New scam targets the WoW Launcher

by Matthew Rossi Mar 31st 2010 at 11:00AM

A post in the official forums today, later confirmed by a blue, points to hackers attempting to take advantage of a new avenue to attack the user -- the World of Warcraft Launcher.

As you can see from the screenshot above (large version here) the real launcher apparently is replaced with a fake launcher that sends the user to a web site that pretends to be official, asking for subscription information (including answers to secret questions and the original CD-Key) in what is meant to appear as the means to restore a supposedly suspended account. One of the telltale signs that this isn't legit, besides the very invasive information requested, is the version number in the upper left corner of the screen. We're way past patch 3.1.1 -- however not everyone might know this.

Ancilorn posts confirming that this is not genuine (reiterating that they will never ask for your password in such a manner, and also requesting that such things be sent directly to Blizzard if they happen to you). Goes to show that as security is increased, those looking to breach it become more desperate.

Tags: account, ancilorn, breaking, facebookfeed, hack, launcher, phishing, security

Filed under: News items, Account Security

Reader Comments (Page 5 of 6)

Hanak Mar 31st 2010 7:46PM

+5 Internets to Chris Anthony for the Hackers reference :)

thomasina Mar 31st 2010 2:08PM

=====
The best way to combat this is to use the latest version of Firefox as your primary web browser, and to install the "AdBlock Plus" addon, which blocks all ads, especially the ones which show up in the search engine's "Sponsored Links" box. The nature of these link boxes makes them highly vulnerable to SEO (search engine optimization) attacks. All it takes is a criminal with some stolen credit cards to pay the search engine off with someone else's money, and bam, link to infected files right there on the front page of search engine results.
=====

Just a small FYI - any website is vulnerable to an SEO attack. I've never seen one from a paid sponsored link, however, I have seen them come from the top links in a search engine, and those you can't block. I keep Flash turned off, and if I don't trust the site I'll turn off javascript as well. And while I do agree with using Firefox (even without the Adblock), you forgot html email!

More exploits come from html email than websites - simply because you have no protection in email. Once you click on a subject line (doesn't matter what program) the page will begin to load in your browser. Everything you see loading is loading from another website - javascript and all - and if it's got an exploit in it, you've just executed it and downloaded it.

Only accept text email. You'll be safer for it.

Shevek Mar 31st 2010 9:57PM

See, an experienced WoW player would know this, but say... my 13-15 year old brother is playing on the account we watch for him. How in the world would he understand if he's just playing for sh*ts and giggles, right?

Sometimes that IS the case and they're not "ignorant" or "retards" for not knowing about something to it's full extent.

Terrible way of thinking.

Matt Mar 31st 2010 2:26PM

Does it really matter who deserves it and who doesnt?

Wouldn't it be more productive to discuss how we can deal with hackers rather then pointing fingers at people and saying they deserve it?

GiGa Mar 31st 2010 2:44PM

"how we can deal with hackers"?

Easy. When stupid people stop handing these people their account information, the "hackers" will go away.

Al Mar 31st 2010 3:24PM

Or they will start stepping up their game, as this shows.

Proudly espousing this "blame the victims" mentality doesn't make you sound smart, it makes you sound like a socially maladjusted creep.

Hoggersbud Mar 31st 2010 11:14PM

>Wouldn't it be more productive to discuss how we can deal with hackers rather then pointing fingers at people and saying they deserve it? <

Guns. Walls. Hackers dealt with.

Some crimes you just have to scare the crap out of people.

Matt Mar 31st 2010 3:23PM

I am sure hackers love it when people say their victims deserved it!

Kravok Mar 31st 2010 4:15PM

damn their good

Tokkar Mar 31st 2010 4:31PM

/massivevolcanicfacepalmofdoom

Here we go with the following:

1) I HAVE A MAC!
2) People who fall for this DESERVE to be hacked.
3) If you don't visit inappropriate sites, you WON'T GET THIS!
4)...yadda yadda...you get the drill.

Now for a dose of reality, eh?

Certain sites might run advertisement banners, open to seemingly innocuous advertisers, yet contain embedded keyloggers, malware, even virii. My own comic site was the target of just such unscrupulous advertising banners, which is why I IMMEDIATELY dumped them and went with a different server. Whose fault is it that the advertisement that was shown hit them with a keylogger? The person who was visiting said site because they didn't have Adblock running? Give me a break.

Not all malware/keyloggers/virii are caught by all virus scanners, even those that are completely up-to-date. Why? Because the hackers have ALWAYS been one step ahead of even the industry leaders. WHY? Because THEY have copies of the same virus scanners and take pains to see that they can hack through it with their malware/keyloggers/virii whenever an update is made!

Not everyone has a Mac, and Macs are not immune...they're more like a condom...pretty good protection, but not 100% reliable.

Not everyone is as computer savvy as the "stupid people deserve to be hacked" crowd, you know? And NO ONE deserves to be hacked. Ever. Well, maybe the hackers themselves...poetic justice and all that. But still...everyone has "blonde moments". It happens, deal with it.

These people are getting good. This column serves as a precautionary statement to make everyone aware. I'm glad it's here.

GiGa Mar 31st 2010 4:46PM

If you gave someone a key to your house, and they came in and robbed you of everything you owned, would you say that you deserved to have that happen?

