Malware targeting gamers gets some mainstream spotlight
by Zach Yonzon 
Nov 5th 2009 at 1:00PM
I know, big whoop, right?
The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.
The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.
WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.
Filed under: Analysis / Opinion, Odds and ends, Account Security
Reader Comments (Page 1 of 2)
outlier Nov 5th 2009 1:10PM
top rated episode of south park of all time I believe. I missed last night's episode well because of...
Yankees World Champion Number
>27<
November 4th 2009
Mordockk Nov 5th 2009 1:43PM
I was so happy for the yankees when they won. After all you had such a rag tag crew of players.
I mean honestly, a classic cindarella story at its finest.
/endsarcasm
rosencratz Nov 5th 2009 1:16PM
...Something else the media can blame on video games then? heh heh
Fozz Nov 5th 2009 8:10PM
Wow, people over 40, welcome to the 21st century.
I wonder if the BBC just heard of this thing called Malware and think this is cutting edge reporting...
"You mean I shouldn't click that 'Get larg3r in herr tonigh7!' email?!?"
I am filing this under "no duh"...
Nothing to see here.
In relevant news, South Park is hilarious this season.
Ozmodius Nov 5th 2009 1:22PM
It also won South Park the Emmy.
As for article, I think it's a good thing that the mainstream is paying attention to this. It's not hard to imagine this kind of malware being extended to someone's personal finance. Best to shut these scammers down while they're still going after hypothetical currency, before they move up to the real stuff.
As someone who has had THOUSANDS of dollars stolen from me via a cloned credit I know the sick feeling you get when you realize what has been done to you.
jfofla Nov 5th 2009 1:30PM
Blizzard needs to make Authenticators required to play their games, and all this would be a non issue.
Wellsee Nov 5th 2009 1:41PM
I wouldn't play if I had to use an authenticator. I am willing to accept the risk of having my account compromised, and that poses no threat to any other user. I travel and use three PCs in different locations so using an authenticator is more than a minor annoyance -- especially if I forget to pack it even once.
Jido Nov 5th 2009 2:02PM
@Wellsee:
That is actually MORE of a reason to use an authenticator. Using different computers will likely increase your risk. So, unless you are the only user of those and know they happen to be safe, I would highly recommend using an authenticator.
I actually have mine attached to my home keys, I've never lost them and I never leave home without them.
Better safe than sorry IMHO.
Durgath Nov 5th 2009 2:20PM
The problem with making authenticators a requirement is that they are not available wordlwide. I live in South Africa and Blizzard do not ship authiticators out to the arse end of Africa
Kelsey Nov 5th 2009 2:31PM
A better idea would be for Blizzard to make it clear that anyone who doesn't use an authenticator and gets hacked is on their own. If people want to take the risk of not using one (because of convenience, shipping cost, laziness, or whatever) that's their prerogative, but they shouldn't expect to be bailed out if it backfires on them.
I think that would be an idea compromise; it will encourage people to start using authenticators when they know Blizz won't rescue them after a hack, but others who don't want to use them won't be forced to in order to continue playing.
Khremloc Nov 5th 2009 1:31PM
It was an alright episode of South Park, probably one of the best, but definitely not -the- best.
Ilunc Nov 5th 2009 1:34PM
I just don't get why people would do this sort of thing. Its like some one going up to your car that you use to get to work and smashing it with a baseball bat, just because they can.
ugh evil hackers are evil
tamillerkt Nov 5th 2009 2:19PM
It's not "just because they can". These people are making tons of money hacking your computers.
If they get a keystroke logger on your system, they can capture any passwords you type - your WoW password, your bank account password... and then they can sell that information to people.
They can also install other software on your computer that makes it part of a botnet that they control. Let's say they want to try to crack Citibank and steal a bunch of credit card numbers (which they can then sell on the black market). They can use your computer in the attack, hiding the true source of the attack.
It's not random at all. They're after money.
Phil Nov 5th 2009 1:39PM
Did anyone else read "taterf" as "tater-rific"
tamillerkt Nov 5th 2009 1:41PM
Many people mistakenly believe they have their computers protected if they patch their operating system regularly, i.e. Windows Update. The truth is you also need to make sure you keep every application installed patched as well. Firefox, Adobe reader, Quicktime, Flash and Shockwave players, Java, Real Player, VLC Media Player, Winamp, etc. All of these apps and more can introduce vulnerabilities, and the patches from your OS vendor don't help with them one bit.
catharsis80 Nov 5th 2009 1:42PM
Of course they're attacking gamers more. Those who grew up playing PC games and such have been used to the computing world for a while, and know the basics of how to avoid all those attacks. These days, though, there are WAY more people starting to game, and they're completely new to the computer world -- a.k.a., boatloads of fresh meat for the attackers.
