Try applying that attitude to systems of similar complexity. For example: cars. Would you go on and try to change a part or install some extras on your own without it being your field of expertise? Would you then, after botching it, yell at your mechanic that you just want it to work and that his squabblings are of no interest to you whatsoever?
On topic:
Glad I'm lazy to update addons sometimes (and even more glad i dont use any auto-updating software )
Edit: Darn, was to slow to bring the flawed car analogy ...
Last edited by mmoc7115aaa4da; 2013-01-12 at 01:45 PM.
Unless you manually executed the .lnk file in the infected addon's folder, you should be fine. Neither the Curse Client/MMOUI Minion's update process nor the addon being loaded by WoW will do this automatically. For further details, please see this comment.
PS: If you're curious, in the case of the Auctionator infection, the .lnk used the cmd 'start' command to run a binary disguised as a .txt file. I can't say anything about the BigWigs infection.
Last edited by mmocba105e19de; 2013-01-12 at 01:52 PM.
So, I have no clue in the world how LUA code works but to "execute" any virus, don't you need to actually... you know, execute it? If you gave me a file (any file) with a virus in it, and I literally never touch it, it won't... well... execute, amirite?
If WoW "executes" the malicious code, isn't WoW's engine smart enough to know "Hey, this function does "nothing" (in terms of WoW related) so throw an error" instead of letting code run rampant outside of WoW akin to a VM sandbox?
So, what's the big deal here?
Last edited by alturic; 2013-01-12 at 01:52 PM.
Was the entire addon replaced by the trojan? As in, if I were to use Curse Client, would it have removed the previous version of the addon and then replace it with the trojan?
Right, I haven't updated my addons since like what, mop release or thereabouts, so I think I'm fine
i've been trying to keep up on this and don't think i've got it but is it safe to reinstall auctionator by now?
Let's see how simply I can put this. A LUA file, which is what every WoW add-on is, is 100% completely and utterly harmless. The only way one of them could possibly be a virus or a trojan is if WoW itself was a virus or a trojan. An add-on contains no executable code that runs on it's own. It is basically a script that is processed and run by the scripting engine, which is WoW. WoW has no commands or abilities that would enable any kind of malicious code to do anything to your system, and no add-on is loaded prior to your logging in, so an add-on can NEVER steal your login information. Similarly, WoW does not allow add-ons to do anything outside of the game of WoW. It cannot launch websites, run programs, or make contact with outside systems. If a malicious program, link, or script did find it's way into your Interface folder, it could never be executed by a WoW add-on, and would require you, the user, to specifically run it. Bottom line, if you yourself are not poking around in your add-on files and double-clicking on sketchy looking files, you are at NO RISK at all of being infected with anything.
Help me understand here, but why would Auctionator from curse be infected, and only Big Wigs from wow interface? Aren't they the same authors on either site? So if you had Bigwigs from curse, wouldn't it be infected as well?
"Do you think man will ever walk on the sun? -Ali G
It's a way to place malicios payload that you can trigger in other ways, like java, flash or javascript sandbox vulnerabilities.
Also, people using windows7/8 search bars would be offered the .lnk file as soon as they use the searchbox to search for example "auctionator".
I think the hope is that somebody who does manual addon installation will see the exe/bat/lnk/url/whatever file and open it, thinking that it's necessary to do in order to make the addon work. But even when I did install my addons manually before I started using the Curse client, I hardly ever stuck my nose into the folder contents. It certainly is a long shot attempt for creating new infections, but if it has a chance of making money for the malware authors, they'll try it.