Rogues Attack World of Warcraft: You Are Entering Combat
Windows Warcrafters beware: hackers are looking to pwn you! These guys are evidently pros, having compromised The Dolphins Stadium website in an earlier attack.
For months, hackers--most likely in China and Russia, according to security watchers--have been surreptitiously installing keylogging software on WoW players' Windows computers, hijacking their accounts and selling off their often valuable in-game assets.
And the problem doesn't show any signs of going away.
The gangs perpetrating the hacking are "incredibly active, and it's a good exploit," said Roger Thompson, CTO of security software developer Exploit Prevention Labs. "It's probably a conservative estimate to say that there's tens of thousands of victims."
The exploit works when unsuspecting WoW players visit any number of Web sites infected by the hackers with keylogging software. When the players visit the sites--which are often unrelated to WoW, but that players frequent, Thompson said--the software is quietly installed on their computers, allowing the hackers to spy on keystrokes and steal players' WoW passwords.
to an advisory by McAfee, some ANI exploits are being carried out by
the same malicious hackers who commandeered the Miami Dolphins football
stadium just in time for the Superbowl. The Trojan unleashed in that
attack sat dormant on compromised machines until users opened the WoW
client, at which point a keylogger captured login credentials,
according to the BBC.
The booty can bring in good money on the black market. According to
Symantec, WoW account logins are worth about $10, more than the going
rate of $6 for verification details on credit cards.
WoW attacks work when users visit hacked websites that exploit
Windows machines that have not been updated to fix the ANI flaw or
other vulnerabilities. The sites, many of which are related to the
popular online game, silently install keyloggers. Once an account is
hijacked, the attackers collect the user's points and assets and then
sell them. Reports of such attacks date back to at least May of