- Jan 24, 2011
- 9,378
Blizzard, the company behind the popular online multiplayer World of Warcraft game, has warned its gamers that a “dangerous Trojan” called Disker is being used to compromise player's accounts, even if they are using an authenticator for protection.
In a notice on its webpage, Blizzard said that it was getting numerous reports of the bug. Apparently, the trojan acts in real time by stealing both account information and the authenticator password at the time a user enters them – operating essentially as a keylogger. From there, a hacker can hijack the account.
According to the company’s IT team, the trojan is built into a fake (but working) version of the Curse Client that is downloaded from a spoofed version of the Curse website. The propagation uses classic watering hole/man-in-the-middle (MitM) techniques: the malicious site was popping up in searches for "curse client" on major search engines.
The company was quick to note that the infection is an anomaly: “For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the Configuring/HIMYM Trojan in early 2012 that hit a handful of accounts,” it said. “These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!”
Read more: http://www.infosecurity-magazine.com/view/36312/dangerous-trojan-targets-world-of-warcraft-/
In a notice on its webpage, Blizzard said that it was getting numerous reports of the bug. Apparently, the trojan acts in real time by stealing both account information and the authenticator password at the time a user enters them – operating essentially as a keylogger. From there, a hacker can hijack the account.
According to the company’s IT team, the trojan is built into a fake (but working) version of the Curse Client that is downloaded from a spoofed version of the Curse website. The propagation uses classic watering hole/man-in-the-middle (MitM) techniques: the malicious site was popping up in searches for "curse client" on major search engines.
The company was quick to note that the infection is an anomaly: “For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the Configuring/HIMYM Trojan in early 2012 that hit a handful of accounts,” it said. “These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!”
Read more: http://www.infosecurity-magazine.com/view/36312/dangerous-trojan-targets-world-of-warcraft-/
