Play safe because a trojan can get you banned
by Robin Torres 
Sep 4th 2009 at 11:00AM
When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.
The intention of preventing hacking by scanning our systems is a noble one, but Blizzard will not tell you which is the offending program. My friend attempted running several spybot/virus detectors and was unable to find it. A call to Blizzard only resulted in a recommendation to keep trying to find it. After multiple bans and multiple scans, he was extremely frustrated.
There is one surefire way to solve this problem and prevent it from ever happening again: get an Authenticator. Whether you get an app for your phone or the physical gadget, this extra piece of security will keep you from worrying about hackers. Also, even if Blizzard finds a nasty program on your computer, you will still be able to play because they won't ban you with an Authenticator attached.
I still feel pretty icky about having someone else rummage around in my files and smacking my hand if they find something my scanner didn't. But I also have an authenticator and so any internet indiscretions won't affect my ability to play.
Do you think that Blizzard should be "helping" us keep our systems clean? How do you feel about the bans and their handling of the situation?
Following is a copy of the letter from Blizzard, for those of you who are interested:
Greetings,
An investigation of the World of Warcraft account [insert account name here] has produced evidence that the computer(s) used to play the account are infected by a virus, Trojan or keylogger.
To protect your privacy and security, we have temporarily disabled the account for a 24 hour period. During this time, we highly recommend that you follow the below steps to protect yourself and the account from unauthorized third party access.
- Use up-to-date firewall, antivirus, and anti-spyware software to scan your system regularly for viruses, Trojans, and key-loggers.
- Keep your operating system and other software up-to-date and be careful when downloading new software.
- Be wary of "spoof" and scam websites and e-mails that pose as Blizzard Entertainment and request account or personal information. As a reminder, Blizzard Entertainment representatives will *never* ask you for your password.
- Keep your login information confidential. Account access can only be shared with one minor of whom you are the parent or guardian. Sharing access with anyone else is a violation of the game's Terms of Use. You are also responsible for every use of an account on which you are listed as the registered player, whether the use was authorized or not.
- Use separate, unique passwords for your email, World of Warcraft, and any other online accounts.
- Change your passwords regularly and keep World of Warcraft account information updated using the Account Management page at http://www.worldofwarcraft.com/account/.
For additional security tips and information, please visit the following sites:
- Account Security: http://us.blizzard.com/support/article/21131
- Unauthorized Account Access Policy: http://us.blizzard.com/support/article/20460
- World of Warcraft Account Security: http://us.blizzard.com/support/article/20572
If you are looking for an added layer of security, we currently offer the Blizzard Authenticator, an optional device that can help prevent unauthorized account access. For more information about how the Authenticator works or how to add one to a World of Warcraft account, please visit the Blizzard Authenticator FAQ at http://us.blizzard.com/support/article/24660.
Please be aware that if viruses, Trojans or keyloggers are found again on computer(s) the account is played from, it may lead to the account being disabled again.
Please contact us at wowaccountadmin@blizzard.com if you have any questions or concerns. Thank you for your understanding and cooperation.
Regards,
Account Administration
Blizzard Entertainment
http://www.worldofwarcraft.com
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Blizzard, Account Security
Reader Comments (Page 1 of 11)
Stalarum Sep 4th 2009 11:05AM
I think that this seems wrong. It's, well, great that they care about us and want to make sure our computers are clean, but I don't think that a 24 hour ban is the right course of action.
And the fact that buying an authenticator can let you play? It makes sense, but there's the word "buy".
LenteP Sep 4th 2009 11:11AM
You think they do that cause they think about us? Hardly, all they're after with this is cutting down on work for them solving hacked accounts. Sounds to me like this is on the border to illegal, scanning our comps like that (if it weren't for that damned ULA ofc).
Scard Sep 4th 2009 11:18AM
You're talking about a $6.50 investment to protect something you're paying $12-15/month to play.
When your account gets disabled (I don't like the word ban, that gives a sense of permanency) for 24 hours like this, it is not required that you buy an authenticator.
Overall, I think this is a good move on Blizzard's part to help protect their customers and thereby reduce the number of character restoration requests Blizzard has to deal with.
If you think being disabled for 24 hours is a pain, talk to someone who had their account hacked and had to go through the process of getting all their characters and items restored.
LostOne Sep 4th 2009 11:21AM
If you're throwing $15/month at a game and you can't afford a one-time fee of $6.50 for an authenticator, maybe you need to rethink your game subscription. Also if you have an ipod touch or iphone or one of the other devices they support, you can get a free authenticator app.
Blizzard is protecting themselves. If they ban someone for having malware that could get their blizzard account hacked, Blizzard just saved themselves many man-hours that would otherwise be spent digging through logs and restoring hacked characters. It has nothing to do with protecting your computer, it has everything to do with reducing the heavy demand on Blizzard customer service.
bmsones Sep 4th 2009 11:24AM
If they go on my system and claim to have found something they dont' like, they damn will better tell me what they found. Blizzard or not, they don't have the right to go on your computer like that and snoop around.
