World of Warcraft SpearPhishing and Boting
September 13th, 2010
Posted by
David Marcus
Over the weekend I had the chance to put some work into my lowbie Dwarf paladin named Boulderbrain. I was at the Stormwind bank minding my own business when I suddenly get this whisper:
Now normally I simply ignore most whispers I get in-game (other times I simply dont notice them) but this one caught my attention and zooming in I think you will see why:
This message is telling me that Blizzard suspects my account of using third-party tools to cheat and would I go to their website, login and check my account settings. In actuality this is an “attacker” pretending to be a Blizzard GameMaster and the website itself is a phishing site:
This particular fake was hosted on an IP address that had pretty questionable
report – HINT, HINT, HINT use our
SiteAdvisor browser plugin!!!!. World of Warcraft has millions of users worldwide, making attacks and techniques like this very common. Many players (myself included) have taken the additional step of using 2 factor authentication (commonly called 2FA or simply tokens) which can add an additional layer of protection to your logon credentials:
The addition of the 2FA pin makes it EXTREMELY difficult to break into or pop the account itself (like adding a secondary token to your bank logon). Ok now granted I got the free Core Hound pup with it but it also has a sweet iPhone app that generates the 2FA code!
Now what were those third-party apps the original phish may have alluded to you ask? Bots most likely. As anyone who follows this blog is aware, bots refer to robots, usually malicious in nature but they simply automate tasks. Some of the more popular bots for World of Warcraft are farming and leveling bots. They are designed for pretty much what you would guess – they automate the “farming” of a variety of materials (later sold for in-game gold) or even honor (honor points can be used to purchase in-game items). These bots can also automate the process of leveling your character. Some examples:
and also:
Should your account be found to be using any of these, it will get banned as it violates Blizzard’s Terms-of-Service. Credential and logon theft is one of the biggest areas of malware we at McAfee Labs deal with on a daily basis. Make sure you stay updated, properly configured and be cautious of in-game messages!
And level-up old school….. the account you save may be your own!