My answer is yes you would, because YOU gave them the key. If you didn't give them the key (eg they broke a window) then of course you did not deserve it.

I don't know why you're all so uptight about this. It has nothing to do with people being computer illiterate or not as "smart" as the rest of us, it has to do with COMMON SENSE (apparently something that is lost on a lot of people these days).

Don't give them the key to your house (username/password) and they won't rob you (steal your gold). Very simple.

Go ahead and down rate me again. I've made my point, not going to waste any more time try to convince you lot of what common sense is.

Janaa Mar 31st 2010 5:20PM

Wrong Giga. My landlord has a key to my house. Does that mean I *DESERVE* for him to come in and rob me? The reason virtually nobody is agreeing with you, and everyone else who feels the same way is being voted down, is because you're wrong.

You're confusing enablement with deserving. Just because you make it easier for someone else to do something bad to you, that doesn't mean you deserve for that to happen. If a schoolgirl walks down a dark alley at night alone, and gets raped, does she deserve it? No - she certainly made it easier for the attacker to do, but that doesn't confer any sort of right for the attacker, or imply that she deserved it in any way. Your argument is actually one commonly used by date rapists, saying that because the girl accepted a drink from a stranger, she deserved whatever came to her. Wrong. Wrong. Wrong.

If you accidently give your account information to a hacker, they're still in the wrong. Sure, it was foolish of you to give them the details, even if you didn't mean to. However, you're not to blame for their actions, and you don't "deserve" anything as a result.

GiGa Mar 31st 2010 5:52PM

Obviously the landlord situation is different because he owns the house and you know who he is. These so-called "hackers" do this (and get away with it) because they're anonymous.

I will accept your point about who deserves what happens to them. Obviously I, and any normal thinking person, agree that being raped by someone is definitely not deserved, nor acceptable, under any circumstances.

That's a whole other story, but my view on those situations is that walking on your own, especially at night, is a very stupid thing to do these days. Should you be able to? Yes, of course you should, but you can't. Should you be able to leave your house and return expecting everything to be as it was when you left? Yes, you should, but you can't. Not anymore. Not in 2010.

The world is a nasty place and there's all sorts of unfair and unfortunate stuff that happens every second of every day. The only way to stop this is by using common sense - lock your doors/windows, don't walk on your own, don't get drunk and let some loser flirt and take advantage of you, don't visit dodgy websites or open weird looking emails, etc.

Yes, nasty things can still happen even to the most prepared and careful people, but when it comes to something like WoW, it is so much easier to protect your account than it is to protect your house or even yourself.

So, I'll back off from my "you deserved it" comments and instead say that "you didn't help the situation". There does need to be some level of self blame here however I will accept that people don't "deserve" to have this happen.

Tokkar Mar 31st 2010 5:55PM

I've gone to bars where they asked people to deposit their keys at the bar if they were going to do any drinking. That's giving someone your key out of trust. If that someone then decided to steal my car, would I be deserving of that?

The point Janaa made about the landlord having the key to your house is also a good one.

If something comes across that looks like it could very well be legitimate for those who don't seem to surf all of the McAfee forums on a daily basis, and it appears ON THE LAUNCHER OF THE GAME YOU ARE PLAYING, then in trust you might just make that mistake.

You have not made any point, other than to feel that you are somehow privileged in some way because you are distrusting of everyone and apparently never make mistakes...or at least this is how you are most emphatically coming across in your posts here today.

Janaa Mar 31st 2010 6:35PM

@Giga - Cool, I agree with pretty much everything you said in that second post. I too feel that there should be some level of self-blame appropriated in this regard, not necessarily for falling for a social engineering scam like the one detailed in this article, but in the case of the many people who conciously decide not to educate themselves.

Too many people disassociate anything virtual from reality. People won't walk down the dark alley because the negative connotations of assault are something real and physical. Yet somehow people disconnect from reality when it comes to computers, and go back to the whole "it won't happen to me.." mindset, and don't go to the effort of defending themselves, the same way they would in the alley.

I don't feel they're to blame for what happens. I do think that with more *effort* they could have avoided it happening however. Prevention is always better than cure. People shouldn't have to actively stop people doing bad things to them, but unfortunately, we do have to. Placing blame is always after-the-fact, and truthfully, it always lies with the perpetrator. That doesn't mean and I don't mean to imply, that we shouldn't be vigilant to prevent things ever getting to that point.

WoW Insider Show

Subscribe via iTunes for our latest show.

Hot Topics

Upcoming Events

Event	Date
Call to Arms: Isle of Conquest	5/14 - 5/16
Call to Arms: Alterac Valley	5/17 - 5/20
Call to Arms: The Battle for Gilneas	5/21 - 5/23
Call to Arms: Warsong Gulch	5/24 - 5/27
Call to Arms: Twin Peaks	5/28 - 5/30
Call to Arms: Strand of the Ancients	5/31 - 6/3
Darkmoon Faire	6/2 - 6/9
Call to Arms: Silvershard Mines	6/4 - 6/6
Call to Arms: Temple of Kotmogu	6/11 - 6/13
Call to Arms: Arathi Basin	6/18 - 6/20
Midsummer Fire Festival	6/21 - 7/5
Call to Arms: Eye of the Storm	6/25 - 6/27