Highly unethical.
Glaras Sep 4th 2009 11:39AM
"Blizzard or not, they don't have the right to go on your computer like that and snoop around."
Of course they do. It's called "Terms of Service", and if you don't like the Terms, you are welcome to stop using the service. That, at least, is the legal and commercial stance.
In reality, they certainly should have at least told those banned precisely what it was that got them the ban. It is absolutely possible (probable, even) that whatever software Blizzard is using to determine if your machine has been compromised has at least one bad signature, and will detect perfectly good programs as being a virus. False positives are a fact of life in detection software. But if Blizzard's only response is "keep looking", then how can you demonstrate that an FP is to blame?
EZ Sep 4th 2009 11:41AM
Yes, highly unethical and extremely prone to making a mistake. There has been so many times where my virus scanner has picked up a 'false positive', and I know for sure that the file that is a big bad trojan is really harmless. This really bugs me that they can look around and *scan* my computer. I assume that in order to find the virus that means they have to scan all files and folders, which means they could potentially have a lot of information. In this day and age information is worth major $$$ (just look at google, they probably have my whole life in one of their databases, and taking a petabyte of their info could let me retire).
I haven;t read the fine print, or the "legal mumbo jumbo" as I call it, but I think it's time to sift through it and see if there's any way to tell them to not access my computer.
Razortooth Sep 4th 2009 11:46AM
I'd imagine there was something in the ToS allowing to do this, but since you hit accept and never read it you may never know.
Seaborn Sep 4th 2009 5:47PM
@ LenteP
You are exactly right. Blizzard doesnt care about it's customers. Once you have this many customers, it doesnt matter if you loose some. I have been to enough business seminars and heard it come from the horses mouth.
They are doing all this for the bottom line. Its always about the bottom line in a company like this. Sad really.
Farfalla Sep 4th 2009 12:31PM
For EZ, these are the relevant parts of the ToS.
17. #
Acknowledgments.
You hereby acknowledge and agree that:
A. WHEN RUNNING, THE GAME MAY MONITOR YOUR COMPUTER'S RANDOM ACCESS MEMORY (RAM) AND/OR CPU PROCESSES FOR UNAUTHORIZED THIRD PARTY PROGRAMS RUNNING CONCURRENTLY WITH WORLD OF WARCRAFT. AN "UNAUTHORIZED THIRD PARTY PROGRAM" AS USED HEREIN SHALL BE DEFINED AS ANY THIRD PARTY SOFTWARE THAT, WHEN USED SIMULTANEOUSLY OR IN CONNECTION WITH THE GAME, WOULD CONSTITUTE A VIOLATION OF SECTIONS 1, 2 OR 9. IN THE EVENT THAT THE GAME DETECTS AN UNAUTHORIZED THIRD PARTY PROGRAM, BLIZZARD MAY (a) COMMUNICATE INFORMATION BACK TO BLIZZARD, INCLUDING WITHOUT LIMITATION THE ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED; AND/OR (b) EXERCISE ANY OR ALL OF ITS RIGHTS UNDER THIS AGREEMENT OR THE EULA, WITH OR WITHOUT PRIOR NOTICE TO THE USER.
B. WHEN THE GAME IS RUNNING, BLIZZARD MAY OBTAIN CERTAIN IDENTIFICATION INFORMATION ABOUT YOUR COMPUTER AND ITS OPERATING SYSTEM, INCLUDING WITHOUT LIMITATION YOUR HARD DRIVES, CENTRAL PROCESSING UNIT, IP ADDRESS(ES) AND OPERATING SYSTEM(S), FOR PURPOSES OF IMPROVING THE GAME AND/OR THE SERVICE, AND TO POLICE AND ENFORCE THE PROVISIONS OF THIS AGREEMENT AND THE EULA.
(etc)
I HEREBY ACKNOWLEDGE THAT I HAVE READ AND UNDERSTAND THE FOREGOING TERMS OF USE AGREEMENT AND AGREE THAT MY USE OF THE GAME AND THE SERVICE IS AN ACKNOWLEDGMENT OF MY AGREEMENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS TERMS OF USE AGREEMENT.
There doesn't seem to be anything that I would call hugely unreasonable about the contract other than this bit: 'B. Binding Arbitration. If you and Blizzard are unable to resolve a Dispute through informal negotiations, either you or Blizzard may elect to have the Dispute (except those Disputes expressly excluded below) finally and exclusively resolved by binding arbitration. Any election to arbitrate by one party shall be final and binding on the other. YOU UNDERSTAND THAT ABSENT THIS PROVISION, YOU WOULD HAVE THE RIGHT TO SUE IN COURT AND HAVE A JURY TRIAL.'
