Security watchers have discovered a Trojan that's designed to steal user names and passwords from World of Warcraft players.

Wowcraft, which also attempts to disable security software packages on compromised PCs, has been planted on maliciously constructed websites. Unprotected Windows users visiting these sites can get infected through malicious browser pop-ups. The malware also spreads through infectious email attachments or as files downloaded from P2P networks.

Virtual gold and other booty obtained via compromised accounts can be converted to cash, as Tom's Hardware reports, but it's unclear if this is the motive of the attack. Wowcraft is the latest in a series of Trojans targeting the World of Warcraft community, some of which also attempt (example here) to steal the identities of players of other online games. ®

Related stories

• WoW authenticators bypassed by middlemen hackers (2 March 2010)
• Smut-ladened spam disguises WoW Trojan campaign (27 November 2009)
• Scammers step up attacks on Warcraft players (24 August 2009)
• Drive-by download attack mows down thousands of websites (10 November 2008)
• Rogue MP3 Trojan streaks across P2P networks (7 May 2008)
• Trojans besiege online gamers (11 September 2007)
• Woman arrested for WoW love affair (3 July 2007)
• USENIX Hacking WoW and the pursuit of knowledge (21 June 2007)
• WoW players learn value of Windows updates (10 April 2007)
• Warcraft gamers locked out after Trojan attack (29 September 2006)
• World of Warcraft fingered in iPod aircraft terror alert (29 August 2006)
• Trojans are the New Model Army (8 May 2006)
• Trojan uses smut to filch bank details (5 May 2006)
• Stop the bots (20 April 2006)
• Worm snaffles online gamers' passwords (24 August 2005)
• Exclusive Botnet used to boost online gaming scores (21 December 2004)