Warning: Another Trojan on wowui.worldofwar.net

That's right three viruses in two days.

Looks like the same people this time pretending to be the Curse Updater. Please don't be fooled into downloading this one either.

F-Secure Client Security says:

22 October 2008 16:28:25 - 16:28:28
Computer name: ----
Scanning type: Scan target
Target: Addons\30000\CurseUpdaterzip-1224675514.zip
Result: 1 malware found

Trojan-Spy.Win32.Ardamax.n (virus)

The relevant forum thread here is http://forums.wowace.com/showthread.php?t=14710...


Just to clarify:

NO ONE from Curse had anything to do with this, I've reported it to have it taken down.

You must login to post a comment. Don't have an account? Register to get one!

  • 8 comments
  • Avatar of airtonix airtonix Oct 25, 2008 at 19:10 UTC - 0 likes

    So the reason many use the updaters(like curse client etc) is to save time. But it seems it ended up causing trouble thats not worth it. for both sides of the story.

    I would rather manually grab my updates, knowing that as i unpack them into the addon folder i can check the contents.

    I also preclude myself from dealing with adverts and the bandwidth they use, corrupted updater urls and malware/viruses in executables.

    Although...not using windows or mac helps me avoid such common issues thanks to the linux concept of sudo( https://help.ubuntu.com/community/RootSudo ) & lack of suitable execution enviroment for viruses to facilitate their malicious activities.

    [quote elsia]
    I hope they share IP with wowinterface and curse to avoid that the same folks try other ways to trick people again (without at least switching IP addresses).
    [/quote]

    As you know...very few people have internet connections to their home that use a static ip address. The next stage of this 'banning' concept is to block whole ip ranges from countries. or an isp...which isnt fair on others of those groups.

    Personally, time & effort spent on updaters and the protection of their integrity could be better spent elsewhere.

  • Avatar of honem honem Oct 25, 2008 at 11:40 UTC - 0 likes

    @boadie

    Huh ? I'm can't see how this relates to the context of this thread(which is a fake curse client being a keylogger)

    BTW I can access the project page for EBB and download the latest beta just fine. You just need to login with a curse networking ID . My EBB is definately working as it's what I look at on my Shaman to confirm if I've got Maelstorm weapon procced or not :D

  • Avatar of bloodowl bloodowl Oct 24, 2008 at 05:27 UTC - 0 likes

    It is a key logger. Most likely (100%) it is trying to get wow accounts.

  • Avatar of boadie boadie Oct 24, 2008 at 05:13 UTC - 0 likes

    Problem with stopping file access is now some things that are not working on curse like Elkono's BuffBars are simply not accessible.

  • Avatar of Elsia Elsia Oct 22, 2008 at 14:46 UTC - 0 likes

    File is/was a fake. The readme.txt in the archive is a verbatim copy of the wikipedia entry on Kafka and the only other file is a file called MetzRemix.exe which is virus/trojan infected. This has nothing to do with the curse client nor does it have anything to do with the real MetzRemix which is an actual UI compilation, and everything to do with someone trying to trick people into installing a trojan by using a fake association.

    The offending poster Quarenteen (http://wowui.worldofwar.net/?p=profile&u=411659) faked being WoWAce and Curse. WoWUI has claimed to have banned that user now. I hope they share IP with wowinterface and curse to avoid that the same folks try other ways to trick people again (without at least switching IP addresses).

  • Avatar of Kaelten Kaelten Oct 22, 2008 at 14:25 UTC - 0 likes

    fixitman: This file they uploaded is *not* the updater. Even if it contains the updater in the zip they packaged along with a virus.


    WowAce.com & CurseForge.com Adminstrator
    Check out my new addon, OneChoice, it helps you pick quest rewards faster.
    Developer of Ace3, OneBag3, and many other addons and libraries
    Project lead and Mac developer for the Curse Client

  • Avatar of Thrillseeker Thrillseeker Oct 22, 2008 at 14:05 UTC - 0 likes

    Yeah, NO ONE...

  • Avatar of fixitman fixitman Oct 22, 2008 at 13:52 UTC - 0 likes

    This, along with poor programming, are the reasons I will never use an auto-updater for my addons. Using an auto-updater also has the strange side effect of making one completely oblivious to the inner workings of the addon system. This is fine until problems arise... then you're screwed.
    EDIT:
    I realize this was a fake lol
    My point was that it is too easy to end up with something like this when you become reliant on an auto-updater. Manually installing all updates ensures you will never need to worry about downloading a bad exe :)

  • 8 comments

Facts

Date created
Oct 22, 2008
Last updated
Oct 22, 2008

Author