Just in time for the first weekend of the year, many people’s last gaming weekend of holiday time, it appeared that Blizzard users fell victim to a nasty Trojan that could compromise accounts, even if they were using the Battle.net authenticator. Never fear, there is a cure – but just check if you are infected.
Over on the Battle.net forum, the following post reported the initial problem:
We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise player’s accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.
Scary stuff. So much for a two-step authentication method being secure. Want to check if you’ve been infected? Here are the instructions:
It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either “Disker” or “Disker64”.
Working through the weekend, the admins found the source of the infection, and the cure. The Trojan comes from a fake yet functional version of the Curse Website through which people can get the Curse Client. The malware site was popping up on searches for “curse client”, which is how it lured in so many users. If you have been infected, your best bet is to delete the fake Curse Client and run your security program. Blizzard admins insist that the authenticator protects your account 99% of the time.
I’m still skeptical of all these security measures. My Steam Guard seems to constantly think I’m changing locations, while the Blizzard authenticators can feel like a serious waste of time. Yes, security is really important. I’m just not convinced that authenticators, two-part login systems and other mechanisms are really keeping us any safer.
Last Updated: January 6, 2014
Devourer of Small Bunnies
January 6, 2014 at 13:05
So what the holy hell is the point of the extra 200 odd rand authenticator then? Oh Blizzard.
SaintsRowNigri
January 6, 2014 at 13:18
The point is, Blizzard got R200 more out of you…
Devourer of Small Bunnies
January 6, 2014 at 13:33
Not me (ho ho ho) I wouldnt touch WOW with Brenda’s dick 😛
SaintsRowNigri
January 6, 2014 at 13:54
Why are you touching Brenda’s dick??????
Sir Rants A Lot Llew. Jelly!!!
January 6, 2014 at 13:56
Indeed. I was wondering the same thing 0.o
VampyricSquirrel Monk
January 6, 2014 at 14:09
Very valid question… O.o
Devourer of Small Bunnies
January 6, 2014 at 14:25
Jealousy makes niggahz nasty 😛 *dances*
Wifulated42
January 6, 2014 at 21:22
?? ?????’? ??? ????? $7?/???? ?? ??? ??????. ??? ??? ???? ??? ?? ???? ??? 10 ?????? ??? ???? ????? ??? ???????? ??? $21547 ???? ??????? ?? ??? ?????? ??? ? ??? ?????. ??? ???? ?? ???? ??????? fox200.com
VampyricSquirrel Monk
January 6, 2014 at 14:04
The Authenticators aren’t just for WoW… they’re for Diablo 3 and StarCraft 2 as well.
Edit: Oh and Hearthstone.
Devourer of Small Bunnies
January 6, 2014 at 14:25
I, sir, was being incredibly facetious 😉
Brady miaau
January 7, 2014 at 14:14
Um. Did Gavin not say the right was earned to remove the “Brenda” moniker when referring to this individual?
In the year end summary or whatever
Devourer of Small Bunnies
January 8, 2014 at 10:07
Link 0.o
Unavengedavo(aka. MadeYouLook)
January 6, 2014 at 13:24
I downloaded the free app when I was still playing
Devourer of Small Bunnies
January 6, 2014 at 13:34
Yeah, but these so called “extra” expenses one has to deal with for security (online authenticators, subscription based anti virus, 2k routers etc etc) All really seem to amount to nothing, yet errbody still goes out and buys them. So so so very confusing.
VampyricSquirrel Monk
January 6, 2014 at 13:32
Much easier to just get the app.
Jason Ashman
January 6, 2014 at 13:53
2 part authentication is definitely worth it. But its based on times, and can be broken given enough information. I am guessing a crapton of infected pcs will give that information
MichaelMatusowsky
January 6, 2014 at 14:20
You don’t have to pay for an authenticator. You can just get the Android/iOS/Blackberry OS app for absolutely FREE on their site.
Willem Van Wyk
January 6, 2014 at 16:19
As a developer. I have come to realize this is the biggest problem with security on any application/server/system, the USER.
Doesn’t matter how well you build the system, if the user install malware/spyware etc it is useless. The authenticator works as long as you are not a COMPLETE IDIOT THAT INSTALLS MALWARE!
Devourer of Small Bunnies
January 8, 2014 at 10:06
Ill have to agree with you here, big time.
Johan du Preez
January 6, 2014 at 23:31
You can get the authenticator as a free app on your cell phone.
Johan du Preez
January 6, 2014 at 23:31
You can get the authenticator as a free app on your cell phone.
Unavengedavo(aka. MadeYouLook)
January 6, 2014 at 13:39
So are you saying that Blizzard should use a Trojan to combat the spread of a trojan?
Alien Emperor Trevor
January 6, 2014 at 13:45
Trojanception!
Sir Rants A Lot Llew. Jelly!!!
January 6, 2014 at 13:53
Blizzfail
Sir Rants A Lot Llew. Jelly!!!
January 6, 2014 at 13:55
Ok, maybe being a bit overly quick to jump on the bandwagon. It’s not really Blizzard’s fault. It’s the people who create the viruses. You can’t create a system that will protect future hacks. It’s simply not how it works.
In the security industry it’s always about patching up holes as they are presented and exposed by people who go out of their way to.
That all being said, I still prefer the 2 part authentications because it does make it slightly more tough but alas, as is proven here also very easy to circumvent if you have the mind for hacking
VampyricSquirrel Monk
January 6, 2014 at 14:08
There are extensive forums on battle.net that cover this if you think you’re affected by this.
I for one, am not 🙂
Josh Strauss
January 7, 2014 at 08:55
“I’m still skeptical of all these security measures. My Steam Guard seems to constantly think I’m changing locations, while the Blizzard authenticators can feel like a serious waste of time. Yes, security is really important. I’m just not convinced that authenticators, two-part login systems and other mechanisms are really keeping us any safer.”
Two Factor Authentication (2FA) prevents someone somewhere brute-force hacking your password. It makes your account much more secure; however, if you install malware that captures the info in real time there is nothing any company can do to protect you any further.
Security is a game of cat and mouse and we have to use as many tools that help make our online profiles more secure but also don’t be silly and be aware of the sites you visit and the software you download.
There is no security mechanism that will be effective if one is compromised from the inside. These mechanisms are certainly not a waste of time and I encourage everyone to turn on 2FA for every important account if the account supports it. Please, if you haven’t already, you should turn on 2FA for your email as that is the gateway to everything else.
zanmaru
January 8, 2014 at 18:13
I hate the way this is all worded. Yes, if you get a KEYLOGGER installed on your system because of your own indiscretions, it can very well log your password and authenticator key. Under normal circumstances, the authenticator is far more effective than just a password.