Select Page

Wowmtx0

You may be wondering why I have a photo of a bunch of pocket calculators up above (a photo that I took myself, copyright fans). Well, they’re actually authentication devices for various PC games, which are designed to give an additional layer of security to your online ID:

http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660

The World of Warcraft authenticator is rather popular with anyone that takes their MMORPG (Massively Multiplayer Online Role Playing Game) action seriously. Well, it seems a scam from November 2009 is back but with an alarming twist: World of Warcraft players are reporting that the new infection file is managing to intercept login data (thus getting around the authenticator) and send it elsewhere, by means of a “Man in the middle attack” according to Blizzard Technical Support:
http://forums.wow-europe.com/thread.html?topicId=12730404058&sid=1&pageNo=1#15

Some more info at the following links, including some victims of the attack:
http://forums.wow-europe.com/thread.html?topicId=12730404058&sid=1
http://www.mmo-champion.com/news-2/authenticator-accounts-hacked-icc-quests-crimson-deathcharger/
http://www.worldofraids.com/topic/15642-authenticator-keylogger-source-fake-wowmatrix-website/

The sites (advertised in Google Adverts such as the one below):

Wowmtx2

Are being listed as
Cursea(dot)com
deadlybossmodss(dot)com
gamesacca(dot)com
wowmatrixf(dot)com

And you should probably consider avoiding them for the time being. The sites do pretty much the same thing as the scam from last year – ask you to download a fake application, run it and give yourself a very bad day. Some screenshots:

Wowmtx1

Some “install” fun:

Wowmtx3

Finally, this is the file you do NOT want on your PC:

 Wowmtx4

Emcor.dll is apparently the source of so many woes at the heart of this story. This is obviously a bit of a fresh one, so more information will no doubt come out in the wash as time goes by. For now, be extremely careful what you’re downloading – as the Blizzard Support guy says, “No method is ever 100% secure”.

Chris (Paper Ghost) Boyd


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34