WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.
This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.
What can you do to prevent this from happening?
Two things:
- Change your password, now!
- When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so.
Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.
Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.
Virus scan readout:
C:\Fraps\fraps.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyLocked.J
C:\Program Files\NetMeeting\mstinit.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
Subscribe
Reader Comments (Page 1 of 4)
4-30-2008 @ 3:52PM
deviationer said...
lol the only way a worm got into fraps is if people were downloading a shady pirated version of it. Either spend the $37 for it or make sure you aren't getting a shady version (or just make sure you virus scan your pirated downloads)
Reply
4-30-2008 @ 3:59PM
Adam Holisky said...
I can vouch for some of the people who are reporting this, and say that they did not pirate the program. I have no doubt about this, even if I don't have screenshots or logs to back it up.
But your point is valid - pirated software often does contain viruses and is never a good thing to use.
5-01-2008 @ 6:42AM
jrb said...
obviously, no one will admit to running pirated software, but if you do, please please please run it with a non-administrator account. if your windows PC is up-to-date you can cut your risk of infection to almost NIL by running as a non-administrative, and non-power user.
secondly, a question to ask is why the mac version of WoW has movie capture built in, but the PC version does not?
5-01-2008 @ 6:58AM
Mera_LaCroisadeEcarlate said...
what about someone hacking fraps website and replacing the original Fraps ?
5-01-2008 @ 3:57PM
boronak said...
Well I paid for fraps and use the current official and after reading this uploaded to an online virus checker and here is the result a couple of false positives but its clean.
If you down load pirated software expect there to be virus, trojans, keyloggers, thats all I can say. I have no sympathy
[url]http://www.virustotal.com/analisis/954a362e5cddef6fc09db34c30996eb9[/url]
4-30-2008 @ 3:53PM
Xailia said...
yet another reason to run linux.
Reply
4-30-2008 @ 4:10PM
Jason G said...
or osx
4-30-2008 @ 4:18PM
Charlie said...
Hey, if you run OSX, you don't even need fraps! Gogo built-in video recorder =D.
4-30-2008 @ 4:23PM
G said...
This just in: Microsoft (MSFT) CEO Steve Ballmer today announced that they are changing the name of their latest operating system to "Vistax" because "obviously, an OS than ends in 'x' is more bad-guy-proof." When asked for further comment, Mr. Ballmer picked up his chair and threw it through the window, then ran off with arms flailing, yelling "Yahooooo!"
4-30-2008 @ 5:10PM
Brian Arnold said...
G, that's the best thing I've read all day.
4-30-2008 @ 5:35PM
PJ said...
If anybody actually used Linux there would be viruses for it as well.
4-30-2008 @ 6:04PM
Ahriman said...
There are actually viruses written for Linux now, but because of the way that the OS is designed, you have to manually run them yourself, after explicitly giving the virus admin (root) privileges. So, sort of like Irish Viruses then ...
And the way that it is designed means that it looks to stay that way, even when it rises more in popularity.
5-01-2008 @ 8:28AM
Sakerin said...
"you have to manually run them yourself, after explicitly giving the virus admin (root) privileges"
How is this different from Windows users double clicking on the files and clicking through UAC prompts. You can add all the security you want, but in the end the OS is only secure as the person at the keyboard.
4-30-2008 @ 3:53PM
Muu said...
My password hasn't changed in 4 years, and I've never been hacked. Just don't be an idiot and you can avoid most viruses/spyware. Use a virus checker and ALWAYS scan your downloads, no matter how small. Also, if you haven't already, switch to Firefox 3.
Reply
4-30-2008 @ 4:48PM
Aticus said...
i fully agree. I change my password here and there just to be safe but you can never be too safe! Firefox has really cut down on files that SpyBot, Ad-aware, and Norton have picked up.
Don't be an idiot. The insurance is worth having because these are YOUR files. I run my virus protections once a week, right before dinner so the system can scan while I eat. I've yet to have one single virus or pop-up on my computer for the last 2 1/2 years using this technique.
-Aticus, http://www.paladintales.blogspot.com
5-01-2008 @ 7:36AM
apoxic said...
I had the same password for 3 years.
This one morning my friend says "hey you we're online just now". That was the worst feeling ever since I woke up just a minute ago and had no access to a computer before that. Obviously I'd been hacked, in one way or the other. And it bugged me out that I couldn't find a single trace on my computer for trojans or whatever.
3 days later the very same friend who's computer I've logged in on ONCE, found a trojan. He also has an account (And just dinged 70, contrary to my golds in thousands and 3 well-decked lvl70 chars) but it reimained untouched as far as we know.
Personally I'm biting my nails hoping I will get all of my things back, even though it will cost a couple of thousands to replace all the gems/enchants which I believe you never get back.
You can always protect your own system, but think twice before you log in somewhere else.
4-30-2008 @ 3:54PM
deviationer said...
http://housecall.trendmicro.com/
or
http://housecall.antivirus.com/
free online virus scan (it's legit and has been available for years now)
Reply
4-30-2008 @ 4:04PM
Todd said...
So what is fraps?
Reply
4-30-2008 @ 4:18PM
Charlie said...
Fraps is a video recorder. Its how most Machinima (in-game) is recorded.
4-30-2008 @ 4:09PM
JohnC said...
Does anyone know if this trogan is recent, because the internet (email as the target point) is expected to be hit hard on May 1st with many emails that run exploitive scripts. (This is more of an insider tip for those of you that are probably unaware of what will happen.)
So basically from now till the next few days be extremely wary of any emails that seem the slightest bit suspicious.
Reply