Feeds

WoW players learn value of Windows updates

'Vuln left me naked and penniless'

The essential guide to IT transformation

Subscribers playing World of Warcraft on Windows machines continue to find their accounts stolen more than eleven months after hackers first began targeting them using a Trojan attack, according to posts on the game's official website.

The perpetrators are employing sophisticated techniques that involve hundreds of booby-trapped sites that in some cases use the ANI cursor vulnerability that Microsoft patched last week.

According to an advisory by McAfee, some ANI exploits are being carried out by the same malicious hackers who commandeered the Miami Dolphins football stadium just in time for the Superbowl. The Trojan unleashed in that attack sat dormant on compromised machines until users opened the WoW client, at which point a keylogger captured login credentials, according to the BBC.

The booty can bring in good money on the black market. According to Symantec, WoW account logins are worth about $10, more than the going rate of $6 for verification details on credit cards.

WoW attacks work when users visit hacked websites that exploit Windows machines that have not been updated to fix the ANI flaw or other vulnerabilities. The sites, many of which are related to the popular online game, silently install keyloggers. Once an account is hijacked, the attackers collect the user's points and assets and then sell them. Reports of such attacks date back to at least May of 2006.

The account hijackings are causing considerable consternation among WoW users. "I logged in to my account last Wednesday morning to a naked and penniless Grajtik and associated bank alts," a player who goes by that moniker wrote in an online forum. Many victims have learned of the hijackings only after finding that Blizzard, which publishes WoW, had canceled their accounts, presumably because the hackers have violated WoW rules.

While some of the hijackings were carried by exploiting flaws ahead of an official patch, plenty of exploits have been carried out well after Microsoft issued updates, suggesting some players of WoW still haven't learned the most important and basic security measures.

An official Blizzard posting is urging players to promptly apply security updates and to take other measures to ward off attacks. The company also provides a console called Blizzard Launcher, which scans players' computers for malware. ®

Boost IT visibility and business value

More from The Register

next story
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Apple's iWatch? They cannae do it ... they don't have the POWER
Analyst predicts fanbois will have to wait until next year
AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else
Chip maker claims the Radeon R9 285 is 'best in its class'
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Apple to build WORLD'S BIGGEST iStore in Dubai
It's not the size of your shiny-shiny...
Just in case? Unverified 'supersize me' iPhone 6 pics in sneak leak peek
Is bigger necessarily better for the fruity firm's flagship phone?
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?