Keylogger hackea cuentas con el Authenticator

paramilitar

Trojan succesfully hacks Authenticator Protected Accounts

A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.

After looking into this, it has been escalated, but it is a Man in the Middle attack.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.

Basically, what the virus does is fairly simple after you're infected :

* The next time you log in World of Warcraft, the game asks for your Authenticator code.
* The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
* The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank. 

How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:Users(Your user name)AppDataTemp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.

To be honest, if you found this file your account is probably already compromised.

What does it mean exactly?

* Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
* It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ass 99% of the time.
* Get a decent anti-virus, buy an authenticator, you'll be safe.

Copy & paste. Fuente : mmo-champion.com

Zeroks

Uno de los ultimos posts es mio, el nod32 lo detecta

http://www.mmo-champion.com/news-2/authenticator-accounts-hacked-icc-quests-crimson-deathcharger/msg2233563/#msg2233563

y este

http://www.mmo-champion.com/news-2/authenticator-accounts-hacked-icc-quests-crimson-deathcharger/msg2233304/#msg2233304

ElKimiii

Pos no tienen que estar atentos los chinitos.. Como dice ahi, es muy poco probable de que te roben.. Pero vamos, que eso de que era no imposible ya lo sabia yo..

Mendiola

Algunos antivirus lo detectan como malware.

El origen creen que esta en un anuncio de google ads de una página fake sobre wowmatrix, el conocido gestor de addons.

La IP donde el troyano envia os datos es:
Host: 205.209.181.111
Port: 1068

La IP desde la que se descarga el troyano es:
Host: 112.137.162.183

Propiedad de:
Nombre Organización: Managed Solutions Group, Inc. (Compañía dedicada al Spam Masivo)
ID: MSG-48
Dirección: 45535 Northport Loop East
Ciudad: Fremont
Provincia: CA
Código Postal: 94538
País: US

xBoSS

Yo sólo digo una cosa, eso sólo pasa en windows de momento.
Aunque sólo en mac se puede infectar el teclado(sí, el teclado) con un keylogger.

thunder_

Con pies de plomo o te quedas sin cuenta vaya...

xBoSS

Hombre, hay que ser bastante deficiente para entrar en curseA que el diseño sea una copia de OTRA web y tal pascual.

Usuarios habituales

  • xBoSS
  • thunder_
  • Mendiola
  • ElKimiii
  • Zeroks
  • paramilitar