Glad I'm lazy to update addons sometimes (and even more glad i dont use any auto-updating software )
Edit: Darn, was to slow to bring the flawed car analogy ...
Last edited by genericsmurf; 2013-01-12 at 01:45 PM.
Unless you manually executed the .lnk file in the infected addon's folder, you should be fine. Neither the Curse Client/MMOUI Minion's update process nor the addon being loaded by WoW will do this automatically. For further details, please see this comment.
PS: If you're curious, in the case of the Auctionator infection, the .lnk used the cmd 'start' command to run a binary disguised as a .txt file. I can't say anything about the BigWigs infection.
Last edited by Treeston; 2013-01-12 at 01:52 PM.
UI & AddOns expert | Interface & Macros moderator - My work
So, I have no clue in the world how LUA code works but to "execute" any virus, don't you need to actually... you know, execute it? If you gave me a file (any file) with a virus in it, and I literally never touch it, it won't... well... execute, amirite?
If WoW "executes" the malicious code, isn't WoW's engine smart enough to know "Hey, this function does "nothing" (in terms of WoW related) so throw an error" instead of letting code run rampant outside of WoW akin to a VM sandbox?
So, what's the big deal here?
Last edited by alturic; 2013-01-12 at 01:52 PM.
Was the entire addon replaced by the trojan? As in, if I were to use Curse Client, would it have removed the previous version of the addon and then replace it with the trojan?
Right, I haven't updated my addons since like what, mop release or thereabouts, so I think I'm fine
i've been trying to keep up on this and don't think i've got it but is it safe to reinstall auctionator by now?
Let's see how simply I can put this. A LUA file, which is what every WoW add-on is, is 100% completely and utterly harmless. The only way one of them could possibly be a virus or a trojan is if WoW itself was a virus or a trojan. An add-on contains no executable code that runs on it's own. It is basically a script that is processed and run by the scripting engine, which is WoW. WoW has no commands or abilities that would enable any kind of malicious code to do anything to your system, and no add-on is loaded prior to your logging in, so an add-on can NEVER steal your login information. Similarly, WoW does not allow add-ons to do anything outside of the game of WoW. It cannot launch websites, run programs, or make contact with outside systems. If a malicious program, link, or script did find it's way into your Interface folder, it could never be executed by a WoW add-on, and would require you, the user, to specifically run it. Bottom line, if you yourself are not poking around in your add-on files and double-clicking on sketchy looking files, you are at NO RISK at all of being infected with anything.
Help me understand here, but why would Auctionator from curse be infected, and only Big Wigs from wow interface? Aren't they the same authors on either site? So if you had Bigwigs from curse, wouldn't it be infected as well?
"The truth is like poetry. And most people hate poetry."
Also, people using windows7/8 search bars would be offered the .lnk file as soon as they use the searchbox to search for example "auctionator".