] ]

 
] ] ]
]
Welcome Guest ] ]
Name:
Pass:
Auto Login
Add me to Active Users list
Yes  No

Forgot password? | Register
]
] ]

] ] ]
]
Top 10 Recent Posts ] ]
View Last Post SGA App from Shadow of the Red Baron
Last Post By: Kayzee
Forum: SGA Applications
Posted: Today at: 12:42AM

View Last Post Moving to FFXIV
Last Post By: Xar
Forum: General Discussion
Posted: Today at: 12:15AM

View Last Post Wall of Shame!
Last Post By: Redbaron
Forum: Night Owls
Posted: September-01-2010 at: 10:43AM

View Last Post What makes a good tank?
Last Post By: Flex
Forum: Class Discussion
Posted: August-25-2010 at: 11:30PM

View Last Post T8, T9, T10 Progression charts =)
Last Post By: Purplefeet
Forum: Instances and Raids
Posted: August-25-2010 at: 1:49PM

View Last Post Night Owls Need Help
Last Post By: Shiabre
Forum: Night Owls
Posted: August-24-2010 at: 1:02AM

View Last Post Pixel Addicts "Blood drive for Alts"
Last Post By: Purplefeet
Forum: Pixel Addicts
Posted: August-22-2010 at: 9:39PM

View Last Post Heads Up
Last Post By: EdwinF
Forum: General Discussion
Posted: August-20-2010 at: 6:31PM

View Last Post Pixel Addicts Primordial Saronite (ICC)
Last Post By: Mahgoats
Forum: Pixel Addicts
Posted: August-18-2010 at: 12:44AM

View Last Post Christian the Lion
Last Post By: Lisse
Forum: Night Owls
Posted: August-13-2010 at: 12:12AM

 ]
] ]

] ] ]
]
 ]
] ]

   
General Discussion
 WoW Small Guild Alliance : General Discussion
Subject Topic: new authenticator virus please read Post ReplyPost New Topic
Forum Jump  
] ] ]
]
Author
Message Prev Topic | Next Topic 
Rhys
Registered


Registered

Joined: June-28-2007
National Flag of Canada Canada
Posts: 77
Gender: Not Specified
Posted: February-28-2010 at 10:12AM | IP Logged Quote Rhys
Trojan succesfully hacks Authenticator Protected Accounts
A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.
Quote from: Kropacius (Source)
After looking into this, it has been escalated, but it is a Man in the Middle attack.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.

Basically, what the virus does is fairly simple after you're infected :
  • The next time you log in World of Warcraft, the game asks for your Authenticator code.
  • The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
  • The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank.

How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.

To be honest, if you found this file your account is probably already compromised.

What does it mean exactly?
  • Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
  • It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ass 99% of the time.
  • Get a decent anti-virus, buy an authenticator, you'll be safe.
Back to Top Printable version View Rhys's Profile Search for other posts by Rhys
 
EdwinF
Registered


Registered

Joined: August-23-2009
National Flag of United States United States
Posts: 258
Gender: Male
Posted: February-28-2010 at 10:29AM | IP Logged Quote EdwinF
Yeesh. Thanks for the heads-up.

I feel like this bears repeating, though, lest anyone get the wrong idea:

Quote:

  • It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ass 99% of the time.


__________________
Back to Top Printable version View EdwinF's Profile Search for other posts by EdwinF
 
Xar
Site Admin
Avatar

Site Admin

Joined: July-07-2005
National Flag of United States United States
Posts: 1408
Gender: Male
Posted: March-01-2010 at 1:46AM | IP Logged Quote Xar

It's all a little misleading.  It isn't an "authenticator virus", it's just a keylogger, and keyloggers have been around a long time.   The keylogger just sends the code from your token because you type it in, and it only works once for about 30 seconds.  The so-called "hacker" has to receive the information in real time and log into your account during that very short time frame in order to compromise your account.  The REAL problem here is the keylogger.   If you don't get a keylogger on your system, then there is no problem.  

I also don't expect this one to hang around long, because all those codes are going to a specific set of addresses and you can bet those are going to be under some scrutiny, and probably shut down.

Once again, this is a keylogger.  Without an authenticator, it is EASIER to hack an account with a keylogger than an account with one.  And the problem isn't the authenticator itself, it's whoever allowed the keylogger to be installed on their system by downloading unsafe files, or not having proper antivirus/antimalware protection on their pc.



__________________
Back to Top Printable version View Xar's Profile Search for other posts by Xar
 
EdwinF
Registered


Registered

Joined: August-23-2009
National Flag of United States United States
Posts: 258
Gender: Male
Posted: March-01-2010 at 10:14AM | IP Logged Quote EdwinF
What he meant was that it's a virus that you can get despite an authenticator - "authenticator virus" makes it clear that this is something that even authenticator-protected folks should pay attention to, and is considerably more concise as a thread title than "Hey guys, so it turns out there's a virus you can get even if you have an authenticator".

Read the thread! ;D


__________________
Back to Top Printable version View EdwinF's Profile Search for other posts by EdwinF
 
Xar
Site Admin
Avatar

Site Admin

Joined: July-07-2005
National Flag of United States United States
Posts: 1408
Gender: Male
Posted: March-01-2010 at 5:06PM | IP Logged Quote Xar
I read the thread here and on Blizzard forums completely from beginning to end before I responded above.   I understand what you're saying, I'm just saying it's my opinion that "authenticator virus" is a phrase that is a little misleading.   And I do agree with the point made that it is still better to have an authenticator than not.

Edited by Xar on March-01-2010 at 5:13PM

__________________
Back to Top Printable version View Xar's Profile Search for other posts by Xar
 
Forgera
Registered
Avatar

Registered

Joined: September-06-2006
National Flag of Canada Canada
Posts: 78
Gender: Female
Posted: March-03-2010 at 8:03AM | IP Logged Quote Forgera

Both the McAffee and Symantec sites now list this virus as one their programs will automatically pick-up.  Seems with the amount of people playing on WoW, both av providers thought it a wise idea to act on quickly.

Do an av update and you should be okay.



__________________
The MOUSE (Forgera/Ombrenoire/Dedlee/Kumori of The Honor)

"King of the Rose" published by me (http://stores.lulu.com/store.php?fAcctID=1928970)
Back to Top Printable version View Forgera's Profile Search for other posts by Forgera Visit Forgera's Homepage
 
Shiabre
Registered


Registered

Joined: April-14-2009
National Flag of United States United States
Posts: 135
Gender: Male
Posted: March-03-2010 at 11:22AM | IP Logged Quote Shiabre
Quote: Forgera

Both the McAffee and Symantec sites now list this virus as one their programs will automatically pick-up.  Seems with the amount of people playing on WoW, both av providers thought it a wise idea to act on quickly.

Do an av update and you should be okay.

Use this as a reason to make sure that your AV automatically updates daily.  At the same time, review your computer security settings to make sure everything you expect to be on actually is on.



__________________
Back to Top Printable version View Shiabre's Profile Search for other posts by Shiabre
 
Flex
Registered


Registered

Joined: May-31-2007
National Flag of United States United States
Posts: 567
Gender: Not Specified
Posted: March-05-2010 at 11:52AM | IP Logged Quote Flex
lol Macs!

__________________
The only measure of a guild's SGA participation is voting in the council forums.
Back to Top Printable version View Flex's Profile Search for other posts by Flex
 
 ]
] ]
Forum Jump  

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic

] ] ]
]
  ] ]
Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum
 ]
] ]

] ] ]
]
This page was generated in 0.5645 seconds. All Content Copyright 2010 The Small Guild Alliance
]
] ]