Scammers step up attacks on Warcraft players Out to steal online gold and other assets worth real money, scammers are stepping up attacks on World of Warcraft players, according to security researchers. A researcher from anti-virus firm Webroot has written here how official forums offered by WoW creator Blizzard are being used to spread links that lead to malware that …
I assume the trojan could steal banking credentials just as easily, so it's interesting that virtual money is more of a target than real money.
I think it would be interesting if WoW started to label and track Gold Pieces. It would require quite an increase in resources, but you could actually introduce a proper banking system, with traceable cash.
Really, this is just the just "exploit the stupid tard" attack.
Trick the user into clicking a booby trapped link, insert spyware, profit.
I was at blizzcon this year, and they were handing out RSA authenticators like they were candy, in an attempt to tighten up the system.
With all the new revamps to Battlenet, they will have to tighen it up more, because once your account is pwned, you loose all your Starcraft, WoW, and other blizz game info.
Central shop for all your account info,
?
What makes you think that Blizzard doesn't already track gold? All it takes is logging each transaction. (X traded Y gold to Z for item I).
What takes resources is mining out the transactions that you want to review. And when users say "The program that promised to hack your servers and give me free gold hacked my PC and gave all my gold away!!", nobody cares.
Jagex's 'RuneScape' game, at one point in danger of being submerged by the macros used by gold farmers, had its trading system radically altered to prevent the unbalanced transfer of large sums of virtual cash, along with the compensatory introduction of a centralised marketplace where buyers and sellers are matched by the game rather than by choice. This cut off the scammers' source of real world income, and reduced the disruption to the game caused by the macros.
To a great extent this rather radical approach has been successful, although the scammers have naturally moved to offering to train accounts for the lazy instead - something which is far easier to spot in the vast majority of cases.
Is Blizzard the Microsoft of the MMORPG world, leaving software on the market that can be easily exploited without issuing a patcvh and then saying "Don't use anythign but our maps"? That is shocking customer service.
As for the gold selling, it will always happen. Lazy gamers, better known as lamers, will always try to buy ingame currency and/or advanced characters rather than start from scratch.
Having seen the graphics in WoW and then seen the graphics in other MMO's I can't help wondering just what Blizzard are doing with the money they rake is becuase it sure as hell ain't being spent on a decent graphics package.
When was the Wow graphics engine last updated? Or are they afraid that would just introduce another bunch of vulnerabilities?
Blizzard's implementation of the Digipass was well broken for over 6 months and didn't offer any real additional protection (probably less, as it gave a false sense of security). Thankfully they've fixed that recently up recently, but it still leaves the question hanging as to who designs and checks their security systems....
Odd that The Reg never covered that story, and will cover your run-of-the-mill phishing story, even though I sent the DIgipass 'breakage' them.
Blizzard are working on a major expansion/update which is reworking all the old original areas in the game which are now 5 years old and were originally developed for machines of a much lower spec.
The revamped areas are stunning to look at and are a major improvement over the original, so much so that when it comes out I will be reactivating my account!
http://www.worldofwarcraft.com/cataclysm/
"Having seen the graphics in WoW and then seen the graphics in other MMO's I can't help wondering just what Blizzard are doing with the money they rake is becuase it sure as hell ain't being spent on a decent graphics package." .... By Nordrick Framelhammer Posted Monday 24th August 2009 21:41 GMT
Maybe there's a NeuReal and SurReal IntelAIgent Spooky Game in Town which will rake in Buckets of Real Money, Virtually, Nordrick Framelhammer, but which requires Super MegaRich Players for Live Operational Virtual Environment Control Distribution.
Maybe Blizzard are into the Remote Control of Cloud Clusters and Server Pharms ..... Virtual Phormations.
All the Best Virtual Games have an XXXXCellent Real Script which Graphics can Follow, rather than IT being thought that Fluff and Stormy Weather can Lead.
WoW came out in 2003 or something. For a graphics engine 6 years old, it seems to be doing OK.
I don't think it was updated when either of the two existing expansions were released but I have heard a rumour that it is going to be overhauled when the next expansion is released (in year or more)
The last graphiocs update came with the last expansion pack Wrath of The Lich King. This upgraded the grapphics accross the board and added new capcity to take account of the latest top end gaming rigs that could handle the best detail/resolution settings.
Most players don't play at those settings though and chances are you've seen it running on a lower spec rig or with reduced settings to improve framerates.
The next big graphics update will be with the next expansion just announced, probably due for release at the back end of next year.
Keyloggers and password-stealers in World of Warcraft is definitely not
new. The technique changes, but the effect is still the same. We've
talked about it here in Feb 2008:
http://www.sophos.com/blogs/sophoslabs/v/post/1052
here in May 2009:
http://www.sophos.com/blogs/sophoslabs/v/post/4412
and way back when in May of 2007:
http://www.sophos.com/blogs/sophoslabs/v/post/150
It's not just World of Warcraft that's targeted. I wrote this back in
December 2007 and we still see all these games targeted:
http://www.sophos.com/blogs/sophoslabs/v/post/899
At the end of the day, all the security advice and warnings still hold.
Companies like Blizzard will never ask for your credentials. If something sounds too
good to be true (free gold, free weapons, free expansions), it is. Blizzard doesn't just give away this stuff. And seriously, always check out shortened URLs with either a URL expander plugin in
Firefox, or use a service like longurl.org to expand it before you click.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
