Blog Post
GameGeex - Blizzard accounts attacked with a Trojan mascarading as the Curse client Gamers are warned to be extra cautious downloading the Curse client from a Bing search, and to make sure they know that all their software is from a verified source like Curse.com.

Friday news broke that gamers playing Blizzard games such as World of Warcraft were having their accounts compromised by a Trojan virus.  At the time this was particularly scary because the authenticators weren't even protecting player's accounts, and the login information obtained could also be used on other games, and social networks (seeing how so many of us use the same passwords for our online accounts).  The only way to remove the Trojan was to wipe your computer and do a fresh install of your operating system and software.  Definitely scary stuff.

Then Blizzard researched the issue, and released an updated statement saying that they tracked the Trojan to a fake Curse client players were downloading from online searches such as Bing and Google. Google took action and blocked the searches, but the damage had been done for many gamers, who had to go through some rather complicated steps to get their computers cleaned and their accounts reinstated.  And all from a program mascarading as the most popular addon software manager on the Internet.

I've been victim of this sort of scam myself before, so I definitely feel sorry for anyone who was infected.  I was duped into thinking a sponsored link on Google was a safe link, and instead ended up almost filling my system with malware.  I came very close to having to do a fresh install, and I learned my lesson. For those who are looking for things like the Curse client, the easiest thing to do is head directly to their websites.  Sure search engines save you having to type in the URL yourself, but ultimately you are risking clicking on a link that will do very, very naughty things to your computer.

Unfortunately popular companies like Blizzard and Curse are open to these kinds of attacks, and since gold selling is such huge business, attempts are made every day to get access to WoW accounts.  If you managed to keep clear of this virus, take this as an example and learn from the mistakes of others: Be careful what links you click on in search engines, and keep your anti-virus software up to date.  I recommend Panda.  It's free, efficient, and will get the job done.  Plus it has that dreamy voiceover guy narrating.  

2 Comments for this post.
Like 1 Disike 0

Dreamy-voiceover guy you say...? I mean... Dam that's terrible.

Jokes aside, that's pretty bad and unfortunate. Definitely better to go straight to the company website for add-ons. At least if something goes wrong, you can totally yell at the company :o


Like 1 Disike 0

Google has done a crap job as of late on these sponsored links. They need to step up on their game. In my day job we've had a boat load of people that don't pay attention to the links on the search page and just start clicking because they trust Google. 

You hear that Google, they trusted you not to mislead them. Which you did by allowing bogus links to become sponsored top banner links. I appreciate the job security but seriously this is just bad form.

I hate that once again Curse is associated with trojans and Blizzard account hackings. I recall I had an issue where my account was hijacked, and Blizzard blamed the use of the Curse client. Which clearly wasn't the case at the time.

For me I've always informed users to ignore all ads and sponsored links, pay attention to what you are clicking on and if you are not sure ask. It doesn't hurt to ask, better you are informed than mislead.


You must be signed in to post a comment.