Blizzard warns of harmful information-stealing Trojan affecting WoW players

By on January 6, 2014, 1:45 PM
blizzard, wow, trojan, world of warcraft, security, virus, curse client, battlenet

Any of you MMO fans out there that are still chugging through Blizzard's iconic World of Warcraft universe will definitely want to listen up. The developer is warning individuals (specifically WoW players) that a new Trojan virus has made its way past Blizzard's authenticators, allowing you to become a victim of hacking, even if you take extra steps to ensure your account's security.

Blizzard recently added a “compromised accounts” posting to its Battle.net forums that better explains what the Trojan is and how you can eradicate it from your system and authenticator. It is important to understand that this is not just another simple piece of Malware and it shouldn't be ignored. If the virus is currently affecting your machine and you attempt to login to your account, hackers may gain access to your login information and any applicable passwords associated with your account.

The virus works by allowing hackers to collect real-time data as your enter it. If you regularly have the client “remember your username” then hackers may have only collected your password but will not have access to the name associated with it. If you believe that you may have been a victim of this hacking for any reason it is definitely a good idea to immediately change your password.

According to the forum post, the Trojan is specifically targeting authenticators through a fake Curse Client. Jurranok, a Blizzard Support Forum Agent, states that you may be able to directly delete the Trojan from your system by creating an MSInfo file (details here) and then “looking in the Startup Program section of that file for either “Disker” or “Disker64.” Once you eradicate the file you should run an updated version of Malwarebytes to ensure that the offending virus is gone.

Regardless of the recent attack, Blizzard is still convinced that the authenticators are the best way for you to protect your system from any attacks. If you're concerned about any potential issues in the future, it may be best to download and use Blizzard's recent Battle.net platform. This program allows you to run your favorite Blizzard titles without having to actually login, keeping your information safe from these types of Trojans.




User Comments: 11

Got something to say? Post a comment
treetops treetops said:

The last time I tried to log into my blizz account it said account locked due to suspicious activity, so I faxed them my drivers license and birth certificate to reset my pass and retrieve my account. Their response was, we cannot reset your password since there has been no suspicious activity on your account. One day I'll call them and get it settled but what the flying fk, all this hassle because I changed my internet provider.

Guest said:

Pwned, now go to talk to 3d girls

Cycloid Torus Cycloid Torus said:

Though I do not play WoW, I may..what is a Curse Client and how could it be fake?

1 person liked this | tomkaten tomkaten said:

Curse gaming is the most important portal with addons for many games, WoW included. The client they provide offers a centralized solution to download and update all your addons. Anyone that's been playing WoW for more than one year knows how annoying it is too keep updating them manually.

I was a bit reluctant to install it myself in the past, but now I can't live without it. It seems a phishing site was set up that offered the client and that somehow made it far up in the search engines. That's how people got tricked.

1 person liked this | Coodu Coodu said:

Though I do not play WoW, I may..what is a Curse Client and how could it be fake?

It is a program used to install and maintain interface addons for the game (Boss mods, map addons etc) And has had some issues throughout its life within the game. It's not the first time a bad curse client has circulated and compromised accounts.

More info here: http://www.curse.com/addons/wow

havok585 havok585 said:

The last time I tried to log into my blizz account it said account locked due to suspicious activity, so I faxed them my drivers license and birth certificate to reset my pass and retrieve my account. Their response was, we cannot reset your password since there has been no suspicious activity on your account. One day I'll call them and get it settled but what the flying fk, all this hassle because I changed my internet provider.

U, probably logged in from a different device, most likely and as blizz is very cautious on these situations, will tell u to reset your password.

First of all, u dont NEED to send your driver's licence or any ID copy to them, since u just have to enter your, REAL First and Last name, battlenet account name and it will reset your password.

I know this because my account got flagged for suspicious activity, but there was no suspicious activity at all, I was logging in from an ipad (previous log in was from my main pc and a different ISP) so I reset the password (with the secret question, since I forgot the last name I put when I first created the account ).

Coodu Coodu said:

I had some success using the chat support to to retrieve my second account that I made ages ago just for WoW (So if I did get hacked I wouldn't lose my SC2/D3/Classic games) I was able to scan and import data straight into the chat took about 15 minutes.

Given that I'm Australian so phone support is typically out of the question for me.

treetops treetops said:

U, probably logged in from a different device, most likely and as blizz is very cautious on these situations, will tell u to reset your password.

First of all, u dont NEED to send your driver's licence or any ID copy to them, since u just have to enter your, REAL First and Last name, battlenet account name and it will reset your password.

I know this because my account got flagged for suspicious activity, but there was no suspicious activity at all, I was logging in from an ipad (previous log in was from my main pc and a different ISP) so I reset the password (with the secret question, since I forgot the last name I put when I first created the account ).

I tried that it says my email/name combination does not exist. I'm going to have to call them or live chat its a big head ache though. I don't think I can chat I have to make a ticket. Or ill call I suppose.

Guest said:

Left WoW years ago, playing Guild Wars 2 now.

Don't have those type of problems, but if you're still playing it, you should check it out.

Thanks for the info.

amstech amstech, TechSpot Enthusiast, said:

Hey! That's my 1600p wallpaper on my Dell!! Other people are aware of this insanely awesome drawing? Damnit.

treetops treetops said:

Btw I made a new ticket explaining everything and they reset my pass

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.