14 DAY TRIAL // Security researchers from antivirus vendor Sunbelt warn that World of Warcraft players are targeted in-game by a new wave of Cataclysm-related spam. The rogue messages contain links to phishing pages or websites serving trojans.
With the new Cataclysm World of Warcraft expansion currently in closed beta testing and expected to ship in the upcoming months, there is a great interest towards any news on the subject. Unfortunately, hackers are aware of this too and are prepared to exploit the players' curiosity and excitement.
“Our friend Douglas received a whisper (chat message) from someone using the handle 'BlizzaICOL' while he was playing WoW telling him that the beta is available for the new Cataclysm expansion for the WoW map. The expansion will make everything appear as though it’s on fire, being burned by a dragon. The 'whisperer' also passed along a URL which led to Cataclysmtest.net (don’t go there) which APPEARED to be the WoW login screen,” Tom Kelchner, a security researcher at Sunbelt, warns.
Inputting the login credentials into this fake form and submitting it, send the information to an external server controlled by the attackers. Fortunately, the destination has already been flagged by Google's Safe Browsing service as a Web forgery and is being blocked automatically by browsers like Firefox or Chrome.
Another page masquerading as the official Cataclysm website is hosted on a domain called worldofwarcrayt.com. The fraudulent website contains two buttons allegedly allowing users to download the new expansion for PC or MAC. Clicking on any of the buttons prompts the download of a file called cataclysm.exe, which is a password-stealing computer trojan. According to the Sunbelt researchers, both domain names used in the attacks were registered by the same individual, who used bogus and even obsecene information.
Gaming credentials are a valuable resource for cybercriminals, who sell them on the black market. According to Symantec, a World of Warcraft account can cost as little as $35 and as much as $28,000, depending on how well the associated character is developed.
You can follow the editor on Twitter @lconstantin
