Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag malware

Watch out: Most game hacks are actually malware

We know that all of our readers are swell guys and gals who would never cheat at World of Warcraft, but just in case you needed another reason to avoid that kind of thing, anti-virus maker AVG is reporting that 90% of game hacks contain malware. And beyond the fact that using a hack will get your account banned by Blizzard, malware has a good chance to steal your WoW account and other sensitive information -- like bank account information or credit card numbers.

We know it seems to take forever to grind for gold or levels sometimes, but if you see something offering to get you gold, levels, achievements, or anything else with the click of a button -- don't click! If these things sound too good to be true, they probably are. So instead, keep your account secure by avoiding hacks and being sure you only download addons from trusted sources. Your account, safe and secure, will thank you!

[Via The Escapist]

Filed under: Account Security

Update: Keylogger source identified


Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users.

For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go.


What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes.

Thanks Kody!

Filed under: News items, Account Security

Man in the middle attacks circumventing authenticators

It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users.

Kropaclus
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.



To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

Read more →

Filed under: Account Security

Breakfast Topic: What are you doing to protect your account?

While it is certainly nothing new, it seems that you can't spit without hitting someone who has, or has had, a compromised account. These WoW account predators are getting more clever by the day, with using everything from keyloggers, sham contests, betas and security checks, to even grabbing an account and immediately attaching an authenticator to it.
Now, any moderately-savvy internet user would just scoff, and say that they take all necessary precautions -- what's there to worry about? Fair enough, but what about those who, well, don't?
Blizzard has said time and time again about safe-guarding your account information, yet people still jump onto those fake Cataclysm betas and fancy new mount prizes. Make something idiot-proof, and they'll build a better idiot, eh?
That being said, what are you doing to protect your prized polygons? Do you have a good anti-virus installed? A malware scanner? If you don't have an authenticator, how come? It's only about the price of a grande Starbucks drink, and will provide a longer-lasting effect of happiness and joy to your life.

Discuss amongst yourselves!

Filed under: Breakfast Topics, Account Security

Malware targeting gamers gets some mainstream spotlight

Those vicious and despicable malware authors are targeting gamers, according to BBC.

I know, big whoop, right?

The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.

The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.

WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.

Filed under: Analysis / Opinion, Odds and ends, Account Security

New computer shipped with malware that targeted WoW

Here's a big oops -- a company named M&A Technology accidentally shipped out a unit of their Companion Touch PC that contained some malware on it, including a password stealer that targeted World of Warcraft. It was an accident -- apparently someone at the factory decided to upgrade the computer's drivers and software before shipping it out, but they used a USB stick that had been infected with the bad apps, and thus in the process infected the brand new computer. Fortunately, the person who received the computer apparently scanned and caught the bad code before any damage was done -- I guess if you buy a computer from a brand you've never heard of, it's worth giving it an antivirus and malware scan at least once before you use it.

And/or you can just use an authenticator -- even if someone nabs your password, the Blizzard Authenticator makes sure that they can't log in without a current code. So there's not too much to worry about here -- while computers do occasionally get shipped with software that could jeopardize your security, as long as you're vigilant about what's on your hard drive, and take caution before using apps and hardware that you've never used before, you generally won't have any problems.

[via WoW LJ]

Filed under: Patches, Analysis / Opinion, Odds and ends, Hardware

Antivirus company claims viruses are out to get you

McAfee Avert Labs, a monitoring and research division of McAfee Inc., claims that malware attacks are on the rise, and the targets are often gamers.

According to McAfee, there was a 245% growth in the amount of malware being developed from 2006 to 2007, with roughly 300% more developed from 2007 to 2008. So far this year, development already exceeds 2006 and 2007 combined.

Earlier this year, McAfee released a list of some of the most dangerous web domains. Even major, reputable websites are not immune, although the problems are usually addressed almost instantly. Commonly targeted websites include social networking sites like Facebook, as well as gaming sites.

The developers harvest the information, and sell it to others who then exploit it, possibly to steal your account information.

With so little time until Wrath of the Lich King, I'd like to remind everyone that buying gold or power-leveling services is not only not permitted, it is likely to get you burned.

For more information on protecting your computer from keyloggers and other malware, check out the following guides:

Read more →

Filed under: Analysis / Opinion, Tips, News items, Features, Wrath of the Lich King, Account Security

WoW Insider Show Episode 55: The PvE to PvP transfer

The latest episode of the WoW Insider Show is now up for your listening enjoyment over on WoW Radio. Unfortunately, Totalbiscuit (who runs things over there) tells us that they're having more issues with a Google false positive of malware, so this week will be the perfect week to jump on into iTunes and both subscribe to and review our show from there if you haven't yet. Right there in your music player, you can find all of our shows so far, and you can subscribe to get any new ones we do for free right on your new iPod touch (or whatever ya got). Topics on last week's show include:
  • The usual email answering: we answered questions about why there are no Auction Houses in Shattrath or Dalaran, what to do when your guild won't let you roll on damage gear when they ask you to heal, and why getting Champion tabards at Exalted would be a horrible idea.
  • We talked about PvE to PvP transfers and why they might be a problem, but probably won't be.
  • Racial abilites (and the suggestion to free them up a bit) came up in conversation
  • We hit on Mages and why they're thrilled with Mirror Image (stay tuned for more Mage talk next week).
  • And finally we asked around for AH tips, so if you want to make more money on the AH, definitely listen in.
If you've got tips or questions of your own, definitely drop us an email: the address is theshow@wow.com. We do this every Saturday, so if you weren't free last week but happen to be around next Saturday at 3:30pm Eastern, jump on over to WoW Radio and tune in to hear us live. Thanks for listening, and enjoy the show!

