Feeds

WoW players learn value of Windows updates

'Vuln left me naked and penniless'

Top 5 reasons to deploy VMware with Tegile

Subscribers playing World of Warcraft on Windows machines continue to find their accounts stolen more than eleven months after hackers first began targeting them using a Trojan attack, according to posts on the game's official website.

The perpetrators are employing sophisticated techniques that involve hundreds of booby-trapped sites that in some cases use the ANI cursor vulnerability that Microsoft patched last week.

According to an advisory by McAfee, some ANI exploits are being carried out by the same malicious hackers who commandeered the Miami Dolphins football stadium just in time for the Superbowl. The Trojan unleashed in that attack sat dormant on compromised machines until users opened the WoW client, at which point a keylogger captured login credentials, according to the BBC.

The booty can bring in good money on the black market. According to Symantec, WoW account logins are worth about $10, more than the going rate of $6 for verification details on credit cards.

WoW attacks work when users visit hacked websites that exploit Windows machines that have not been updated to fix the ANI flaw or other vulnerabilities. The sites, many of which are related to the popular online game, silently install keyloggers. Once an account is hijacked, the attackers collect the user's points and assets and then sell them. Reports of such attacks date back to at least May of 2006.

The account hijackings are causing considerable consternation among WoW users. "I logged in to my account last Wednesday morning to a naked and penniless Grajtik and associated bank alts," a player who goes by that moniker wrote in an online forum. Many victims have learned of the hijackings only after finding that Blizzard, which publishes WoW, had canceled their accounts, presumably because the hackers have violated WoW rules.

While some of the hijackings were carried by exploiting flaws ahead of an official patch, plenty of exploits have been carried out well after Microsoft issued updates, suggesting some players of WoW still haven't learned the most important and basic security measures.

An official Blizzard posting is urging players to promptly apply security updates and to take other measures to ward off attacks. The company also provides a console called Blizzard Launcher, which scans players' computers for malware. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Hi-torque tank engines: EXTREME car hacking with The Register
Bentley found in a hedge gets WW2 lump insertion
What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
You fought hard and you saved and earned. But all of it's going to burn...
Trousers down for six of the best affordable Androids
Stylish Googlephones for not-so-deep pockets
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.