In the last weeks we’ve seen several phishing campaigns targeting World of Warcraft players. This is one of the messages that have been circulating:
If you click on the link included in the message, you will get to the following web site, which for almost everyone will look like the real one:
And what happens once you enter your data? Well, let’s enter a fake user name and password and we’ll see:
Now we click on “Log In”, where will we be taken?:
Yes, it really looks like the real World of Warcraft site. In fact, it is the real site… As you have seen, the attack could be considered pretty good, both the message and the web site looked as if they were real, so we can assume that these are smart cybercriminals with high skills. But we know there are a lot of phishing kits out there, and that there are easy ways to acomplish these kind of attacks, so anyone could be able to do this. Of course, if the cybercriminals are not that smart, they could have left a door opened. Do you imagine what we could find if we could enter there? Well, you don’t have to, we entered and this is what we found:
Now take a close look at the first file:
Yes, it looks like a Microsoft Office Access file, but this can’t be true, come on… let’s download it and take a look at what kind of data it contains:
Oops! Yes, this is the database with all the credentials stolen so far… ours is the number 13,401, and most of the people seems to use their e-mail address as user name… I bet that the password used for WoW is the same one they are using for each and every online service (mail, Facebook, etc.).
And what’s the moral of this story? Well, if such a moron is able to steal thousands of credentials, imagine what a smart cybercriminal could achieve…
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
29 comments
That could be releated to 7747.net, see http://translate.google.com/translate?hl=en&ie=UTF-8&sl=zh-CN&tl=en&u=http://www.7747.net/Soft/201001/16858.html&prev=_t . Except the access DB is not an access DB
Thanks, it seems related as you say…
i swear to god this is the worst scam ive ever seen.
As a response to the quote “most of the people seems to use their e-mail address as user name..” Battle.net requires an email address to log in with. When Blizzard converted WoW over to Battle.net everyone was required to enter an email address as a user name.
Thanks for the info, Matt. The last time I loged into battle net was in January last year, will try again as soon as Starcraft II is available though 😉
what the heck! How could someone do this. Man, didn’t know this stuff. Nice info! I learn a lot.
Well… not every e-mail address you see there are from people that fell for the scam.
I, for one, after insulting them with every bad word I know, started entering about 50 or more bogus e-mail addresses with bogus passwords, so as to keep the phissers entertained.
Well, that’s kind of DoS the bad guys… I like it!!! 😉
“…? Well, you don’t have to, we entered and this is what we found:
…”
Could you explain this part just a weee bit more in detail?
The thing is that I do not want to show the bad guys where they were mistaken. I only can tell you we didn’t use any exploit or similar thing.
Hope I won’t be a victim for this kind of stuff. The biggest drawbacks in online games are being hacked by someone. It’s really frustrating to know one day you can’t open your account anymore.
I consider myself a half-decent tech guy, but it’s nothing to what my friend can do. There was one time I had my account hacked (before authenticators and all that thing came) and in the short window between my scanning of my PC, some idiot managed to track my info.
My friend then hooked up to my PC, found the malware taking all the information, and started hacking the hacker back.
Not only was it fun to teach the idiot a lesson, but sending in a ticket to the police for information theft is also nice, as we learned he lived in the same country as we do =)
So hackers, beware, you are not the only one who can hack! 😀
Good read, panda’s 😀
Thank you so much for this info! This is excatly how I got scammed this week! This is the exact way that every one I know got scammed reacetly!! Thank you for let me understand how they done it!
Don’t just think that because you use an authenticator, that you are safe. There are authenticator emulators and people HAVE backwards engineered them as well.
Also keep in mind that when you GIVE your info to someone, you aren’t being hacked. A guy I used to know who used to scam peeps, told me, he couldn’t do it except for the fast that there are so many stupid people out there. Simply look at the url, as you hover over it, it will show the actual email.
that doesnt tell us how to get them!
Well… not every e-mail address you see there are from people that fell for the scam.
I, for one, after insulting them with every bad word I know, started entering about 50 or more bogus e-mail addresses with bogus passwords, so as to keep the phissers entertained.
Congrats, you just wasted about 5 seconds of processing time as their bots attempt all the logins…
You should send all the people on the database a link to this article, well that’s what I’d do.