World of Warcraft invaded by malicious Trojan

Malware is being used to compromise World of Warcraft accounts around the globe, even if those accounts use an official authenticator.

UPDATE: The Trojan has been identified - it was tucked inside a fake third-partly client.

Blizzard spokesperson Jurannok made the announcement on the game's forums, explaining that the team has received reports of a Trojan being used to steal gamers' passwords. The software gets around the protective authenticator by working in real time, copying both account information and the authenticator password as you type them in.

If your WoW account has been compromised recently (we don't have a timeframe for this), Jurannok recommends doing a little sleuthing to find the Trojan on your PC. Create an MSInfo file, and look for either "Disker" or "Disker64" in the Startup Program section.

You're looking for this:
Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

If you do find these traces on your system, please reply to Jurannok with the following information:

  • Your MSInfo.
  • A list of any addons you recently installed along with where you got them.
  • A list of any programs you recently installed along with where you got them.
  • Any security programs you have run and their results.

Unfortunately, there's no good news about the next step just yet, as Jurannok explains:

We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system.

The malware affects gamers using both mobile and keyfob authenticators, as well as (obviously) those who do not use the extra security measure.

It's not quite the way Blizzard would have liked to ring in the new year, but hopefully it's been spotted early enough to raise the alarm and prevent too many more gamers from being affected.

Why not check out our latest vidcast!
Player Attack TV: August 21 2015, SE3 EP25 or subscribe to our YouTube channel.

  • Twitter
  • Facebook
  • email
  • Delicious
  • Google Bookmarks
  • Myspace
  • Digg
  • Reddit
  • StumbleUpon
  • N4G
  • Follow us on Twitter or like us on Facebook

Get The Latest Episode News
Email Address

32 Responses to “World of Warcraft invaded by malicious Trojan”

  1. Emforce says:

    Sneaky buggers! I doubt it would stretch to other games though as one of the other commentors suggested as usually these are highly specific attacks based on the vulnerability of one thing.

  2. […] malicious trojan that was compromising World of Warcraft accounts has been […]

Leave a Comment

Player Attack Fri 9pm, Aurora

Article Details

Author Bio:

I like video games and music and cups of tea and noodles and beagles and colour-cycling LEDs.
Like me on Facebook?

Popular Articles

Subscribe to our Youtube channel and get all the latest TV episodes.