F-Secure details World of Warcraft scams, trojans

Players of Blizzard’s ultra popular MMO World of Warcraft are under attack by a phishing scheme that lets the attacker steal players’ gold and rare items by luring players with an offer of “free in-game mounts,” anti-virus and security researchers at F-Secure point out. This is common knowledge to many WOW players (read the official forums for proof), but not to those few of us that don’t play World of Warcraft, or security experts who don’t pay too much attention to virtual worlds.

The attacker lures the player in by using the in-game World of Warcraft chat system to spam links, which victims then click on to go to a site that looks a lot like the official World of Warcraft site. There they divulge their information (account name, login, password) to complete strangers. Once the attacker has this information they find their way to that account and unload their virtual goods to another account and then sell it for real money in online auctions in places like China.

Another way of getting robbed of your precious WOW commodities and loot is much more malicous - a family of trojans called “WOW” (Trojan-PSW.Win32.WOW ). How you get it isn’t perfectly clear (F-Secure mentions banner ads on malicious web sites), but this malware steals account information and passwords related to World of Warcraft. F-Secure describes it as follows: “The WOW trojan is designed to steal account information in order to allow a remote hacker access to the player’s account. The hacker can then logon and steal the player’s virtual assets by transferring them to another player account. Such assets are often sold or auctioned off for real-world currency. With millions of players, such trojans can easily affect thousands of users.”

A good visual walkthrough of how this might happen can be found on F-Secure’s Blog.

As always, if something is probably too good to be true, then it probably is a scam.

Destructoid Gets Hacked

Early in the morning on Monday, registered members of the popular gaming news site Destructoid got one of those emails no one ever wants to get. The site got hacked and the user data was swiped.

Destructoid founder Niero sent the bad news out to community members saying:

“This is the letter every web site operator hopes he never has to write: it seems a glitch in our web site allowed someone to exploit the database this weekend. We have confirmed that the intruder successfully [sp] obtained everyone’s username and password.

As soon as we were alerted we shut down all servers, changed all passwords, took our forums offline, and notified everyone via email with your new randomly generated password. We’re doing everything we can do prevent this from ever happening again and deeply apologize for this inconvenience [sp].”

As of early this morning, the forums on Destructoid were still offline, with no news as to how long it would be before things would be up and running once again. Naturally, with a compromised user database, the first priority has to be security. To that end, Niero recommended, “If you frequently use the same password for other web services such as Gmail, Xbox Live, PSN, Facebook, MySpace, or any other web site we strongly urge you to update your password ASAP. This is a good policy in general.”

While there’s no word yet on who the culprit was in the security breach, the site has reported the incident to the FBI’s Internet Crime Complaint Center (IC3), who is investigating and is digging through its log files to learn more information on the incident. Destructoid is also offering a $1,000 award to anyone with information that leading to the prosecution of the intruder, and is encouraging anyone with information on the attack to contact it immediately.