back to article Scammers step up attacks on Warcraft players

Out to steal online gold and other assets worth real money, scammers are stepping up attacks on World of Warcraft players, according to security researchers. A researcher from anti-virus firm Webroot has written here how official forums offered by WoW creator Blizzard are being used to spread links that lead to malware that …

COMMENTS

This topic is closed for new posts.
  1. Will 28

    A weird reflection on reality

    I assume the trojan could steal banking credentials just as easily, so it's interesting that virtual money is more of a target than real money.

    I think it would be interesting if WoW started to label and track Gold Pieces. It would require quite an increase in resources, but you could actually introduce a proper banking system, with traceable cash.

  2. Combat Wombat
    Boffin

    They are working on it.

    Really, this is just the just "exploit the stupid tard" attack.

    Trick the user into clicking a booby trapped link, insert spyware, profit.

    I was at blizzcon this year, and they were handing out RSA authenticators like they were candy, in an attempt to tighten up the system.

    With all the new revamps to Battlenet, they will have to tighen it up more, because once your account is pwned, you loose all your Starcraft, WoW, and other blizz game info.

    Central shop for all your account info,

  3. Dan 21

    @Will 28

    ?

    What makes you think that Blizzard doesn't already track gold? All it takes is logging each transaction. (X traded Y gold to Z for item I).

    What takes resources is mining out the transactions that you want to review. And when users say "The program that promised to hack your servers and give me free gold hacked my PC and gave all my gold away!!", nobody cares.

  4. Big Al
    Boffin

    Or...

    Jagex's 'RuneScape' game, at one point in danger of being submerged by the macros used by gold farmers, had its trading system radically altered to prevent the unbalanced transfer of large sums of virtual cash, along with the compensatory introduction of a centralised marketplace where buyers and sellers are matched by the game rather than by choice. This cut off the scammers' source of real world income, and reduced the disruption to the game caused by the macros.

    To a great extent this rather radical approach has been successful, although the scammers have naturally moved to offering to train accounts for the lazy instead - something which is far easier to spot in the vast majority of cases.

  5. Anonymous Coward
    Anonymous Coward

    "sneak peak"? For shame!

    @Will 28: Maybe it's because you're less likely to get prosecuted from stealing virtual gold, or if you ever did the sentence wouldn't be quite as bad.

  6. Nordrick Framelhammer

    Four months to patch a hole?

    Is Blizzard the Microsoft of the MMORPG world, leaving software on the market that can be easily exploited without issuing a patcvh and then saying "Don't use anythign but our maps"? That is shocking customer service.

    As for the gold selling, it will always happen. Lazy gamers, better known as lamers, will always try to buy ingame currency and/or advanced characters rather than start from scratch.

    Having seen the graphics in WoW and then seen the graphics in other MMO's I can't help wondering just what Blizzard are doing with the money they rake is becuase it sure as hell ain't being spent on a decent graphics package.

    When was the Wow graphics engine last updated? Or are they afraid that would just introduce another bunch of vulnerabilities?

  7. David 141
    Unhappy

    Games that require admin rights

    If the lazy game designers didn't design games that require admin rights to run then this would be a lot less of an issue.

  8. Bleeter
    Big Brother

    Authenticator

    Blizzard's implementation of the Digipass was well broken for over 6 months and didn't offer any real additional protection (probably less, as it gave a false sense of security). Thankfully they've fixed that recently up recently, but it still leaves the question hanging as to who designs and checks their security systems....

    Odd that The Reg never covered that story, and will cover your run-of-the-mill phishing story, even though I sent the DIgipass 'breakage' them.

  9. Robert Heffernan
    Thumb Up

    @Nordrick

    Blizzard are working on a major expansion/update which is reworking all the old original areas in the game which are now 5 years old and were originally developed for machines of a much lower spec.

    The revamped areas are stunning to look at and are a major improvement over the original, so much so that when it comes out I will be reactivating my account!

    http://www.worldofwarcraft.com/cataclysm/

  10. amanfromMars 1 Silver badge
    Grenade

    Havoc meets Chaos for AI New World Order Program of Tempestuous Whether Systems?

    "Having seen the graphics in WoW and then seen the graphics in other MMO's I can't help wondering just what Blizzard are doing with the money they rake is becuase it sure as hell ain't being spent on a decent graphics package." .... By Nordrick Framelhammer Posted Monday 24th August 2009 21:41 GMT

    Maybe there's a NeuReal and SurReal IntelAIgent Spooky Game in Town which will rake in Buckets of Real Money, Virtually, Nordrick Framelhammer, but which requires Super MegaRich Players for Live Operational Virtual Environment Control Distribution.

    Maybe Blizzard are into the Remote Control of Cloud Clusters and Server Pharms ..... Virtual Phormations.

    All the Best Virtual Games have an XXXXCellent Real Script which Graphics can Follow, rather than IT being thought that Fluff and Stormy Weather can Lead.

  11. Anonymous Coward
    Anonymous Coward

    @ Nordrick

    The flaw was in Warcaft III, a game that was released in 2002. To be honest considering it's age I'm amazed it was fixed at all.

  12. Rod MacLean
    Happy

    @Nordrick Framelhammer

    WoW came out in 2003 or something. For a graphics engine 6 years old, it seems to be doing OK.

    I don't think it was updated when either of the two existing expansions were released but I have heard a rumour that it is going to be overhauled when the next expansion is released (in year or more)

  13. Shane 8
    Stop

    /spam trade now

    Blizzard know who are spamming users with these messages so why dont they do something about it, i must get at least 20 a night from some level 1 in SW or Org....really annoying.

  14. Deckchair
    Stop

    A Title Is Required.

    @Nordrick Framelhammer

    Because it looks nice enough as it is and will run on pretty much anything. For instance the wife's laptop with a crap onboard GPU. Why would they want to alienate a huge chunk of their market by making an expensive PC part of the requirement to play?

  15. Dave Brown 1

    @Nordrick

    The last graphiocs update came with the last expansion pack Wrath of The Lich King. This upgraded the grapphics accross the board and added new capcity to take account of the latest top end gaming rigs that could handle the best detail/resolution settings.

    Most players don't play at those settings though and chances are you've seen it running on a lower spec rig or with reduced settings to improve framerates.

    The next big graphics update will be with the next expansion just announced, probably due for release at the back end of next year.

  16. bethjones@sophos

    This is hardly new though

    Keyloggers and password-stealers in World of Warcraft is definitely not

    new. The technique changes, but the effect is still the same. We've

    talked about it here in Feb 2008:

    http://www.sophos.com/blogs/sophoslabs/v/post/1052

    here in May 2009:

    http://www.sophos.com/blogs/sophoslabs/v/post/4412

    and way back when in May of 2007:

    http://www.sophos.com/blogs/sophoslabs/v/post/150

    It's not just World of Warcraft that's targeted. I wrote this back in

    December 2007 and we still see all these games targeted:

    http://www.sophos.com/blogs/sophoslabs/v/post/899

    At the end of the day, all the security advice and warnings still hold.

    Companies like Blizzard will never ask for your credentials. If something sounds too

    good to be true (free gold, free weapons, free expansions), it is. Blizzard doesn't just give away this stuff. And seriously, always check out shortened URLs with either a URL expander plugin in

    Firefox, or use a service like longurl.org to expand it before you click.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019