World of Warcraft hackers embrace man-in-the-middle attacks

Here’s some troubling news for my fellow World of Warcraft players. It seems that hackers, account thieves, and other miscreants have now embraced man-in-the-middle (MITM) attacks to further their evil ways. Blizzard says it’s not a widespread issue, and it’s rather difficult to pull off, but it’s something y’all should be aware of.

The deal is that WoW hackers are able to infect your PC—this is a PC-only problem, mind you, so Mac players can more or less ignore all of this—with a bit of malware that’s then able to initiate the MITM attack. The purpose of this is to intercept your login name, password, and authenticator number so that they can log into your account. Once online, they can do whatever it is you’d be able to do inside the game world: sell items, mail gold to other players, etc. They cannot, it should be noted, delete your actual account or anything like that. Still, it’s potentially devastating, selling all your epics for fast gold, then turning around and selling that gold for real money to someone else.

MITM attacks aren’t new or anything. There’s plenty of programs out there can initiate them rather easily, letting people intercept passwords, instant messages, you name it. They work in that they sit in between your PC and the server you’re trying to connect to. So, if you’re playing WoW, instead of your username and password and authenticator number going directly to Blizzard’s servers, they first go to the hacker’s rogue server, which then passes the info onto your intended server, capturing the information in the process. It’s essentially invisible to you, the end-user, which is why the attacks are so dangerous.

Blizzard has already identified the piece of malware that initiates the MITM attack, so be on the lookout for emcor.dll. Be sure to keep your anti-virus software up to date.

One final bit: the odds of you being a victim of such an attack are quite low, if only because it requires so much work for the hacker to pull off; you’d have to be hacked a the very moment he wants to break into your account, and that’s something that simply doesn’t happen. Rather, your account will be compromised on, say, Monday, but it won’t be until the following Saturday that the hacker actually access your account. And again, the worst thing that could happen with this kind of attack would be for someone to sell off your character’s items and gold, then, for good measure, delete your character—your actual account cannot be tampered with. That may be a distinction without meaning, yes.

So yeah, just be sure to keep your anti-virus software up to date, and keep your wits about you. Stay away from the shady parts of the Internet!