You head along to your local torrent or newsgroup site and see some new application, a game that has just come out or a copy of the Operating System DVD and you grab it thinking if it is infected with a virus, your current AntiVirus is bound to flag it up. Of course this act is illegal but this is not the purpose of this article. I wanted to go through a handful of things that you need to think hard about and why, if the software or game is not too expensive, you should buy it.

There is more than just virus out there

Most people only ever think of a virus, that is a program that serves to disrupt your data in one way or another but what about a program that is stealing all your passwords and sensitive data? What is the easiest way to get someone to not only download a piece of software but override the antivirus to execute the thing? The simple answer is to first provide something that people want and secondly is to tell them that it is not a virus but this is how the crack works and to ignore any warnings they may get.

A Case in point

To give a graphical example of my own stupidity, Left for Dead 2 came out and I grabbed a copy, I ran this on my main machine and my current Steam account was in fact logged in. The game actually did not run beyond a few minutes and I just thought it was a bad copy. I since went and bought the game but of course not long after that my Steam account got comprised and you can bet it was the person who was sharing that game before. The amount of time and work it took to get my Steam Account back, protect it and make sure it never happens again took a long while, all because I did not want to spend £30 on a game, how sad is that.

If you use it – buy it

Here is my title motto, if you use some software and you find it invaluable, then why not spend that bit of money and buy the thing. Most software allows a trial mode so you can get a feel for the program / game and the cost is normally what you would pay for a game anyhow. What about expensive software like Photoshop or MS Office? I have found many free or cheap alternatives to these as well. Remember that if you buy some software, you can get the updates time and time again, no more waiting till someone has cracked the latest version and how do you know that someone has not placed some hidden code inside this so called cracked version of your application?

A new keylogger disguised as a World of Warcraft add-on is stealing account info and goods.

Last week reports of a “man-in-the-middle-attack” surfaced in regards to Blizzard’s MMORPG. World of Warcraft. Apparently hackers have created a tool that grants them access to accounts protected by an authentication tool. Once they are in control of the account, hackers can thus steal virtual gold and possessions until the account password is reset. Currently there’s no indication if the hackers gain access to data such as credit cards or other personal information.

The tool in question is a keylogger, possibly a file named emcor.dll which can be found in C:/Documents and Settings/Users/[username]/Application Data/Temp. Once the user launches the keylogger, the PC is infected and will in turn cause World of Warcraft to crash. Once the players re-start the game and log back into the account, the authenticator code is intercepted by the hacker. A different code is sent to Blizzard’s servers, locking the player out.

So how do players get the keylogger on their PC? It all starts with a sponsored link in Google showing up as a top result for WowMatrix, a free World of Warcraft add-on installer and updater. The problem is that the listing isn’t a genuine, leading gamers to the malware. “Several downloads are available and I decided to check out the installer / updater,” reads this forum post. “Results are pretty low at virustotal for the executable. The detection of the DLL hooked into our system is even worse, only 1 antivirus suspects some illegal activity.”

Because authenticator codes only last for 30 seconds, hackers have access to the WoW account until they log out. “This is still perpetrated by key loggers, and no method is always 100% secure,” Blizzard said in this forum post.

WoW gamers are warned to stay away from the following sites, which are actually based on legitimate WoW related sites with a typo at the end of each URL:

• wowmatrixf(dot)com
• Cursea(dot)com
• deadlybossmodss(dot)com
• gamesacca(dot)com