Social networking-style attacks are being used to phish details from World of Warcraft message board users

News by Dan Raywood

Phishers are targeting World of Warcraft (WoW) users on message boards with Koobface-inspired tricks.

Phishers are targeting World of Warcraft (WoW) users on message boards with Koobface-inspired tricks.

In an update to research undertaken last week by Webroot's Andrew Brandt, Curtis Fechner and Grayson Milbourne, the trio claimed that phishers are using a simple social engineering trick, commonly used of late by Koobface, to fool social network users to convince people to execute the malware installer in order to view a pornographic video.

Brandt, Fechner and Milbourne claimed that the page the victim eventually ends up on emulates the appearance of a Flash-video-based porn site. Every single link on the page links to the malware installer, which means that no matter where on the page the victim clicks, he or she is presented with a download dialog box.

They claimed that the installer executable drops a DLL file onto the victim's hard drive, typically to the System32 or another Windows subdirectory. That file performs the keystroke logging, then sends that data to the phisher behind the scam. The installer also modifies the Registry so the DLL loads with every start-up.

While misled gamers who download and run the flash ‘installer' will not see any obvious difference on their computers to indicate that they are infected, the Trojan is ready to start stealing login credentials.

Brandt, Fechner and Milbourne said: “We'd all like to take a moment to give one simple piece of advice: if you follow a link and end up on a site you clearly weren't intending to go to, stop. Don't download any executable files—and absolutely don't run any executable files if you happen to download them. If you have to, hit the Alt-F4 keyboard combination to kill the browser right there, but just don't run anything else.”

Webroot further claimed that other threats targeting online games include spam phishing-type posts on the public forums for individual guilds, malicious URLs communicated through the in-game chat channels, and even exploits against security weaknesses in websites and message boards frequented by members of the WoW playing community.

Brandt, Fechner and Milbourne said: “Even if you only occasionally browse the forums related to the games you play, be mindful that not everyone is there to be helpful or considerate. First reports of new infections or malicious links often come from the forum's members.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews