2008 7:17PM
The option to remember your account name isn't entirely safe. Recent keyloggers have taken to the practice of deleting your WTF folder when the game is launched, causing WoW to generate a new WTF folder with a subfolder that has the same name as your account. The keylogger detects the folder creation in order to determine your account name, while using a keylogger to acquire your password.