Potential Trojan Account Threat (Bluepost)

[Chat]

The curse client has always been unsafe. This isn't the first time information has been stolen via the Curse client. I always lol at people who actually use it, and can't believe anyone with even a minutiae of technological sense would ever recommend installing it. It's nothing more than pure spyware, if you understand how it works and how easy it is to exploit.

Wouldn't it be the same using mmo-champs..? considering its owned by curse now? If they wanted info that badly wouldnt they also just take it while you're on the website..?

[Wilian]

I hope this puts the final nail to the coffin of dull-minded people going "ololol just get authenticathor you just can't get hacked wit it!!1"

[Iseeyou]

Just read the news in two different vide games website in a row.

Looks like shit is serious.

[Deleted]

Saw this and instantly did the MSInfo test to check and couldn't find anything, so I assume I'm ok.

But very scary, seeing as having an authenticator kinda gives me a feeling of security, to now know it certainly isn't full proof.

How to check your system for the Trojan:

MSInfo

Press Windows Key + R.
Type MSInfo32 and press Enter.
In the MSInfo diagnostic window, click File, then Export.
When the Export As window appears, choose Desktop.
Name the file "MSInfo" and click Save.

Open the saved MSInfo file.
Press Ctrl + F and search for "Disker" or "Disker64"

What program does it open with? Cause when i open it in noteblock, wordpad or even word when i press Ctrl + F it does nothing or just activated bold typing.

[Sketchy]

What program does it open with? Cause when i open it in noteblock, wordpad or even word when i press Ctrl + F it does nothing or just activated bold typing.

Once my MSInfo was exported to the desktop I was able to just double click and open it on it's own.
(I'm pretty illiterate when it comes to pc's so maybe it opened in a program and I just didn't know it lol)

[Deleted]

Once my MSInfo was exported to the desktop I was able to just double click and open it on it's own.
(I'm pretty illiterate when it comes to pc's so maybe it opened in a program and I just didn't know it lol)

Yes i can open it but i don´t know how to search for the word "Disker" or "Disker64" as i stated in my above post. When i press Ctrl + F nothing happens.

[Sketchy]

Yes i can open it but i don´t know how to search for the word "Disker" or "Disker64" as i stated in my above post. When i press Ctrl + F nothing happens.

Ctrl + F worked fine for me, I wish I could offer you more help =(

[Deleted]

Ctrl + F worked fine for me, I wish I could offer you more help =(

Hmm thats ok. Maybe someone else knows. To add more info i got Windows 7 and use Word 2010 and it´s danish. Bold shows F not B, probably why it activates it. Is there another way to search words?

Edit: Sorry for spam, i just really like to find it before i log into wow and all.

[Sketchy]

Hmm thats ok. Maybe someone else knows. To add more info i got Windows 7 and use Word 2010 and it´s danish. Bold shows F not B, probably why it activates it. Is there another way to search words?

Edit: Sorry for spam, i just really like to find it before i log into wow and all.

I don't think anyone will mind the spam, this is a serious thing. I'm running my export again to see if
maybe there's another way to search. I'll post as soon as it's finished.



Edit: It saved it as a Notepad file as well as The Glitch(post below).
The Edit button, next to File has a dropdown menu that will allow for searching
maybe that's a way to get around the lack of Ctrl+F. Good luck!

[The Glitch]

Hmm thats ok. Maybe someone else knows. To add more info i got Windows 7 and use Word 2010 and it´s danish. Bold shows F not B, probably why it activates it. Is there another way to search words?

Edit: Sorry for spam, i just really like to find it before i log into wow and all.

Mines saved it as a Notepad file, and I just clicked it to open then used the Ctrl+F command, Windows 7 here too, maybe your commands are set up different? I'm not sure how to find that out, or if there is another command for searching, sorry I couldn't be of more help ;/

[Deleted]

I just found out. I did some googling and Ctrl+B is normally the command for bold text in english (or maybe other language) word, so i tought heck i try that and weirdly the "Find word" box came up (even tho B doesn´t stand for anything as to the word "Find" in danish :P).

