World of Warcraft hackers embrace man-in-the-middle attacks

By CrunchGear, on 2010.02.28, 08:00.10 pm

Here’s some troubling news for my fellow World of Warcraft players. It seems that hackers, account thieves, and other miscreants have now embraced man-in-the-middle (MITM) attacks to further their evil ways. Blizzard says it’s not a widespread issue, and it’s rather difficult to pull off, but it’s something y’all should be aware of.

The deal is that WoW hackers are able to infect your PC—this is a PC-only problem, mind you, so Mac players can more or less ignore all of this—with a bit of malware that’s then able to initiate the MITM attack. The purpose of this is to intercept your login name, password, and authenticator number so that they can log into your account. Once online, they can do whatever it is you’d be able to do inside the game world: sell items, mail gold to other players, etc. They cannot, it should be noted, delete your actual account or anything like that. Still, it’s potentially devastating, selling all your epics for fast gold, then turning around and selling that gold for real money to someone else.

MITM attacks aren’t new or anything. There’s plenty of programs out there can initiate them rather easily, letting people intercept passwords, instant messages, you name it. They work in that they sit in between your PC and the server you’re trying to connect to. So, if you’re playing WoW, instead of your username and password and authenticator number going directly to Blizzard’s servers, they first go to the hacker’s rogue server, which then passes the info onto your intended server, capturing the information in the process. It’s essentially invisible to you, the end-user, which is why the attacks are so dangerous.

Blizzard has already identified the piece of malware that initiates the MITM attack, so be on the lookout for emcor.dll. Be sure to keep your anti-virus software up to date.

One final bit: the odds of you being a victim of such an attack are quite low, if only because it requires so much work for the hacker to pull off; you’d have to be hacked a the very moment he wants to break into your account, and that’s something that simply doesn’t happen. Rather, your account will be compromised on, say, Monday, but it won’t be until the following Saturday that the hacker actually access your account. And again, the worst thing that could happen with this kind of attack would be for someone to sell off your character’s items and gold, then, for good measure, delete your character—your actual account cannot be tampered with. That may be a distinction without meaning, yes.

So yeah, just be sure to keep your anti-virus software up to date, and keep your wits about you. Stay away from the shady parts of the Internet!

via wow.com


2010.02.28, 08:00.10 pm | Tags: , , , , , , , , , , , , , , , , , , , , , , | Category: CrunchGear, Uncategorized | Comments are closed

Review: Curse Client for World of Warcraft

By CrunchGear, on 2009.07.09, 06:00.34 pm

clienticonWorld of Warcraft players are a notoriously picky bunch. They know what they like, what they don’t like, and have absolutely no issue with telling you exactly how they feel. Loudly, and with many, many petitions and forum postings. And that’s just the basic game. When you get into modifications, you’re into a whole new ballgame. And just making sure you have the most up to date software installed can turn into a major undertaking.

Some guilds won’t even let you go on a raid unless you have the proper addons, and anyone who’s had to try to help the less, shall we say, technically inclined know that getting everything to work right is sometimes half the battle. Now of course, we have software like the Curse Client Addon manager.

Put simply, the Curse.com’s software client allows you to manage all your favorite addons without making it complicated. Click the refresh button up at the top of the screen, and the client automatically checks all of your installed addons for new versions, and gives you the option to update them if a newer version is available. When you are looking for something new, you can search via name, category, or author. The interface then displays the description of the addon, the version number, and has a link to the addon where it is hosted. Curse hasn’t forgotten the Mac players either, there is a version of the client that works with the Mac OS as well.

There are a few things that set the Curse client apart from the other addon management software out there. Yes, you have to log in to download the addons, but registration for the website is free. The Curse.com website also has a very active community on their forums, and many times you can discuss future versions of the addons directly with the authors themselves. Curse also has a subscription option, which adds the ability to update all of your addons at once, removes the advertisements, and allows you priority access to the servers when it’s time to download. The subscription price varies based on the time period you are signing up for, but it runs anywhere from $2.45 a month (the best deal, billed annually) to $4.95 a month (billed month to month). The subscription fees help to cover bandwidth costs, and a percentage is passed on to the addon author, making it easier to help support your favorite.

As a WoW player myself, I feel confident recommending the Curse client over the other options available. I’m also able to show you something very something very special, a sneak peek of the new 4.0 client which is still in alpha, and won’t be available for download for about 1-2 months. All I can share with you is a screenshot, but having used the new client myself, I can tell you it is significantly faster then the 3.0 version, and works great with Windows 7 and Vista.

alpha4


2009.07.09, 06:00.34 pm | Tags: , , , , , , , , , , , , , , , , , , , , | Category: CrunchGear | Comments are closed