World of Warcraft Trojan ID'd and Neutralized

World of Warcraft Trojan ID'd and Neutralized

World of Warcraft 5.4 Siege of Orgrimmar trailer

Blizzard says a virus recently plaguing some World of Warcraft players originated from a "fake" version of the Curse Client.

Last week Blizzard posted a warning on its forums urging to World of Warcraft players to keep an eye out for a "dangerous" Trojan virus that was apparently circumventing authenticators and compromising player's accounts. At the time of the announcement, the nature of the virus was still being pieced together, as was an effective method of removing it from infected PCs.

In the days since, more has been uncovered about the Trojan, which has now apparently been identified as "a fake (but working) version of the Curse Client." The faux client was apparently being downloaded from "a fake version of the Curse website" that was "popping up in searches for 'curse client' on major search engines." Blizzard had previously recommended "reformatting your system" as an effective means of banishing the virus. Thankfully, the company is now saying that the "the easiest method to remove the Trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes."

Even with the virus removed, Blizzard is still recommending that affected players go through a round of precautionary measures to limit the consequences of its invasion. These measures pretty much just entail changing your password and what-not, which you should be doing pretty regularly any ways.

Source: World of Warcraft

Permalink

Well, looks that virus...

*Puts on sunglasses*

...just got screwed.

Jokes aside, I'd hope that someone working at a game I DO like were that quick, so good.

Wish this wasn't posted. Nostalgia wants me to pull out my credit card and subscride. Logic wants me to finally go into my hard-drive and delete it off for good.

Oh addiction.

Blizz always tends to be quick with these things, it is rather impressive really.

Guess you need to be quick when you lord over the monolith that is Azeroth.

Can't say a bad word against them. They recognised the issue, informed those who could potentially be affected. Fixed the issue. No harm no foul. Kudos for the expedient work Blizzard.

Flutterguy:
Wish this wasn't posted. Nostalgia wants me to pull out my credit card and subscride. Logic wants me to finally go into my hard-drive and delete it off for good.

Oh addiction.

oh, I was in the same boat.

Until about three months into a D&D game I'm playing and I keep hearing people talk about how bad players are tanking or just can't raid worth a shit.

So, as a curiosity, I decide to do the free to level 20 thing.

........ pray for me, because I rolled a nat 1 on my will save.

I thought rule 101 was to never use a third party program to install addons for another program.

Why introduce a non-pay application to a pay-for application?

Abomination:
I thought rule 101 was to never use a third party program to install addons for another program.

Why introduce a non-pay application to a pay-for application?

The curse client is actually quite handy- it's like Nexus Mod manager or something similar. It can keep all your mods up to date without you having to fiddle with them individually and as an ex-wow player, you can end up with dozens of required UI mods quite easily.

Must have been a really good fake version of the website as well, Curse branding is distinctive to say the least.

Good to hear Malwarebytes catches it now. I generally find that to be the most effective program for this sort of thing.

Abomination:
I thought rule 101 was to never use a third party program to install addons for another program.

Why introduce a non-pay application to a pay-for application?

Why is that rule 101? It's just a simple trust issue. There is nothing wrong with using a third party program if the publisher can be trusted.

Athinira:

Abomination:
I thought rule 101 was to never use a third party program to install addons for another program.

Why introduce a non-pay application to a pay-for application?

Why is that rule 101? It's just a simple trust issue. There is nothing wrong with using a third party program if the publisher can be trusted.

I think I'll let the situation speak for itself - this is not the first time this has happened with the Curse client.

Abomination:

Athinira:

Abomination:
I thought rule 101 was to never use a third party program to install addons for another program.

Why introduce a non-pay application to a pay-for application?

Why is that rule 101? It's just a simple trust issue. There is nothing wrong with using a third party program if the publisher can be trusted.

I think I'll let the situation speak for itself - this is not the first time this has happened with the Curse client.

Except that this isn't the Curse Client. It's a FAKE version of the Curse Client.

It isn't in any way an unprecedented way to distribute malware by disguising it as another popular software that people are likely to want. It can be any software, and has nothing to do with the fact that Curse Client is an addon installer. This can target any software.

It would be something else if the official Curse Client was caught distributing malware to people who were just using it normally, but that isn't the case. The only offense the Curse Client has committed in this situation is being popular, which also makes it an obvious target.

The picture makes me feel that Garrosh Hellscream stopped the Trojan and decapitated it while standing on the prow of a large Horde war zeppelin that he was flying through cyberspace.

I put some more time onto my WoW account, ran around for 10 minutes doing nothing. Got upset that the Horde was being retconned and malformed by the opinions of Alliance players and Blood Elf players who really should be Alliance players... then logged off and played L4D2 for a bit.

Still laugh when a tank appears, Attack on Titan music plays as a giant muscled Venom throws Misaka Mikoto from Railgun at me, with me being Isaac Clarke.

Oh mods.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here