Man in the middle attack compromises authenticators

Started by Zanzier, June 27, 2010, 01:21:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Zanzier

June 27, 2010, 01:21:40 PM Last Edit: June 27, 2010, 02:55:36 PM by Zanzier
Going to share this news with everyone. Kody over at World of Raids has said it the best so I'm just going to repeat what he's said over there.
This was posted at WoWAce.com
Might want to check it out.


Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers to access World of Warcraft accounts that have authenticators attached to them. It's also possible there are other variations of these suspicious files, so if anyone has additional information please respond in the comments.

Based on this thread, the file may be found in /users/username/appdata/Temp. Since the file is fairly new (first mentions of it are only a few days ago), and the common source is unknown, I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.

A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code. Thanks to Cameron for posting about this in our forums, too.
The two most abundant things in the universe are hydrogen and stupidity.
Stupidity has no cool down timer.


Benggal

#1
June 27, 2010, 02:18:14 PM
This has actually been out for a while.  But I guess I forgot to post it here.  Oops.

It's basically a keylogger that will, after you've entered your authenticator code, send you a message saying that it was entered incorrectly while at the same time sending the code to the hacker.  They then have a limited time window to input the correct code to get into your bnet account and change the password and attach a different authenticator.

This probably won't affect a HUGE amount of people, but it's something you should be aware of.  Just like most keyloggers, if you avoid clicking on random unknown links, stay away from shady websites, and generally surf smart and keep your AV/Malware apps updated, you should be fine.
Print
Go Up Pages1
User actions