Battle.net falls for Trojan 
  TweetTweet

Zoe Hawkins
January 6, 2014 at 1:00 pm

Ethernet condom

Just in time for the first weekend of the year, many people’s last gaming weekend of holiday time, it appeared that Blizzard users  fell victim to a nasty Trojan that could compromise accounts, even if they were using the Battle.net authenticator. Never fear, there is a cure – but just check if you are infected.

Over on the Battle.net forum, the following post reported the initial problem:

We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise player’s accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

Scary stuff. So much for a two-step authentication method being secure. Want to check if you’ve been infected? Here are the instructions:

It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either “Disker” or “Disker64″.

Working through the weekend, the admins found the source of the infection, and the cure. The Trojan comes from a fake yet functional version of the Curse Website through which people can get the Curse Client. The malware site was popping up on searches for “curse client”, which is how it lured in so many users. If you have been infected, your best bet is to delete the fake Curse Client and run your security program. Blizzard admins insist that the authenticator protects your account 99% of the time.

I’m still skeptical of all these security measures. My Steam Guard seems to constantly think I’m changing locations, while the Blizzard authenticators can feel like a serious waste of time. Yes, security is really important. I’m just not convinced that authenticators, two-part login systems and other mechanisms are really keeping us any safer.

Wielding my lasso of truth, I am the combination of nerd passion and grammar nazi. I delve into all things awesome and geek-tastic. I believe people should stop defining themselves and just enjoy playing games, so let's get on with it!

  • Devourer of Small Bunnies

    So what the holy hell is the point of the extra 200 odd rand authenticator then? Oh Blizzard.

    • SaintsRowNigri

      The point is, Blizzard got R200 more out of you…

      • Devourer of Small Bunnies

        Not me (ho ho ho) I wouldnt touch WOW with Brenda’s dick :P

        • SaintsRowNigri

          Why are you touching Brenda’s dick??????

          • Sir Rants A Lot Llew. Jelly!!!

            Indeed. I was wondering the same thing 0.o

          • VampyricSquirrel Monk

            Very valid question… O.o

          • Devourer of Small Bunnies

            Jealousy makes niggahz nasty :P *dances*

          • Wifulated42

            ?? ?????’? ??? ????? $7?/???? ?? ??? ??????. ??? ??? ???? ??? ?? ???? ??? 10 ?????? ??? ???? ????? ??? ???????? ??? $21547 ???? ??????? ?? ??? ?????? ??? ? ??? ?????. ??? ???? ?? ???? ??????? fox200&#46com

        • VampyricSquirrel Monk

          The Authenticators aren’t just for WoW… they’re for Diablo 3 and StarCraft 2 as well.

          Edit: Oh and Hearthstone.

          • Devourer of Small Bunnies

            I, sir, was being incredibly facetious ;)

        • Brady miaau

          Um. Did Gavin not say the right was earned to remove the “Brenda” moniker when referring to this individual?

          In the year end summary or whatever

          • Devourer of Small Bunnies

            Link 0.o

    • Unavengedavo(aka. MadeYouLook)

      I downloaded the free app when I was still playing

      • Devourer of Small Bunnies

        Yeah, but these so called “extra” expenses one has to deal with for security (online authenticators, subscription based anti virus, 2k routers etc etc) All really seem to amount to nothing, yet errbody still goes out and buys them. So so so very confusing.

    • VampyricSquirrel Monk

      Much easier to just get the app.

    • Jason Ashman

      2 part authentication is definitely worth it. But its based on times, and can be broken given enough information. I am guessing a crapton of infected pcs will give that information

    • MichaelMatusowsky

      You don’t have to pay for an authenticator. You can just get the Android/iOS/Blackberry OS app for absolutely FREE on their site.

    • Willem Van Wyk

      As a developer. I have come to realize this is the biggest problem with security on any application/server/system, the USER.

      Doesn’t matter how well you build the system, if the user install malware/spyware etc it is useless. The authenticator works as long as you are not a COMPLETE IDIOT THAT INSTALLS MALWARE!

      • Devourer of Small Bunnies

        Ill have to agree with you here, big time.

    • Johan du Preez

      You can get the authenticator as a free app on your cell phone.

    • Johan du Preez

      You can get the authenticator as a free app on your cell phone.

  • Unavengedavo(aka. MadeYouLook)

    So are you saying that Blizzard should use a Trojan to combat the spread of a trojan?

    • Alien Emperor Trevor

      Trojanception!

  • Sir Rants A Lot Llew. Jelly!!!

    Blizzfail

    • Sir Rants A Lot Llew. Jelly!!!

      Ok, maybe being a bit overly quick to jump on the bandwagon. It’s not really Blizzard’s fault. It’s the people who create the viruses. You can’t create a system that will protect future hacks. It’s simply not how it works.

      In the security industry it’s always about patching up holes as they are presented and exposed by people who go out of their way to.

      That all being said, I still prefer the 2 part authentications because it does make it slightly more tough but alas, as is proven here also very easy to circumvent if you have the mind for hacking

  • VampyricSquirrel Monk

    There are extensive forums on battle.net that cover this if you think you’re affected by this.

    I for one, am not :)

  • Josh Strauss

    “I’m still skeptical of all these security measures. My Steam Guard seems to constantly think I’m changing locations, while the Blizzard authenticators can feel like a serious waste of time. Yes, security is really important. I’m just not convinced that authenticators, two-part login systems and other mechanisms are really keeping us any safer.”

    Two Factor Authentication (2FA) prevents someone somewhere brute-force hacking your password. It makes your account much more secure; however, if you install malware that captures the info in real time there is nothing any company can do to protect you any further.

    Security is a game of cat and mouse and we have to use as many tools that help make our online profiles more secure but also don’t be silly and be aware of the sites you visit and the software you download.

    There is no security mechanism that will be effective if one is compromised from the inside. These mechanisms are certainly not a waste of time and I encourage everyone to turn on 2FA for every important account if the account supports it. Please, if you haven’t already, you should turn on 2FA for your email as that is the gateway to everything else.

  • zanmaru

    I hate the way this is all worded. Yes, if you get a KEYLOGGER installed on your system because of your own indiscretions, it can very well log your password and authenticator key. Under normal circumstances, the authenticator is far more effective than just a password.