Page 1 of 2
1
2
LastLast
  1. #1
    High Overlord Mehrunes Dagon's Avatar
    Join Date
    Dec 2011
    Location
    Deadlands
    Posts
    151

    Exclamation Trojan warning: Multiple AddOns infected

    http://eu.battle.net/wow/en/forum/topic/6298062177

    Recently, multiple AddOn author accounts have been compromised, and their AddOns have been replaced with a trojan. All players are encouraged to run a full scan of their computer, and to be particularly careful if they use an AddOn client which automatically downloads and installs updates.

    The authorities have been alerted to this incident and are investigating it. My principal concern is that the trojan was not detected by many common and popular anti-malware solutions. For that reason, I would encourage people to avail of the thread by MVP Shammoz linked to below.

    [Guide] How to SCAN and SECURE your PC - Part II
    http://eu.battle.net/wow/en/forum/topic/900641537

    This incident is an excellent reminder of why it's never a good idea to rely on one security program to protect your computer. No anti-virus software has a 100% detection rate, and the more methods you use to keep your computer secure, the better. Regular scans are also highly important.

    AddOns known to have been affected;
    Auctionator - Curse
    BigWigs - WoWInterface

    Curse and WoWInterface have since removed the malicious versions of these AddOns, and are combing through their sites to check that no other AddOn was similarly infected. AddOn clients did not activate the trojan; it will be dormant unless you use the .lnk shortcut. If you have one, delete it.

  2. #2
    High Overlord
    Join Date
    Mar 2011
    Location
    The Overthere, Tunare
    Posts
    190
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved. It would be like someone downloading some photographs, finding that they are lolcatpics.exe, and simply not caring that that is not a picture file format.

    Nobody is distributing addons legitimately as binary executables, of any kind (self extracting rar/zip/etc.) So all I can really say is, really?

  3. #3
    Super Moderator Darsithis's Avatar
    Join Date
    Jan 2011
    Location
    Chicago
    Posts
    34,148
    Quote Originally Posted by Rotesbart View Post
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved. It would be like someone downloading some photographs, finding that they are lolcatpics.exe, and simply not caring that that is not a picture file format.

    Nobody is distributing addons legitimately as binary executables, of any kind (self extracting rar/zip/etc.) So all I can really say is, really?
    You'd be surprised how many people play WoW that are clueless when it comes to computers.



  4. #4
    You can only be infected if you directly click the .exe right? Curse doesnt do that afaik?

  5. #5
    I heard that there are some exe files that auto install addons for people who are lazy / or doesn't know anything about computers

  6. #6
    Quote Originally Posted by Mehrunes Dagon View Post
    This incident is an excellent reminder of why it's never a good idea to rely on one security program to protect your computer. No anti-virus software has a 100% detection rate, and the more methods you use to keep your computer secure, the better.
    While this may be true. It is still NEVER a good idea to install more than one antivirus program on your machine. They will slow your machine to a crawl and will usually conflict with each other.

    That being said, if you do want another antiviruses opinion of your system, most vendors have online scanners that you can use for free.

  7. #7
    Epic! Blockygame's Avatar
    Join Date
    Jul 2011
    Location
    Shrike Abyssal
    Posts
    1,570
    Quote Originally Posted by Rotesbart View Post
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved. It would be like someone downloading some photographs, finding that they are lolcatpics.exe, and simply not caring that that is not a picture file format.

    Nobody is distributing addons legitimately as binary executables, of any kind (self extracting rar/zip/etc.) So all I can really say is, really?
    I really hope you aren't in a position of ever helping anyone with that attitude, people make mistakes, you know, those things that you never make?
    HOOKED ON DIABLOL, GOOD TIMES ARE BEING HAD

  8. #8
    Scarab Lord Loaf Lord's Avatar
    Join Date
    Oct 2011
    Location
    Rue d'Auseil
    Posts
    4,559
    I hope DBM wasn't affected.
    Last edited by Loaf Lord; 2013-01-12 at 04:44 AM.

  9. #9
    i most likely dont have a trojan (still scanning with avast and spybot just to be sure) i only use like 4 addons and most of them either never need to be updated or only occasionaly.

    i only use movequestlog overachiever, auction master, an addon that lets me auto open mail, and recount
    "I was a normal baby for 30 seconds, then ninjas stole my mamma" - Deadpool
    "so what do we do?" "well jack, you stand there and say 'gee rocket raccoon I'm so glad you brought that Unfeasibly large cannon with you..' and i go like this BRAKKA BRAKKA BRAKKA" - Rocket Raccoon

    FC: 3437-3046-3552

  10. #10
    I am Murloc! Airwaves's Avatar
    Join Date
    Sep 2010
    Location
    Australia! G-day Mate!... (We don't really speak like that)
    Posts
    5,727
    Quote Originally Posted by Rotesbart View Post
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved. It would be like someone downloading some photographs, finding that they are lolcatpics.exe, and simply not caring that that is not a picture file format.

    Nobody is distributing addons legitimately as binary executables, of any kind (self extracting rar/zip/etc.) So all I can really say is, really?
    Quote Originally Posted by Darsithis View Post
    You'd be surprised how many people play WoW that are clueless when it comes to computers.
    That would be a person like me. I have no idea what they guy was talking about lol. 99% of wow players would have no idea what his talking about.

  11. #11
    i heard it got fixed by now but i didn't hear about this when i updated my auctionater with curse client about 2-3 hours ago i'm thinking i'm safe but just in case could someone tell me if i should be fine?

    what i did was update said addon using curse client other then that i didn't touch nothing or log into wow. once i heard about this though i ran a scan with MSE, nothing showed up so i uninstalled all my addons just to be safe. then again after uninstalling addons i updated my virus scan to make sure my virus protection was up to date and scanned again with nothing shown up.

    i would think i'm fine seeing this was 2-3 hours ago when i did the addon update with out logging in game or messing with it otherwise, along with uninstalling my addons about 1-2 hours after said update.

