Posts with tag virus

Those vicious and despicable malware authors are targeting gamers, according to BBC.

I know, big whoop, right?

The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.

The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.

WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.

We're going to cover all the April Fools jokes from around the WoW community tomorrow (after they're over so we're sure we don't miss too many), but I wanted to take a moment to give a PSA about the WoW Instant Messenger add-on.

When you log into the game today, and if you're updated to the latest version, you'll hear a modem sound ring across your speakers. This is a joke, this is only a joke, and you have no need to be alarmed.

We've gotten many tips in about this, mainly people thinking that it's the Confiker virus which was supposed to start today. Well, it's not. And from the look of things Confiker is bust too (at least for now). So you're safe and okay, and can be angry that you've been had by an add-on author. Or just laugh about it, which is what I've done.

The author has even come out and said this is a joke, and is offering an apology to anyone upset by this.

NASA has confirmed that the International Space Station has been infected by a keylogger. It was carried onto the station by an astronaut's laptop back in July. The keylogger in question is the W32.Gammima.AG -- which is specifically a gaming keylogger. In other words, the ISS has the exact kind of keylogger that plagues so many of us in WoW.

NASA describes the keylogger as merely a "nuisance," but at least two of the laptops on board had the virus. That probably means it arrived on one laptop, and a removable device like a thumb drive carried it to another. Kelly Humphries, a NASA spokesperson, said "This is not the first time we have had a worm or a virus. It's not a frequent occurrence, but this isn't the first time."

For security reasons, Humphries couldn't say whether mission-critical systems were affected by the keylogger. NASA is working with its Russian partners to figure out how the virus got space-born.

Here's hoping the International Space Station has their Blizzard Authenticators installed properly.

Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez!

Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right?

Don't do it.

In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.

In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.

Arena Junkies is one of the most reputable online sources for. . .arena junkies. Its posters are numbered predominately among the 2000+ Arena Rated teams, and thus the site serves as a key resource for arena veterans and up-and-comers alike. Arena Junkies hosts dozens of forums, macros, strategies, and example Arena-centric Talent builds. Arena Junkies is also an official part of the Blizzard Fan Site Program. Oh, and they've got their own T-Shirts.

Which is why it can be so troubling to see they've been attacked by one of Vaneras's malicious "eVillains." The eVillain posted a "malicious applet" in their Interface forums, planting a virus which apparently spread to the hosting server itself. Naxos warns forum-goers that if any Junkie clicked on the link responsible for the attack, he or she should be careful that their system isn't under any danger. With the rising number of keyloggers and account theft, that kind of precaution is starting to get common for even the most casual WoW player.

Naxos definitely seems to have a handle on the problem, though. Arena Junkies reverted to its last-saved backup, from very early that morning, and now Arena Junkies is back to running smoothly. According to Naxos, the virus itself was a variation of the i-worm/stration virus. Links to the virus have, understandably, been removed.

It's unclear whether this attack was an attack of opportunity, or if someone has it out for the Arena Junkies. As Bio puts it: "He prob sucks at the arena."

WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.

What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.

This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.

What can you do to prevent this from happening?

Two things:

1. Change your password, now!
2. When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so.
   

We've alerted the makers of Fraps to the problem, and if appropriate, will post their reply.

Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.

Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

You'll want to be a bit more cautious when looking up information on the game today. World of Raids reports that an unknown ad banner appearing on Wowhead, Thottbot, and Allakhazam has an embedded keylogger trojan. You don't even need to click on the banner, apparently, simply mousing over it will be enough. Wowhead says that all they know for sure is that it originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com." They're working at isolating it.

The issue is known, and all parties involved are tracking it down, so it should hopefully be resolved soon. In the meantime, if you're looking for a quick way to protect yourself, I would follow the recommendation of World of Raids, and try out the Firefox web browser and the No Script extension. As long as you keep the scripts blocked, it should prevent the banner in question from forcing itself on you. This should also provide you with some protection if you accidentally click on the wrong link elsewhere, such as on the WoW general forums.

Edit: Apparently, the virus in question is not an actual keylogger, but it still does a number on your system, which is reason enough to try to avoid it.

