World of Warcraft players targeted for malware (and the new Blizzard MultiFactor Authentication Solution)

There is a term that I hear quite often from my contacts in the law enforcement community, when it comes to cybercrime: “Follow the money.” Well, apparently that term is also being used by the bad guys, and in this case it’s “Follow the gold pieces.”

All Your Epic Gear Is Belong to Us

Okay….it’s a sad fact, but yes, I am a World of Warcraft player. I got hooked about 2 years ago when my friend, Jeff Jones, suggested I try it out. “It’s pretty cool and if you like RPGs, you’ll like this.” (My wife reaaaaallllllly wants to meet you now, Jeff.) It’s great when I’m sitting in some hotel somewhere in some unknown time zone and I just want to pass the time for a bit. It’s easy to just jump in…and….jump…out. Well, apparently MMORPG are now the new target for hackers trying to steal money. The Microsoft Malware Protection Center (MMPC) has detected a whole new series of viruses and keyloggers targeting those of us who like to enjoy this amazing and terrific game (if anyone from Blizzard is listening…I could sure use an epic mount.) This nastiness is mainly being found in a virus known as Win32/TaterF that is targeting user logon credentials. Many a surprised gamer is logging into his “toon” and instead of seeing him/her sitting atop a beautiful steed, brandishing a formidable set of shiny exotic weapons….they find their toon sitting in a corner, naked and shivering…all of his gold taken from the bank and all of his gear sold for cash…real cash on eBay and the like.

This is not a trivial issue (although my wife may argue). The data from the MMPC is absolutely scary. You think the Storm worm was bad? MMPC is reporting that “ After its first day in MSRT, Taterf components had been removed from over 700,000 machines! For comparison, Win32/Nuwar (aka ‘Storm worm’) was removed from less than half that in its first month .”

Just Like Your Character….Put On the Armor

Shout out to all my “clothie” peeps out there, but you need to be running anti-virus WITH UPDATED DEFINTIONS!! You WoW players keep your gear repaired and in good order, so why would you not demonstrate the same amount of care with the PC you’re playing it on?? Updating A/V it regularly is one of the key steps in a good defense-in-depth strategy. In easy terms, you wouldn’t send in your mage in to tank against the Kara mobs…so why would you send in your PC alone to fight a keylogger?

JUST IN: I saw on June 26th, 2008 that Blizzard is now introducing a multi-factor authentication solution, called the Blizzard Authenticator . I am extremely excited to see them stepping up to provide a new layer of protection. You can find out more about this great new security token at their FAQ.

Private Servers = Public Prosecution

…and just a side note for those many WoW players out there who are considering (or are already) playing on these “private” or “shadow” servers. Guess what? It’s illegal and the law enforcement community is <ahem>, let us say…..very well aware of their existence. That means it’s not a trivial issue, and it shouldn’t be. You are in effect, stealing from Blizzard or whatever game publisher that hosts the game you play. There has been some discussion as to whether it’s illegal or not. Here’s a snippet from Section 4, Subsection B, Part IV, of the WoW EULA:

You agree that you shall not, under any circumstances facilitate, create or maintain any unauthorized connection to the Game or the Service, including without limitation any connection to any unauthorized server that emulates, or attempts to emulate, the Service. All connections to the Game and/or the Service, whether created by the Game Client or by other tools and utilities, may only be made through methods and means expressly approved by Blizzard. Under no circumstances may you connect, or create tools that allow you or others to connect, to the Game's proprietary interface other than those expressly provided by Blizzard for public use.”

Seems simple enough. Play on a shadow server and violate the TOS. Get booted and perhaps prosecuted. It’s $15.00/month for cryin out loud!!! If you’re that desperate to get the funds, maybe you should come up with a way to get hired on the Reynard Project.

For those of you who have no idea what this blog is about…this should help. :)