Of course there's a clause stating that any dispute shall be governed by US law, so the country you're in doesn't matter, but if it were to be governed by local law the British courts would not like this, buried at the end as it is. That would probably have to be in big letters at the start, or at least in that clarified, short list that they give you now as well, given that it deals with giving up a legal right.
But eh, make of it what you will :) the whole thing is here: http://www.worldofwarcraft.com/legal/termsofuse.html
Swordchucks Sep 4th 2009 12:32PM
This isn't just about the individual user. Sure, the time required to replace the goods on a hacked account isn't a trivial matter, but there is a bigger picture at play here.
Mainly: Goldsellers. A lot of the gold that gold sellers flog in that annoying spam is gained from hacking accounts. This is a direct strike against that source of annoyance. They can do all sorts of stuff to combat bots, but it's harder to keep people from getting hacked.
I feel sorry for the (apparently very small) number of folks who have no issues but are getting bounced, but overall, this seems like a good thing.
micgillam Sep 4th 2009 1:14PM
If they really want to do this, they should provide an application that they provide updates for (clearly, if they were able to detect the malicious code, they're capable) to help keep the system clear of keyloggers and other WoW-oriented threats. The most frustrating part will be the person who really wants to clean their system but can't seem to find a tool that will catch the problem that Blizzard is detecting.
Moonkinmaniac Sep 4th 2009 1:32PM
I agree to a point, but having got frustrated with Blizz some time ago I tried some other games. Trust me people....its worth the BS you gotta put up with if you like mmo's. The morons at NCSoft actually give you malware. I even tried free games like JadeDynasty which are fun, but hey...once you've has a porch you don't really wanna drive a station wagon. If you really don't like what they are doing quit or email them, but as much as I hate to admit it there is no better company out there for this type of thing you gotta put up with some things if you wanna play.
Endless Sep 4th 2009 1:32PM
Authenticator should've been included with each copy of the game, or at least with each collector's edition. Would be a great advertising gimmick as well.
What do you say, Blizzard - a new "Cataclysmic Battlechest" edition including original game, all the previous expansions, some bonuses, in-game pet AND an authenticator? I'd pay good money for that, especially if you put it into a metal box.
Dazaras Sep 4th 2009 1:36PM
They can't possibly be looking farther than your RAM, since that would take way too long and is obviously much better handled by your antivirus software.
My guess is they're using their unique vantage point to catch keylogger programs in the act. That is, immediately before you submit your password, rather then when they are not running such as when you run your antivirus.
Viper007Bond Sep 4th 2009 2:20PM
Swordchucks is right on the money. no pun intended. It isn't so much about protecting you as it is protecting the whole game, economy, and GM time. Time is real money after all.
Krab Sep 4th 2009 3:17PM
Least we all forget not to long ago patch 3.0 was flagged as a virus by McAfee and one other I think. So maybe blizzard should tell us what and where they found it.
evanmerwin Sep 4th 2009 3:19PM
Its $6.50 including shipping, i don't think they're raking you over the coals for this.
onetrueping Sep 4th 2009 4:08PM
There seems to be an awful lot of people complaining about Blizzard not telling them what the keylogger is. The reason is simple. THE APPLICATION DOESN'T KNOW WHERE IT IS. Blizzard is NOT doing a full system scan, checking every file on your harddrive for viruses, bot programs, or whatever. They can't. It'd take far too long, and be far too great a drain on your system resources, greatly affecting gameplay. You disagree? When was the last time you did a deep system scan with your antivirus program?
Instead, Blizzard is checking two things. First, they are carefully examining the "services" list. You can see this for yourself in most versions of XP with a simple Ctrl-Alt-Del. The Services tab (second from the left) displays every active service, or piece of an application. One application could be running any number of services, most of the services are named the same, and all of them are largely incomprehensible. And while you do have a number of them that Windows will recognize as belonging to a particular application, most of them aren't shown at all.
Second, they are probably keeping an eye on the data areas that briefly hold your username and password before they are hashed and transmitted. If some form of code tries to access these data areas in a manner that's unexpected, a flag could be sent up. Again, the code would be identified as a service, not an application, and thus would be largely anonymous.
So. Blizzard is NOT invading your privacy (your files are still unknown to them), and they do NOT have the information you think they do. They are simply keeping an eye on the memory space, and primarily on the space that THEY are using to store your password.
Sakarabu Sep 4th 2009 4:10PM
Correct me if i'm wrong but.. I didn't read anywhere in the email you quoted where it says "Even if Blizzard finds a nasty program on your computer, you will still be able to play because they won't ban you with an Authenticator attached.", could I get a source on this info? Did you hear this straight from a blizzard rep? Seems highly unlikely that they would still let you go ahead and play with a keylogger / trojans whatever on your computer. Again, correct me if i'm wrong please.