According to MVP Schwick on the EU forums, several different anti-virus scanners have started detecting the Blizzard background downloader and some patch files as malware. With as much trouble as you can get into with certain kinds of malware, this sort of alert would be bound to panic anyone. However, this one has been confirmed by Blizzard as a false alarm. For now, be sure to download the latest updates to your anti-virus scanner, and if it detects any of the following, it's likely a false positive:

• Trojan-PSW.Win32.WOW
• R/PSW.WOW.RG.3
• Trojan horse PSW.Generic4.TUV

However, if, after upgrading your anti-virus software, you're still getting virus messages? Report it on the tech support forums. As Blizzard EU rep Torzelyn says:

Updating the Virus Scanners is removing the Trojan alert, but if your particular scanner is still flagging it as a trojan, please don't patch the game just yet. I'm sorry but I'm just wanting to be cautious. Although it appears to be a false positive, as with Kaspersky, AntiVir etc.. updating the definitions is solving the problem, I don't want to just say 'use the files' because there could still be a problem somewhere.

[Via BlizzPlanet]

I saw this screen shot last night on the WoW LJ community, and I have to admit, it took me by surprise. This is the first time I've ever actually seen the World of Warcraft launcher/load screen come out and point-blank warn people about the presence of Trojans on their machines. As there are a lot of variants of this particular Trojan out in the wild, that specific name doesn't surprise me.

Considering the fact that two Blue accounts were recently compromised, it looks like it's a good time to once again make sure your systems are patched, your virus scanners are up to date, and that you've got some good lines of defense against these Trojans. (Personally, I'm a huge fan of FireFox and some of the browser extensions that have come out for it.) Or, as some of my friends have told me, I could just get a Mac, and not have to worry so much about these kinds of things either. I keep telling them I'll happily switch when they buy me one.

It's raid night. You've farmed your mats, topped off your repair fun and loaded up on pizza and cola. But for some reason you can't log on. You're sure you typed in the right password, but no go. You IM you guildie: "Are the servers down? I can't get in." His reply sends chills down your spine: "We just saw you at the bank. Why was your toon naked?"

Years of hard work gone. Someone else accessed your account and stripped your main of all his gold, bank items and tradable equipment. "But I don't give my password to anyone!" you wail. You don't have to, the keylogger program knows it anyway.

What's a keylogger? It's a small, virus-type program that can accidentally be installed on your computer. How might a keylogger be installed on your system?

• Visiting an untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.)
  
• Downloading addons (or other files) from an untrustworthy site. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source you trust!

Once a keylogger gets installed, it starts recording every keystroke you make. And when you type in your account name and password for your WoW account, it captures that, too. The next time you access the Internet, it sends your private information to the hackers who use it to log into WoW and strip all your characters of everything valuable leaving you with a penniless toon wearing nothing but his trousers.

This all sounds pretty scary, but don't worry -- there are ways to protect yourself from keylogging programs!

Microsoft has caught on to what many Warcraft players already realized - our characters and in-game items are valuable. And for some, the value of your account itself is higher than that of the credit card you use to play the game with, making account theft a lucrative target. And, while Blizzard can help restore stolen in-game goods, once your account has been compromised, it's a long and tedious process to get it back. So in all cases, it's better to protect your account before-hand - while most of it's common sense, Blizzard has some good advice on that front.

[Fan art by Sarah Jaffe]

A new trojan is out in the wild looking to steal your Warcraft login information.  Once infected, this virus will attempt to log all keystrokes sent between your computer and  the login servers (us.logon.worldofwarcraft.com or eu.logon.worldofwarcraft.com).  Any data it collects - which would include your username and password - will then be sent off to a remote attacker.  Symantec is currently reporting that the virus hasn't spread far yet, but it's time-consuming and difficult to recover a lost account, whereas it's fairly quick and painless to make sure your anti-virus definitions are up to date.

A new trojan out in the wild is attacking computers with the goal of stealing your World of Warcraft account information.   It may seem like a trivial target for virus writers, but there's definitely money to be made reselling in-game items - and, thus, money to made by stealing your password.  So be certain to keep your anti-virus up to date and if your account has been compromised, contact a GM or the billing department, but expect a lengthy process of investigation to have your items or account restored.