Man in the middle attack compromises authenticators

Going to share this news with everyone. Kody over at World of Raids has said it the best so I'm just going to repeat what he's said over there.

Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers to access World of Warcraft accounts that have authenticators attached to them. It's also possible there are other variations of these suspicious files, so if anyone has additional information please respond in the comments.

Based on this thread, the file may be found in /users/username/appdata/Temp. Since the file is fairly new (first mentions of it are only a few days ago), and the common source is unknown, I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.

A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code. Thanks to Cameron for posting about this in our forums, too.

You must login to post a comment. Don't have an account? Register to get one!

  • 5 comments
  • Avatar of Coreinsanity Coreinsanity Apr 09, 2010 at 17:11 UTC - 0 likes

    @mrruben5

    More like "HAH! Idiots who don't know how to use a computer and keep getting viruses FTL!"

    Seriously, OS has little to do with it. I have been using a Windows computer for years and never get spyware/viruses, and never get my account accessed by anyone but me. Not to say Linux is bad, and it is very secure, but quite frankly if people educated them self instead of just getting on the computer and "lololololololol INTERNETZ!" like idiots we wouldn't have this many account hacking problems...

    Probably about 15 years on Windows and I have never had an account/etc hacked on anything. Nor have I gotten Viruses/etc.

    Last edited Apr 09, 2010 by Coreinsanity
  • Avatar of Major_Nuggs Major_Nuggs Mar 23, 2010 at 04:48 UTC - 0 likes

    @Nevcairiel: Good luck getting us to compile and then run it as root. :p

  • Avatar of Suddendeath2000 Suddendeath2000 Mar 06, 2010 at 15:47 UTC - 0 likes

    According to most of the sites I've checked about this, Malwarebytes does detect it.

  • Avatar of Nevcairiel Nevcairiel Mar 02, 2010 at 09:36 UTC - 0 likes

    /me writes a linux virus just to hack mrruben5

  • Avatar of Dashsmash Dashsmash Mar 01, 2010 at 12:28 UTC - 0 likes

    HAH! unix/linux/osx ftw!

  • 5 comments

Facts

Date created
Mar 01, 2010
Last updated
Nov 10, 2011

Author