Πιθανό πρόβλημα ασφάλειας με τα authenticator

[Ragnadriel]

Έπεσε στην αντιληψή μου (thanks z4!) ότι βγήκε στο δίκτυο νέο keylogger με την δυνατότητα να "κλέβει" και ένα authenticator key σας. Προσοχή λοιπόν και λεπτομέρειες στο άρθρο εδώ:

http://www.worldofraids.com/topic/15...w-vulnerable/?

[mrunbox]

Ότι φτιάχτηκε απο άνθρωπο μπορεί να παραβιαστεί απο άλλον άνθρωπο...κανένας δεν είναι τέλειος.

[xcyanx]

Το θέμα είναι ότι οι authenticator δεν πρέπει να έχουν πρόβλημα με αυτό το keylogger. Αν χρησιμοποιήσεις ένα κωδικό απο τον authenticator μετά ο κωδικός αυτός γίνεται άχρηστος. Αν τον υποκλέψει κάποιος δεν μπορεί να τον κάνει τίποτα απο τη στιγμή που θα έχει χρησιμοποιηθεί απο εμάς πρώτα. Ο μόνος τρόπος για να χρησιμοποιήσει κάποιος τον authenticator μας θα είναι να βρει τον αιρθμό που έχουν χρησιμοποιήσει για να κάνουν seed την μηχανή παραγωγής τυχαίων αριθμών.

P.S. Οκ κατάλαβα τι κάνει οπότε οκ κάντε ένα scan παραπάνω για καλό και για κακό ^^

[Fallen]

Παράθεση:

Trojan succesfully hacks Authenticator Protected Accounts
A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.
Quote from: Kropacius (Source)
After looking into this, it has been escalated, but it is a Man in the Middle attack.

Man-in-the-middle attack - Wikipedia, the free encyclopedia

This is still perpetrated by key loggers, and no method is always 100% secure.

Basically, what the virus does is fairly simple after you're infected :

* The next time you log in World of Warcraft, the game asks for your Authenticator code.
* The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
* The people behind the virus now have a few seconds/minutes to use the "real" code while it's valid to change your password / empty your account / guild bank.


How to check if you're infected
Just search for a file named "emcor.dll" on your computer, it is most likely located in "C:\Users\(Your user name)\AppData\Temp" but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.

To be honest, if you found this file your account is probably already compromised.

What does it mean exactly?

* Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you're not invulnerable.
* It definitely isn't an excuse to not have an authenticator. We're talking about a single virus here and the authenticator will save your ass 99% of the time.
* Get a decent anti-virus, buy an authenticator, you'll be safe.

Το παραδεχτηκε κ η BLizzard, διαβαστε κ ψαχτε για το αρχειο.
Πηγη : MMO-Champion - World of Warcraft Guides and Raid Strategies

[xcyanx]

Παράθεση:

You may be able to block the IP 205.209.181.111 to help prevent your information from reaching the hackers. This is of course something that may change after they find out they've been discovered, but it should offer some temporary help while you get rid of all the files.

This info is preliminary. If you use it you should also take the steps you do normally

The keylogger will send the data to:
Host: 205.209.181.111
Port: 1068

The keylogger data file can be found in /users/username/appdata/Temp along with the DLL

Update 1:

The keylogger sends the "current tick" to the server. Presumably so it can tell how long it has to use the code.

Brought to you by bored geek.

Απο Authenticator Keylogger Update - World of Warcraft - Curse