Trojan succesfully hacks Authenticator Protected Accounts
A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.
Quote from: Kropacius (Source)
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
This is still perpetrated by key loggers, and no method is always 100% secure.
Basically, what the virus does is fairly simple after you're infected :
* The next time you log in World of Warcraft, the game asks for your Authenticator code.
* The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
* The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank.
How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.
To be honest, if you found this file your account is probably already compromised.
What does it mean exactly?
* Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
* It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ******oops*******oops*******oops* 99% of the time.
* Get a decent anti-virus, buy an authenticator, you'll be safe.
A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.
Quote from: Kropacius (Source)
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
This is still perpetrated by key loggers, and no method is always 100% secure.
Basically, what the virus does is fairly simple after you're infected :
* The next time you log in World of Warcraft, the game asks for your Authenticator code.
* The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
* The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank.
How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.
To be honest, if you found this file your account is probably already compromised.
What does it mean exactly?
* Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
* It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ******oops*******oops*******oops* 99% of the time.
* Get a decent anti-virus, buy an authenticator, you'll be safe.
