Blizzard has identified a fake version of World of Warcraft‘s Curse Client add-on manager that secretly installs “trojan” malware onto users’ computers, stealing account information and passwords.
The malware has been downloaded by players Googling the client and inadvertently clicking on an unofficial link, which takes them to a malware download site designed to look like the official Curse site. A little while ago a Blizzard support agent posted a new info roundup:
To summarize for those of you that haven’t read the green posts:
-The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for “curse client” on major search engines, which is how people were lured into going there.
-At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.
-Thanks to Ressie’s efforts, most security programs should be able to identify this threat shortly, if not by the time I type this.
-If you were compromised, follow the instructions here and we’ll do our best to set everything right (as we always do).
-For those of you interested in these MitM style attacks, this is the only confirmed case we’ve seen in several years outside of the “Configuring/HIMYM” trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!
User Ressie, referenced above, earlier identified the cause of the problem, outlined an in-depth solution, and submitted the malware to a bunch of anti-malware security programs.
If you’re googling the Curse Client anytime in the near future, be sure you’re downloading the real thing from the official site.
[via Eurogamer]
Comments
6 responses to “Blizzard Identifies Malware Targeting World Of Warcraft Players”
Meanwhile no DDoS counter measures have been put in place, despite the large revenue generated by the 7 million strong player base paying $15 dollars a month….. Good job Blizzard… Good job….
How would you know what countermeasures they’ve tried? It’s not like there’s a foolproof way to prevent DDOS outages.
Sure there is. You just have a thing that looks for a DDoS attack and stops it right? It’s just a couple of hours work to put in a “Stop DDoS attack” button isn’t it? (Note: I am being incredibly facetious, however, it has a very large grain of truth in that software engineers hear this a lot.)
Cause preventing DDoS is as easy as 1, 2, 3. Am I right?
Blizzard Entertainment, or EA for short
My account was hacked this way about 4 years ago