Baraqorn Nov 5th 2009 4:57PM
Blizzard "Actively warns and fights against" the gold-buying industry? Really?
We had a guildmember get hacked on a Friday. After taking what he could from the guild bank, the hacker moved the character out to Storm Peaks and turned him into a bot to farm relics of ulduar (ever wonder where stacks of 200 relics on the AH come from?).
We watched this bot (and another in the same area) for the entire weekend. Many attempts were made to get Blizzard to do something to stop this hacker from profiting from our guild mate's stolen account. Their answer? Customer Service will look into it on Monday morning. They only work M-F.
This is a 24/7/365 game. I doubt it was a coincidence that his toon was hacked on a Friday evening after customer service had closed up for the week
Hey Blizzard, you want to do something about hackers and gold sellers? Then DO SOMETHING. The poor human paladin bot is still there today, weeks later, even though, as I said, multiple people opened tickets to inform blizzard about the botted toon.
Sunhead Nov 6th 2009 9:06AM
Authenticator Bullsh!7.
If they are required for security then Blizz should be sending them to everyone free.
I know people who have been hacked who know security and the only way it can have happened was brute force on the password once their account name was acquired.
Even Microsoft has managed to have the simplest security required to stop passwords being brute forced. 5 failed login attempts, 30 sec lockout. Add to that an e-mail sent to your registered e-mail notifying you of the failed attempts and you have brute force protection. Without lockouts they can run hundreds of passwords a minute, once your account name is know, its a forgone conclusion you will be hacked. And with Battle.NET more or less publishing your account name NOW IS THE TIME to be pressuring Blizzard to do something like this rather than push people on to dual factor logins.
Raz Nov 5th 2009 11:47PM
Please note that the authenticators are $6.50, which is a one-time cost equal to less than 2 weeks worth of WoW time if you're using those 60 day subscription cards. Also, straight from the Blizzard Store:
"Please note: Shipping fees have been waived on this product to reduce consumer costs."
It's not like they're telling you that playing one requires it & trying to charge you $50 plus your first born son for it, it's for additional security & it's $6.50 which is basically Blizzard offering it as "Free plus Shipping & Handling." Hardly a ripoff.
---Some extra tips to lower chances of getting ripped off: ---
Don't make your passwords easy as hell like the name of your city,
Don't visit questionable websites,
DON'T VISIT QUESTIONABLE WEBSITES (we all know that needed repeating),
Don't click on links in emails from people you don't know,
Don't click on links in emails from people you know if it looks like they didn't write it,
Try to highlight/copy/paste links from emails into the address bar as a habit,
Don't open emails with titles like "MAke you BIGGER IN 2 weeks!" (1 week or gtfo- jk :p),
Have an anti-virus/anti-spyware program,
Don't hand out your password,
Don't let people watch you type your password,
Don't write down your password,
Don't make your "I forgot my password" questions ridiculously easy,
Don't click "remember my password" when using someone else's computer browser,
...are you seeing a pattern here?
Basically, "don't be an idiot" is a really effective security plan. Not bulletproof, but better than nothing. There's a good chance that if anyone you know got hacked, they broke a rule. Let's be honest, they probably got tagged by an "18+" site. Those make up about 97% of "questionable websites," and 90% of the "rules broken pie-chart" by most people.
Authenticators are awesome if you're in an area that can get them & you're not a complete cheapskate though- you can write your account name & password on the wall at BlizzCon & you won't be hacked unless you also drop your authenticator :)
Sunhead Nov 6th 2009 9:40AM
Raz, that's great, authenticators are cheap and effective but until they supply one in every box set of Cataclysm that is sold it DOES NOT excuse them from taking the most basic of security steps to prevent password brute force attempts.
I am sure you think the reason the same people are getting re-hacked is that they are watching too much porn or have very bad security habits.
That is wrong. Once your account name is known, which can be obtained by getting a directory listing off your PC, or just watching over someones shoulder, it is only a matter of time before your password is guessed.
This is not Security 101, this is elementary security.
Some people are just idiots and they cant be helped without the authenticator, but as I said, I know people who understand security and they have been re-hacked recently. The only explanation is brute force password attempts. Not having any brute force protection is unacceptable and naive.
Oh and AFAIK the Authenticator does not ship free to Oceanic Region.