Blizzard has confirmed that a work-around that allows hackers to gain access to games protected by its authenticator tool has been invented.
This is the first confirmed case of a compromised World of Warcraft account with an authenticator attached. The affected user alerted others to the issue on the official forums, which was responded to by a Blizzard rep, who confirmed that the case was genuine. Other players then reported similar experiences.
Blizzard poster Kropacius informed readers that the type of problem was a ‘Man In The Middle‘ attack.
According to information from various affected users, the hacker gains access to a player’s system through a keylogger, thought to be a file named emcor.dll, which can be found in C:/Documents and Settings/Users/[username]/Application Data/Temp. Once infected, the PC will cause WoW to crash, prompting players to log back into the game. This is when the authenticator code is intercepted by the hacker, who sends on a different code to Blizzard’s servers, preventing the legitimate user from gaining access to the game. In the mean time, the hacker does have access to the account until the code resets, and can proceed to steal any gold and/or possessions from your characters.
The code on an authenticator changes every 30 seconds or so, therefore hackers only have access to the account until they log out. In the case of the original user who reported the issue, he was blocked from attempting to access WoW for 15 minutes after inputting “incorrect” login details too many times. During that time, the keylogger file was detected and removed. Nothing was changed in the account management on the official WoW site, but when he gained access to WoW after the lock-out, several in-game items were gone; the hacker had presumably been logged out when the owner logged back in.
Blizzard has always maintained that the authenticator was never a 100% fool-proof method of keeping game accounts safe, and should be treated as an additional layer of protection. This latest development further highlights the need to be aware of keyloggers, and to keep anti-virus software up to date. However, neither of these prevented the afore-mentioned user from falling foul of the scum of the internet.