So for everyone using a Danish version of word or maybe another language, use/try Ctrl+B instead.

Sorry for the uphold. I was clean. I hope it hasn´t effected to many people!

Edit: Also thanks det, i didn´t know that! Sorry not much computer genuis here ^^

[The Glitch]

Big thanks for the step by step. Looks like I am clean....

No worries Took it directly from the Battle.net site, figured some people may not go directly to the blue posts thread so wouldn't know their was an actual link in the post showing them how to do it!

Glad your PC is fine

[Sketchy]

I just found out. I did some googling and Ctrl+B is normally the command for bold text in english (or maybe other language) word, so i tought heck i try that and weirdly the "Find word" box came up (even tho B doesn´t stand for anything as to the word "Find" in danish :P).

So for everyone using a Danish version of word or maybe another language, use/try Ctrl+B instead.

Sorry for the uphold. I was clean. I hope it hasn´t effected to many people!

Glad to hear you're free and clean, happy to help!
The more info that helps people, the better!

[The Glitch]

I just found out. I did some googling and Ctrl+B is normally the command for bold text in english (or maybe other language) word, so i tought heck i try that and weirdly the "Find word" box came up (even tho B doesn´t stand for anything as to the word "Find" in danish :P).

So for everyone using a Danish version of word or maybe another language, use/try Ctrl+B instead.

Sorry for the uphold. I was clean. I hope it hasn´t effected to many people!

Haha awesome I was actually going to suggest doing the command that is normally for bolding, but im a tech noob so didnt think I'd be right

Glad you figured it out and that yer pc is safe

[Deleted]

Someone hacked blizzard and put this in their las test update me thinks.

[Deleted]

Yes i can open it but i don´t know how to search for the word "Disker" or "Disker64" as i stated in my above post. When i press Ctrl + F nothing happens.

You can check this multiple ways.
Msinfo
msconfig
regedit
run -> %temp% and look for the mentioned folder.

[Orby]

Just did a check myself I am pretty okay (Thanks to The Glitch for that easy step by step guide). I have never had my account hacked since being with WoW back in 2005.

Unfortunately I cant say the same for companies like Paypal or EE where I have been the victim of fraud.

I really cant handle any more of this hacker malarkey. There is so much fraud going on out there right now its worse than its ever been and I know, with trojans, companies have tried to block them but whatever good thing they come up with hackers just work around it. There is absolutely no way of stopping it because there is always a fault that can be exploited and it makes my online experience very uncomfortable and unsafe.

Nearly everyone I speak to now had been a victim of hacking or fraud through online means no matter how much anti-virus software you have. Which is why its always nice for people to make you aware so you have that warning and chance to get rid of it.

[Nuckels]

Reformatting is the solution to a 0 day trojan. In a few days every malware removal tool will have a rootkit fix. According to the Blizzard thread vendors like McAfee picked it up already.

The authenticator is still the most secure device available. Getting compromised by a man in the middle attack with a 60 second window to work with is more sophisticated than many of the trojans attacking non wow users.

Not when they use a program that automates stealing the details and logging in, no longer needs a "man" in the middle, it just uses a computer.
I am confident to say they use a computer to log in those accounts and bots to keep em logged in so they can use the account when they want to.

[Trassk]

Thanks Glitch, very cool if you giving us a step by step. just did mine and couldn't find disker or disker64, so guess mines safe.

[ComputerNerd]

Some reading up suggests that the trojan in this case needs the user to manually run it first.
So it is likely masquerading as something else.
I would treat any emails regarding beta access/patches with suspicion.
The hearthstone beta email will contain a key, which you can then enter on the battle.net website.
Either manually log into it, by entering the address - battle.net / eu.battle.net or via the battle.net launcher if you are using that.

Unlike as stated in a recent email that one other poster reported, there is no need to remove your authenticator.
I suspect that curse is not the source in this case, as it has been wrongly accused in the past.