WoW Trojan

[Balandar]

With the recent rise in reports of compromised accounts, we felt that it would be in the best interest of the community to bring this topic into the spotlight. This is an effort to educate our customers about what can be done to should your account become compromised and most importantly, what you can do to prevent it from becoming compromised.

We strongly recommend you following procedure to avoid compromising your account:

-Avoid using third-party executable programs.

-Do not type your World of Warcraft login info on other websites.

-Don't share your information with friends/guild mates.

-Don't use "leveling" services, or any service that requires you to provide your account ID and/or password.

-Change your password often. Also, make sure that you don't follow a pattern when you change your password (ex: 123Bob, 123Bobb, 123Bob1, 123Bob2)

-Avoid UI mods with executables since they could contain Trojans that transmit your account information back to the host.

[update]

We have received the following information from a gaming website. We encourage all players to take these measures to ensure security of your account info.

--------------

To see if you got the trojan, go to Program Files/Internet Explorer in your directory and look for a file named "syssmss.exe". If it is there, then open your task manager and delete the file. Also go to %WIN_DIR%\Downloaded Program Files and delete a file named either "######snow.exe" (without the spaces) or "muma.exe". Then once you have done that, log into the game and change your password.

There are also several online sites that scan your computer for free.

http://www.windowsecurity.com/trojanscan/

http://housecall.trendmicro.com/

--------------

We urge you all to review the current policy which can be found here: http://www.blizzard.com/support/wowgm/?id=agm01889p

[ post edited by Tyren ]

[Balandar]

Also of note: From wow.allakhazam.com

This only applies to you if you are running an older version of Internet Explorer, have not updated windows with the latest security patches and do not have virus protection on your computer. Apparantly one of our ad providers was affected by a trojan and was serving it to our site for several days last weekend. This is a keylogger and could possibly compromise your game login and password. As soon as we discovered it, we pulled all of their ads.

To see if you got the trojan, go to Program Files/Internet Explorer in your directory and look for a file named "syssmss.exe". If it is there, then open your task manager and delete the file. Also go to %WIN_DIR%\Downloaded Program Files and delete a file named either "######snow.exe" or "muma.exe". Then once you have done that, log into the game and change your password. In fact, change every password for every place you have typed since you got the trojan.

There are also several online sites that scan your computer for free.

http://www.windowsecurity.com/trojanscan/

http://housecall.trendmicro.com/

We apologize for this. In 6 years of running this site, nothing like this has ever happened. It kills me to think that we may have, even inadvertantly, caused anyone to have their account compromised. We're all about making the games better and more fun. Believe me, we will do everything in our power to make sure it does not happen again.

Along with the advertiser who sent this, and in cooperation with the FBI, we are attempting to track down the people who sent this. I hope I get a few minutes in a back room with the ######s.

[muru]

As an Allakhazam suscriber, they got me:(

Now I am kinda pissed- to think that I payed for a service that enabled this:(

Oh well- I will settle down- it really is my own fault:(

[Rhoach]

We love you, Muru!