Listen here on the page:


Filed under: Analysis / Opinion, Odds and ends, Blizzard, PvP, Humor, Making money, Wrath of the Lich King, WoW Insider Show

WoW Radio fighting claims of malware

A few readers (thanks!) have sent us news that visiting the website of our good friends at WoW Radio has caused their Firefox browser to flag that there's malware present over there. I visited the site last Sunday, and my browser tossed up error messages aplenty at me. But after talking with Totalbiscuit and Duncor, I'll repeat their message here, so just so everyone knows: there is no malware problem with WoW Radio.

Totalbiscuit has posted a notice on their front page explaining what happened -- sometime last week, a hacker attempted to post some kind of malware nonsense on their forums, and was headed off at the pass. Unfortunately, Google just happened to catch one look at a possibly negative piece of code, and thus the site was flagged (strange that just one flag would cause the kinds of alerts that Firefox is spitting out, but that's a discussion for another day). But at this point, we know for certain that there is no malicious code on WoW Radio, and even Google admits that the one piece of code it saw was the fault of a third party, not the WoW Radio folks.

Both Totalbiscuit and Duncor tell me they're working with their ISP and Google as much as they can to get the warnings removed. But in the meantime, you've got nothing to worry about -- you can listen to our podcast (or any of the other podcasts over there) without worry.

Filed under: Analysis / Opinion, WoW Insider Business, News items, Forums, WoW Insider Show, Account Security

Two new keylogging worms to watch out for

Microsoft's malware blog is warning of two new worms that attempt to steal account information for online games from Windows XP or Vista users. These worms are breaking previous keylogging success rate records and are worth educating yourself about.

The first one is called Taterf which has infected over 1.2 milion machines worldwide during its first week. The other worm is called Frethog and has so far a 650,000+ machine first-week infection rate. These rates are stunning to malware specialists who are used to seeing these kinds of numbers only after a month of the worm's existance. These worms take advantage of Windows' autoplay and autorun functions that run for CDs, DVDs, and some USB sticks. They can be sneaky about it too. They try to disquise autorun with other pop-up dialog boxes, like "Show me these awesome pictures." You do need to confirm this action manually, but this obstacle hasn't much limited the spread of the worms to date.

Make sure you read the instructions on Microsoft's support site for how to protect yourself from these worms. The short answer is to disable autorun from CDs under XP (a registry change) or to change the same option from the Vista control panel. You should also disable autoplay as an even greater precaution. Also, of course, make sure you check the box on the WoW login screen to save your account name. That way if you do get infected with a keylogger, they won't be able to see your keystrokes for both your account name and your password.

Filed under: News items, Account Security

Azeroth Security Advisor: Patient patching prevents pestilence

Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez!

Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right?

Don't do it.

Read more →

Filed under: Patches, Account Security, Azeroth Security Advisor

McAfee report reveals the most dangerous web domains

In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.

In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.

Read more →

Filed under: Analysis / Opinion, News items, Account Security

WoW Ace Updater ad banners may contain trojans, claim some users

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

Filed under: Analysis / Opinion, News items, Add-Ons, Account Security

Make way for maintenance day

Maintenance day is underway until 2pET/11aPT and many WoW fans are searching for something to do, while players with day jobs log on to point out that they can never play during these hours. Fortunately, we have lots going on today, as well as some highlights from the past week that you won't want to miss.

Wrath of the Lich King:
Arena Season 4:

Read more →

Filed under: News items

The Trojans are coming for the Horde! And the Alliance, too.



The fine folks at World of Raids, as pointed out by tipster Akyl, have linked to this article, which informs us that 20% of all trojan viruses are aimed directly at you, the World of Warcraft player. (Don't feel too bad, as Lineage 2 gets a whopping 40% of all trojans.) That's really rather astonishing, if you think about it... just a quick search of our own site reveals several trojans made mention of on our site alone. Of course, it's not news that crooks will steal things from you, but what's news is that this is a percentage of all trojans, period. In other words, between Lineage 2 and World of Warcraft, we're seeing more than half of all cyber crime committed via trojan viruses.

Forget banks, people. The future of online theft is your character's gear. Gaming accounts are targeted by the second most common malware on the web right now according to a previous article on the PCRetail site. That seems to suggest that this kind of activity, with its uncertain legality (who do you call when someone steals you WoW password and sells all your gear, after all, the cops or Blizzard? After all, technically all your character's stuff still belongs to Blizz, and not you) and as yet uncharted waters of enforcement, is only going to get more and more common. Gaming is described several times as a 'soft target' for this kind of theft.

There's more money to be made stealing people's accounts and selling all their gold to gold buyers than in trying to steal bank account information.

Have you ever downloaded a trojan, or otherwise had your account hacked? How long did it take to get your stuff back? Did you actually get it all back?

Filed under: Analysis / Opinion, Virtual selves, Economy

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories

Joystiq

Massively

Engadget