  12. #12
    Elemental Lord Granyala's Avatar
    Join Date
    Feb 2010
    Location
    Arkon-III
    Posts
    8,070
    Just look if there is any .exe file in your Addon folder. If there is -> delete. If not: you're fine.

    That would be a person like me. I have no idea what they guy was talking about lol. 99% of wow players would have no idea what his talking about.
    I honestly have no idea how you can operate a computer properly without even the most basic knowledge... but apparently you can... hooray Microsoft? :<

    Ifalna Sha'yoko on Twitter and Armory - Occasionally unfaithful to WoW with my Adorable Miqo'te - (ノಠ益ಠ)ノ彡┻━ ┻

  13. #13
    Quote Originally Posted by Rotesbart View Post
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved. It would be like someone downloading some photographs, finding that they are lolcatpics.exe, and simply not caring that that is not a picture file format.

    Nobody is distributing addons legitimately as binary executables, of any kind (self extracting rar/zip/etc.) So all I can really say is, really?
    I use curse client and never get to see what you talk about (not that I would know what you talk about)

  14. #14
    Quote Originally Posted by Rotesbart View Post
    Given that lua code is (obviously) flat text, and never is compiled into a binary executable, it should be obvious to anybody if they download an addon and its compromised.

    Anyone who got infected from such a thing should turn in their geek card, because it's just wrong on so many levels. Hard to even express the level of facepalm would be involved.
    Believe it or not, a lot of people use their computers "to do" stuff and don't care about the how's of it. People can and do get caught by this because it's not their area of expertise. You're a computer geek, good for you. Most people aren't, thats not wrong. Whats more wrong about this is that you competely fail to recognise that people have different interests and skillsets.

  15. #15
    The Insane Trassk's Avatar
    Join Date
    Sep 2011
    Location
    Having beers with Dorothy
    Posts
    17,995
    Quote Originally Posted by Deja Thoris View Post
    Believe it or not, a lot of people use their computers "to do" stuff and don't care about the how's of it. People can and do get caught by this because it's not their area of expertise. You're a computer geek, good for you. Most people aren't, thats not wrong. Whats more wrong about this is that you competely fail to recognise that people have different interests and skillsets.
    I agree. I am not in any imagination a tech guy and often even what most tech guys refer to as the basics I don't follow. It staggers me how people go on at length about a certain subject like how to bypass componants in your computer software which is so easy for them, yet they don't think they not everyone knows how to.

    I had to show my mother how to install certain programs on her pc, and it didn't bother me that she didn't know or want to. Theres nothing more annoying then a know it all who doesn't take other peoples situations into consideration. Its like having a conversation with Sheldon Cooper

  16. #16
    The system they are doing isn't through a *.lnk that access and execute a file through the network?
    Going to your addon folder and asking to search all the folders for a *.lnk should do the job, right? Oh and obviously ERASING it.

    I don't think a simple trojan scan will do the job, since it's not on the add-on folder. What they are deploying there is the address of the trojan, which is simply a text.

    EDIT: If you updated and start WoW already, scan the WHOLE SYSTEM for trojans. It's NOT on the add-on folders, it only used that as entrance. If you didn't start WoW, since the start of this crisis, this search after every update might suffice.
    Last edited by Buu; 2013-01-12 at 01:26 PM.

  17. #17
    Quote Originally Posted by Deja Thoris View Post
    Believe it or not, a lot of people use their computers "to do" stuff and don't care about the how's of it. People can and do get caught by this because it's not their area of expertise. You're a computer geek, good for you. Most people aren't, thats not wrong. Whats more wrong about this is that you competely fail to recognise that people have different interests and skillsets.
    We have licenses and tests for many things, and you can do a lot of damage with a computer. perhaps these people that don't realise an .exe is not a picture should attend computer courses if they intend "to do" stuff on their computer. Here's some hyperbole, you're not allowed to drive a car if you don't know what the accelerate or brake pedals do.

  18. #18
    Bloodsail Admiral rashen's Avatar
    Join Date
    Dec 2011
    Location
    Sweden
    Posts
    1,222
    This incident is an excellent reminder of why it's never a good idea to rely on one security program to protect your computer. No anti-virus software has a 100% detection rate, and the more methods you use to keep your computer secure, the better.
    Just no. Having multiple anti-virus systems will cause them to have conflicts with each others, i.e one of them warning the user that the other is a virus and attempting to block the other program when it scans the computer etc.
    Last edited by rashen; 2013-01-12 at 01:32 PM.

  19. #19
    Quote Originally Posted by emanresu View Post
    We have licenses and tests for many things, and you can do a lot of damage with a computer. perhaps these people that don't realise an .exe is not a picture should attend computer courses if they intend "to do" stuff on their computer. Here's some hyperbole, you're not allowed to drive a car if you don't know what the accelerate or brake pedals do.
    Yeah because I can run someone over with my PC. Fantastic analagy there, equating the decent chance to kill someone with the remote possiblity of spreading malware.

    Should we have tests for other killers like irons and kettles too?

  20. #20
    Bloodsail Admiral rashen's Avatar
    Join Date
    Dec 2011
    Location
    Sweden
    Posts
    1,222
    Quote Originally Posted by Deja Thoris View Post
    Yeah because I can run someone over with my PC. Fantastic analagy there, equating the decent chance to kill someone with the remote possiblity of spreading malware.

    Should we have tests for other killers like irons and kettles too?
    Someone that is a noob at computers would not know how to spread, obtain or create malware either, no test is needed at all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •