Trojan succesfully hacks Authenticator Protected Accounts

[Fat Tire]

A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.

Quote from: Kropacius (Source)
After looking into this, it has been escalated, but it is a Man in the Middle attack.

http://en.wikipedia.org/wiki/man-in-the-middle attack

This is still perpetrated by key loggers, and no method is always 100% secure.

Basically, what the virus does is fairly simple after you're infected :

• The next time you log in World of Warcraft, the game asks for your Authenticator code.
• The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
• The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank.

How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.

To be honest, if you found this file your account is probably already compromised.

What does it mean exactly?

• Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
• It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ass 99% of the time.
• Get a decent anti-virus, buy an authenticator, you'll be safe.

http://www.mmo-champion.com/news-2/a...-deathcharger/

[HPAVC]

With the little secureid cards this is a problem, the keypad ones avoid this but amp the cost and replacement time significantly.

[Velassra]

Me no understands...

[zenga]

I kinda lol'd reading this after all those claims that an authenticator makes you 100% safe. The weakness of any security measure is the end user, nothing will change that.

[ImaHealer]

I kinda lol'd reading this after all those claims that an authenticator makes you 100% safe. The weakness of any security measure is the end user, nothing will change that.

Actually I personally never though it made you 100% safe, it has always, in my opinion, been an ADDED security to complement
other Security measures I use on my system, like anti-virus and anti-malware...

[Gormand]

The main advantage that having an auth gives you is that in order for them to hack your account they still need the code. Each code is only good for 1 login so when they get the first code (You have 1 sorry that was wrong message) they an either
1. Change your password
2. Login to your WoW account

If you then try and login again and have a new authenticator code you will again get an error message, now thats 2 in a row and if that doesnt set off alarm bells then you need to have your head checked. But with that 2nd code they can take the authenticator off your account AND change your password.

But you are still sitting at your computer and they (Hopefully) dont have access to your E-mail address. If your E-Mail logs in automatically or if you use a program like outlook/thunderbird for E-mail then you can simply run through the password recovery option with Blizzard the reset your password and put the authenticator back on your account.
Then its a simple case of logging into WoW on another computer (If you dont have one in your house call someone you trust and have them do it over the phone) doing this will mean that you disconnect anyone still logged into your account (IE the hackers) and they cant get back in due to the authenticator being back on your account.

So in effect if you have a small idea of what you are doing they will get at most 5 minutes on your account. They can do a fair bit in that time but nowhere near as much as they used to be able to when they login when your in bed and they have hours to strip you and the guild bank :P

[HTeam]

The first thing you should do is switch computers and log in.

[Ughmahedhurtz]

Me no understands...

Short version: keyloggers are smart enough now to catch authenticator codes and send them back to criminals immediately, where they can use them for a few seconds to a few minutes to login to your account and do Bad Things(tm).

[Sam DeathWalker]

LoL I would think if someone keylogged your computer they would prefer you bank account or paypal login ....


I run without norton or any virus scanner and never get anything. i just shut off all remote services, never open email attachments, and if I see any program running from a web site I don't hit "no" I do a cntrl alt del and shut down IE immdiatly. And I have a full disk copy a week or so old in case I do get a virus, just pop out the old drive and slap in the new ....

[daviddoran]

theres less legal heat for stealing wow accounts than bank accounts...