Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag trojan

Blizzard update on dangerous Trojan

WoW Insider reported recently on a dangerous Trojan that was, at the time, not removable by any known antivirus program. Vigilance was advised by the Customer Support agents, and logs from anyone who was affected by the Disker trojan were requested. Thanks to the hard work of the Blizzard Support MVPs, a solution has been found.

Kaltonis
Our pleasure!

To summarize for those of you that haven't read the green posts:

-The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there.

-At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.

-Thanks to Ressie's efforts, most security programs should be able to identify this threat shortly, if not by the time I type this.

-If you were compromised, follow the instructions here and we'll do our best to set everything right (as we always do).

-For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the "Configuring/HIMYM" trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!

Filed under: Account Security

Blizzard Customer Support warns of dangerous Trojan [Updated]

Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan -- a virus that can enter players' accounts even if they have an authenticator. Update -- A solution has been found.
Jurannok
Hello,

We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Read more →

Filed under: Account Security

Malware targeting gamers gets some mainstream spotlight

Those vicious and despicable malware authors are targeting gamers, according to BBC.

I know, big whoop, right?

The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.

The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.

WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.

Filed under: Analysis / Opinion, Odds and ends, Account Security

Play safe because a trojan can get you banned

Remember that "non-personal system information" that Blizzard said they are searching for? Part of it is a search for keyloggers, trojans and viruses that affect WoW. If the system check finds one of those on any of the computers you are using, Blizzard will ban your account for 24 hours so that you can get it fixed.

When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.

Read more →

Filed under: Analysis / Opinion, Blizzard, Account Security

WoW Ace Updater ad banners may contain trojans, claim some users

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

Filed under: Analysis / Opinion, News items, Add-Ons, Account Security

Incgamers.com malware mixup fixed

Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here).

Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning.

Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.

Filed under: News items, Add-Ons, Account Security

Anti Keylogger Shield may offer some protection for your account

Hackers are getting more and more brazen lately, hiding various trojans and keyloggers not only in random forum links, but in ad banners and even in electronic devices. Even common sense avoidance of suspicious links and websites doesn't always seem to work anymore. Luckily, there are other tools you can use, such as the Noscript extension for the Firefox browser. Lifehacker reported on a new one yesterday as well: Anti Keylogger Shield for Windows.

This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty.

Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better.

[Thanks for the forward, DrDiesel!]

Filed under: Odds and ends, Account Security

Wowhead and other sites are having trouble with ad banner trojans

You'll want to be a bit more cautious when looking up information on the game today. World of Raids reports that an unknown ad banner appearing on Wowhead, Thottbot, and Allakhazam has an embedded keylogger trojan. You don't even need to click on the banner, apparently, simply mousing over it will be enough. Wowhead says that all they know for sure is that it originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com." They're working at isolating it.

The issue is known, and all parties involved are tracking it down, so it should hopefully be resolved soon. In the meantime, if you're looking for a quick way to protect yourself, I would follow the recommendation of World of Raids, and try out the Firefox web browser and the No Script extension. As long as you keep the scripts blocked, it should prevent the banner in question from forcing itself on you. This should also provide you with some protection if you accidentally click on the wrong link elsewhere, such as on the WoW general forums.

Edit: Apparently, the virus in question is not an actual keylogger, but it still does a number on your system, which is reason enough to try to avoid it.

Filed under: Bugs, News items

Your virtual cash may be worth more than your real cash

This isn't the first time we've heard this, but recently PC World has reported that your virtual assets may worth more than your real assets. From the article:

According to Craig Schmugar, a researcher with the McAfee research labs, McAfee now sees more password-stealing malware designed to nab accounts of games like Lineage and World of Warcraft than Trojans that go after financial accounts.

Why? Your in-game assets can easily be converted to cash and there's much less legal risk involved in trafficking virtual goods than trafficking, say, stolen credit card numbers. So treat this as a reminder: be careful of keyloggers! (And if you're not sure how, read up on our advice on how to keep your system keylogger-free.)

Filed under: Economy

Is the background downloader a virus?


According to MVP Schwick on the EU forums, several different anti-virus scanners have started detecting the Blizzard background downloader and some patch files as malware. With as much trouble as you can get into with certain kinds of malware, this sort of alert would be bound to panic anyone. However, this one has been confirmed by Blizzard as a false alarm. For now, be sure to download the latest updates to your anti-virus scanner, and if it detects any of the following, it's likely a false positive:
  • Trojan-PSW.Win32.WOW
  • R/PSW.WOW.RG.3
  • Trojan horse PSW.Generic4.TUV
However, if, after upgrading your anti-virus software, you're still getting virus messages? Report it on the tech support forums. As Blizzard EU rep Torzelyn says:

Updating the Virus Scanners is removing the Trojan alert, but if your particular scanner is still flagging it as a trojan, please don't patch the game just yet. I'm sorry but I'm just wanting to be cautious. Although it appears to be a false positive, as with Kaspersky, AntiVir etc.. updating the definitions is solving the problem, I don't want to just say 'use the files' because there could still be a problem somewhere.

[Via BlizzPlanet]

Filed under: Patches, News items

Danger Will Robinson!

[Ouch. Nuke & pave might be overkill, but at least you know you're pretty much safe after this.]
I saw this screen shot last night on the WoW LJ community, and I have to admit, it took me by surprise. This is the first time I've ever actually seen the World of Warcraft launcher/load screen come out and point-blank warn people about the presence of Trojans on their machines. As there are a lot of variants of this particular Trojan out in the wild, that specific name doesn't surprise me.

Considering the fact that two Blue accounts were recently compromised, it looks like it's a good time to once again make sure your systems are patched, your virus scanners are up to date, and that you've got some good lines of defense against these Trojans. (Personally, I'm a huge fan of FireFox and some of the browser extensions that have come out for it.) Or, as some of my friends have told me, I could just get a Mac, and not have to worry so much about these kinds of things either. I keep telling them I'll happily switch when they buy me one.

Read more →

Filed under: Analysis / Opinion, News items

New World of Warcraft Trojan

A new trojan is out in the wild looking to steal your Warcraft login information.  Once infected, this virus will attempt to log all keystrokes sent between your computer and  the login servers (us.logon.worldofwarcraft.com or eu.logon.worldofwarcraft.com).  Any data it collects - which would include your username and password - will then be sent off to a remote attacker.  Symantec is currently reporting that the virus hasn't spread far yet, but it's time-consuming and difficult to recover a lost account, whereas it's fairly quick and painless to make sure your anti-virus definitions are up to date.

Filed under: Cheats, News items

Password Stealing Trojan

A new trojan out in the wild is attacking computers with the goal of stealing your World of Warcraft account information.   It may seem like a trivial target for virus writers, but there's definitely money to be made reselling in-game items - and, thus, money to made by stealing your password.  So be certain to keep your anti-virus up to date and if your account has been compromised, contact a GM or the billing department, but expect a lengthy process of investigation to have your items or account restored.

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events


Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories