Sunday, September 24, 2006

World of Warcraft keylogger problem

There has been a recent spate of trojan keylogger activity directed against players of World of Warcraft. Trojans have been hidden in World of Warcraft related files and websites, for examples in the file of a raid addon named KHT Threatmeter on the Curse Gaming addon website. With the help of the trojan keylogger the hackers gained access to WoW account names and passwords. Then they stripped the characters of all valuables, disenchanted the epics into Nexus crystals, sent everything to another account from where the goods were sold and ultimately converted into real dollars, and left the original owner of the account standing naked. It got so bad that even Blizzard started warning people of keylogger scams, but their warnings were rather general and obscure. So here are some more useful tips to avoid getting robbed like that:

If you want to know whether you are infected, open you Windows task manager and check for a running process names svch0st.exe (note the zero where an o should be). Of course there could be other keyloggers using other process names, but the svch0st.exe one is the currently most abundant. If you find such a trojan, you best use some anti-virus software to remove it. Otherwise you'll need to use regedit to remove the references to svch0st.exe by hand, which is more difficult.

The easiest protection against any keylogger scam is to never type you account name. That is easy, because World of Warcraft has a useful "Remember Account Name" checkbox on the login page, and as long as you don't run several accounts on the same computer, you only need to type in your account name once, and then never again. A keylogger can't gather information you don't type. Thus a similar trick is to create a text file on your desktop with you password in it, and using copy and paste to enter the password, again invisible to keyloggers.

Blizzard claims that starting the game using the launcher (which is the default way) is safer than starting the WoW.exe file directly. That is possible, but I couldn't verify what exactly the launcher was doing to make you more safe.

Of course having an up to date anti-virus program helps. Unfortunately these have the annoying habit of starting an automatic update or virus check while you are in the middle of a raid in World of Warcraft, slowing you down to a crawl, so many WoW players have them switched off, me included. But that might be a bit foolhardy.

Hey, let's be careful out there.

No comments:

Post a Comment