Jump to content

wow trojan

Sajro

By Sajro
in World of Warcraft

 Share

Recommended Posts

Sajro

Sajro

Posted
Posted

chisto da znate da se pojavio wow trojan =), koliko sam prochitao na nekom sajtu redovno se nadje u onim datotekama za piratske servere i razne toolove koji se koriste za retail (obichno hackovi, za sada ni jedan addon creator nije iskoristio ovo koliko znam)

PWSteal.Wowcraft is a password-stealing Trojan horse that attempts to steal the password to the "World of Warcraft" game and send it to the creator of the Trojan.

Type: Trojan Horse

Infection Length: 34,304 bytes, 43,008 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Technical details:

When PWSteal.Wowcraft is executed, it performs the following actions:

1. Copies itself as one of the following:

* %ProgramFiles%\svhost32.exe

* %ProgramFiles%\rundll32.exe

* %ProgramFiles%\Internat.exe

Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

2. Creates the following file:

%System%\msdll.dll

Note: %System% is a variable. The Trojan locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

3. Adds the value:

"load" = "[Path of the dropped file from step 1]"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the file runs every time Windows starts.

4. Injects msdll.dll into other running processes, including explorer.exe, so that it can monitor for passwords entered.

5. Attempts to initiate a keylogging process upon finding windows associated with "wow.exe", "Launcher.exe", "www.wowchina.com" or "signup.worldofwarcraft.com".

6. Emails the gathered online "World of Warcraft" passwords to the Trojan's author.

7. Attempts to disable processes or windows which contain the following strings, some of which may be security related:

* EGHOST.EXE

* MAILMON.EXE

* KAVPFW.EXE

* Ravmon.exe

* Ravmond.exe

* ZoneAlarm

8. Attempts to download and execute files from the Internet.

Note: Source: symantec.com

Link to comment
Share on other sites
Immortalis

Immortalis

Posted
Posted

blah, nisam siguran dal moze kaspersky moze da ga detektuje, a symantec-ve proizvode ne kosristim. Nisam ga nashao u registry ,ali valjda postoji neki cleaner da budem siguran, odoh da potrazim.

This video contains content from Jimmy Kimmel Live, who has decided to block it in your country.

[23:47] <manager-> jao dete jao dete :D

chickenonaraft.kom

Link to comment
Share on other sites
Sajro

Sajro

Posted
  • Author
Posted

a sta ce mu uopste passwordi naloga? da nece da se loguje na svaki redom pa vam "gasi" iste? :)

dobije nalog, promeni shifru, proda. za svaki account moze da dobije minimum 20e i to jako brzo ako zna gde da nudi. i to 20e samo za account, josh ako na accu ima lvl 60 likova etc.. moze da proda i za preko 200e opushteno.

edit: sejnte sejnte double post @ 15:23 by saint & cyro.. ultimate combo! =))

Link to comment
Share on other sites
Sajro

Sajro

Posted
  • Author
Posted

blah, nisam siguran dal moze kaspersky moze da ga detektuje, a symantec-ve proizvode ne kosristim. Nisam ga nashao u registry ,ali valjda postoji neki cleaner da budem siguran, odoh da potrazim.

za sada nisam nashao cleaner ali kazu da su svi vetji antivirusi (kaspersky spada u tu grupu naravno) apdejtovali svoju bazu sa definicijom za ovaj trojan josh dvadeset i nekog maja kada je prvi put otkriven.. nema da brinesh, samo uradi full system scan i opushteno.

ovo sam vishe postovao za one koji vole da skidaju botove, hackove, keyloggere.. sada je gomila takvih hack programa u stvari wow trojan etc. bash sam sada probao, googlovao sam wow botove i nashao neki warez sajt, skinuo bot.. kada ono taj trojan! =)))

nemo' se zajebavate!

edit: takodje kada skidate addonove, bez obzira koliko ste sigurni da tu nema nichega opet pogledajte folder i proverite da li ima nekih .exe fajlova, chisto za svaki sluchaj!

Link to comment
Share on other sites
Immortalis

Immortalis

Posted
Posted (edited)

ma updaetujem ja av svaki dan , ali sumljam zato shto ga nisam nashao pod tim imenom u enciklopediji virusa :)

Edited by Immortalis

This video contains content from Jimmy Kimmel Live, who has decided to block it in your country.

[23:47] <manager-> jao dete jao dete :D

chickenonaraft.kom

Link to comment
Share on other sites
coll

coll

Posted
Posted

ma ko zna, mozda je neka zloba brishe charove i tako to :))

zloba nego sta !

Jednog mog ortaka devojka zamolila da joj donese pice ili tako nesto, i za to vreme mu obrisala lvl 60 Maga i lvl 56 Druida ... kao da bi imao vise vrmena za nju i da batali komp.

Decko je nabacio gadnog "trojana" irl :/

sex, drugs and bio food!

Link to comment
Share on other sites
batina

batina

Posted
Posted (edited)

offtopic:

trazeci gore navedeno nasao sam neki:

- AIM instant messenger cookies (data: cnkng.exe) i

- nwiz (data: nwiz.exe /install)

znali ko sta je to tacho, poshto sam proshli put obrisao neshto shto nisam smeo, pa je usledeo reinstall..

inache AdAware ga ne detektuje

Edited by batina

nema te logike koja ce me zaustaviti

Link to comment
Share on other sites
New Order Footman (NWO)

New Order Footman (NWO)

Posted
Posted (edited)

kako da ga proda? kad cesh ti zeljno za 5 sekundi da promenish password...

U WoW-u je ceo sistem sa accountima jako lose uradjen sto se tice bezbednosti, mozes ako imas sifru da udjes na account i promenis sve podatke osim jednog (ime i prezime) i security questiona (ali ni od njega nema vajde kad mozes da promenis e-mail nalog na koji stize nova sifra).

Da spomenem da deletovanje charactera ne moze da izazove trajnu stetu posto je vrlo lako preko in-game ticketa GM-ovima povratiti obrisane likove, gadno je kad pored toga sto obrise lika proda i sve predmete na liku koji se takodje na slican nacin mogu povratiti iz baze podataka ali je malo komplikovanije i cesto ostanes bez itema ako se to desi, u tom slucaju gilda bi bila fer da ti pomogne da farmujes nove iteme :)

Ovo je izgleda uradjeno zato da bi se ljudi isparanoisali i ne bi davali sifre svojim ortacima posto je ceo sistem mnogo normalnije odradjen u Warcraftu III gde su nalozi besplatni pa su ipak zasticeni na taj nacin sto je e-mail adresa TRAJNO vezana za account tako sto moras da potvrdis na toj e-mail adresi da si promenio adresu ako to hoces da uradis te uvek mozes povratiti account sem ako ti ne udju i na e-mail nalog kada mogu da promene adresu vezanu za nalog.

Edited by New Order Footman (NWO)
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...