Trojan succesfully hacks Authenticator Protected Accounts

Started by valdeko, February 28, 2010, 04:40:29 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

valdeko

February 28, 2010, 04:40:29 PM Last Edit: February 28, 2010, 05:24:14 PM by valdeko
Trojan succesfully hacks  Authenticator Protected Accounts
A new virus spawned on  the internet a few days ago and seems to be the first trojan capable of  hacking a WoW account protected by an Authenticator. It was confirmed by  Blizzard a few hours ago.
Quote from: Kropacius (Source)
After looking into this, it has been escalated, but  it is a Man in the Middle attack.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This  is still perpetrated by key loggers, and no method is always 100%  secure.



Basically,  what the virus does is fairly simple after you're infected :

  • The next time you log  in World of Warcraft, the game asks for your Authenticator code.
  • The  virus intercepts it, send it to another server, and sends a wrong one  to Blizzard = You get an error.
  • The people behind the virus now  have a few seconds/minutes to use the "real" code while it's valid to  change your password / empty your account / guild bank.

How  to check if you're infected
Just search for a file named  "emcor.dll" on your computer, it is most likely located in  "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check  everything just to be sure. If you do find the file, delete it and make  sure you update your anti-virus to prevent any further problem.

To  be honest, if you found this file your account is probably already  compromised.

What does it mean exactly?

  • Yes, you can get hacked  even if you have an authenticator, the chances are MUCH lower but  you're not invulnerable.
  • It definitely isn't an excuse to not  have an authenticator. We're talking about a single virus here and the  authenticator will save your ass 99% of the time.
  • Get a decent  anti-virus, buy an authenticator, you'll be safe.



So best check your Computers guys.

Got the info from MMO-Champion.com who got it from a blizz blue post.
:devil:Acid_Skass in CS:S :devil:

Deminion

#1
February 28, 2010, 06:01:38 PM
just checked my main drive, nothing there.
However, do anyone know of a proper firewall i can use on vista?

delanvital

#2
February 28, 2010, 06:41:03 PM
Quote from: Deminion;304858just checked my main drive, nothing there.
However, do anyone know of a proper firewall i can use on vista?

Hey, a fellow Dane :)

If you can do with anti-virus along the way, I'd suggest ESET, Smart Security version. www.eset.com, or the Danish site, www.eset.dk. It does the job, doesn't hog the PC and has an adequate amount advanced features.

Drakelin

#4
February 28, 2010, 11:18:47 PM
Quote from: DannagE;304878http://www.microsoft.com/Security_Essentials/

just make sure that its the one from microsoft theres a malware program named the same but with 2010 behind it very hard to get rid of :)
Print
Go Up Pages1
User actions