Trojan warning: Multiple AddOns infected

[Deleted]

We have licenses and tests for many things, and you can do a lot of damage with a computer. perhaps these people that don't realise an .exe is not a picture should attend computer courses if they intend "to do" stuff on their computer. Here's some hyperbole, you're not allowed to drive a car if you don't know what the accelerate or brake pedals do.

ur comparing something that requires training and standard and something that is made for ease of use...otherwise everyone would be using commandline.

[Deleted]

Believe it or not, a lot of people use their computers "to do" stuff and don't care about the how's of it. People can and do get caught by this because it's not their area of expertise. You're a computer geek, good for you. Most people aren't, thats not wrong. Whats more wrong about this is that you competely fail to recognise that people have different interests and skillsets.

I agree. I am not in any imagination a tech guy and often even what most tech guys refer to as the basics I don't follow. It staggers me how people go on at length about a certain subject like how to bypass componants in your computer software which is so easy for them, yet they don't think they not everyone knows how to.

Try applying that attitude to systems of similar complexity. For example: cars. Would you go on and try to change a part or install some extras on your own without it being your field of expertise? Would you then, after botching it, yell at your mechanic that you just want it to work and that his squabblings are of no interest to you whatsoever?

On topic:
Glad I'm lazy to update addons sometimes (and even more glad i dont use any auto-updating software )

Edit: Darn, was to slow to bring the flawed car analogy ...

[Saffa]

You'd be surprised how many people play WoW that are clueless when it comes to computers.

And clueless in WoW But there are many who should not be allowed near a light switch never mind a computer

[Deleted]

Unless you manually executed the .lnk file in the infected addon's folder, you should be fine. Neither the Curse Client/MMOUI Minion's update process nor the addon being loaded by WoW will do this automatically. For further details, please see this comment.

PS: If you're curious, in the case of the Auctionator infection, the .lnk used the cmd 'start' command to run a binary disguised as a .txt file. I can't say anything about the BigWigs infection.

[alturic]

So, I have no clue in the world how LUA code works but to "execute" any virus, don't you need to actually... you know, execute it? If you gave me a file (any file) with a virus in it, and I literally never touch it, it won't... well... execute, amirite?

If WoW "executes" the malicious code, isn't WoW's engine smart enough to know "Hey, this function does "nothing" (in terms of WoW related) so throw an error" instead of letting code run rampant outside of WoW akin to a VM sandbox?

So, what's the big deal here?

[Skabbo]

Was the entire addon replaced by the trojan? As in, if I were to use Curse Client, would it have removed the previous version of the addon and then replace it with the trojan?

[Faenskap]

Right, I haven't updated my addons since like what, mop release or thereabouts, so I think I'm fine

[chaos01123]

i've been trying to keep up on this and don't think i've got it but is it safe to reinstall auctionator by now?

[mrkorb]

Let's see how simply I can put this. A LUA file, which is what every WoW add-on is, is 100% completely and utterly harmless. The only way one of them could possibly be a virus or a trojan is if WoW itself was a virus or a trojan. An add-on contains no executable code that runs on it's own. It is basically a script that is processed and run by the scripting engine, which is WoW. WoW has no commands or abilities that would enable any kind of malicious code to do anything to your system, and no add-on is loaded prior to your logging in, so an add-on can NEVER steal your login information. Similarly, WoW does not allow add-ons to do anything outside of the game of WoW. It cannot launch websites, run programs, or make contact with outside systems. If a malicious program, link, or script did find it's way into your Interface folder, it could never be executed by a WoW add-on, and would require you, the user, to specifically run it. Bottom line, if you yourself are not poking around in your add-on files and double-clicking on sketchy looking files, you are at NO RISK at all of being infected with anything.

[Seezer]

Help me understand here, but why would Auctionator from curse be infected, and only Big Wigs from wow interface? Aren't they the same authors on either site? So if you had Bigwigs from curse, wouldn't it be infected as well?

[alturic]

Let's see how simply I can put this. A LUA file, which is what every WoW add-on is, is 100% completely and utterly harmless. The only way one of them could possibly be a virus or a trojan is if WoW itself was a virus or a trojan. An add-on contains no executable code that runs on it's own. It is basically a script that is processed and run by the scripting engine, which is WoW. WoW has no commands or abilities that would enable any kind of malicious code to do anything to your system, and no add-on is loaded prior to your logging in, so an add-on can NEVER steal your login information. Similarly, WoW does not allow add-ons to do anything outside of the game of WoW. It cannot launch websites, run programs, or make contact with outside systems. If a malicious program, link, or script did find it's way into your Interface folder, it could never be executed by a WoW add-on, and would require you, the user, to specifically run it. Bottom line, if you yourself are not poking around in your add-on files and double-clicking on sketchy looking files, you are at NO RISK at all of being infected with anything.

That's pretty much what almost any person who knows about virus knows, and I'm not condescending to you, but what exactly is/was the point of someone trying to even bother with getting a virus in an AddOn and the like?

[Deleted]

It's a way to place malicios payload that you can trigger in other ways, like java, flash or javascript sandbox vulnerabilities.
Also, people using windows7/8 search bars would be offered the .lnk file as soon as they use the searchbox to search for example "auctionator".

[mrkorb]

That's pretty much what almost any person who knows about virus knows, and I'm not condescending to you, but what exactly is/was the point of someone trying to even bother with getting a virus in an AddOn and the like?

I think the hope is that somebody who does manual addon installation will see the exe/bat/lnk/url/whatever file and open it, thinking that it's necessary to do in order to make the addon work. But even when I did install my addons manually before I started using the Curse client, I hardly ever stuck my nose into the folder contents. It certainly is a long shot attempt for creating new infections, but if it has a chance of making money for the malware authors, they'll try it.