By Curtis Fechner and Andrew Brandt
While we’ve touched on the subject of World of Warcraft phishers (and the Trojans they attempt to spread) a handful of times in the past several months, it’s worth mentioning the ongoing problems phishing posts cause both players and Blizzard, the game’s operator.
To recap, the official message board for World of Warcraft is under constant attack by phishers, who use stolen credentials to post message board articles containing malicious links under the names of the innocent players whose passwords have been stolen. The links, which can be tied to virtually any kind of social engineering tease, typically point to Web sites that contain scripting code which either pushes a WoW-credential-stealing keylogger down to the victim’s computer, or aggressively “suggests” that the victim should download and install some purportedly missing component (often, a fake Flash player update) that does the same thing.
The authors who plague the forums, in-game chat and email with these posts containing malicious links are a crew of dimwits, but they aren’t so thick that they fail to recognize an opportunity when they see it. Beginning in early December, for instance, they took full advantage of the incredibly busy state of the official forums, which were filled with posts tied to the release of a highly anticipated update to the game, and rumors about “beta testing” access to the update.
The heavier-than-normal traffic kept forum moderators busier, and subsequently the phishing posts remained active on the forums much longer before administrators deleted them. A longer exposure time means it’s more likely that victims will click through the malicious links, and with the customer support staff busy solving patch-related issues, compromised accounts remain compromised — keeping paying players locked out of the game — for even longer than they normally would. The problems have become so overwhelming that even Blizzard itself has been forced to acknowledge the scale of the problem.