WoW Forums: Keylogger detected at Icecrown boards
Members of the World of Warcraft boards have detected what appears to be a keylogger over at the Icecrown boards. According to Madhava’s explanation over at the posted thread, here was how the detected trojan worked:
Its not meant to fool the interceptor, Its meant to fool people. It disguises what website you are actually going to by using those escape functions. Firefox refuses to follow those links (for good reason), but I’m not sure about IE. My computer is pretty secure but I don’t want to risk running that site on Internet explorer.
The hijacked site has an embedded link to malicious javascript hosted on a Chinese server. That javascript attempts to exploit the ANI exploit and the Iframe exploit to load a trojan named ‘test.exe’.
‘Test.exe’ is detected by most antivirus as a trojan:
Trojan-PSW.Win32.Agent.im or Trojan.Agent.im
Basically a password stealer for WoW and maybe a backdoor.
Just a quick heads-up for any passing WoW gamers, all the more as keylogging incidents are becoming more rampant. Now, in case the guys here are wondering as to how to protect themselves (and their prized characters) from getting hoodwinked, make sure to check out the various security measures being circulated for your benefit. Play safely.
Via WoW Forums
Members of the World of Warcraft boards have detected what appears to be a keylogger over at the Icecrown boards. According to Madhava’s explanation over at the posted thread, here was how the detected trojan worked:
Its not meant to fool the interceptor, Its meant to fool people. It disguises what website you are actually going to by using those escape functions. Firefox refuses to follow those links (for good reason), but I’m not sure about IE. My computer is pretty secure but I don’t want to risk running that site on Internet explorer.
The hijacked site has an embedded link to malicious javascript hosted on a Chinese server. That javascript attempts to exploit the ANI exploit and the Iframe exploit to load a trojan named ‘test.exe’.
‘Test.exe’ is detected by most antivirus as a trojan:
Trojan-PSW.Win32.Agent.im or Trojan.Agent.im
Basically a password stealer for WoW and maybe a backdoor.
Just a quick heads-up for any passing WoW gamers, all the more as keylogging incidents are becoming more rampant. Now, in case the guys here are wondering as to how to protect themselves (and their prized characters) from getting hoodwinked, make sure to check out the various security measures being circulated for your benefit. Play safely.
Via WoW Forums
About The Author
