WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.

What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.

This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.

What can you do to prevent this from happening?

Two things:

1. Change your password, now!
2. When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so.
   

We've alerted the makers of Fraps to the problem, and if appropriate, will post their reply.

Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.

Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

You'll want to be a bit more cautious when looking up information on the game today. World of Raids reports that an unknown ad banner appearing on Wowhead, Thottbot, and Allakhazam has an embedded keylogger trojan. You don't even need to click on the banner, apparently, simply mousing over it will be enough. Wowhead says that all they know for sure is that it originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com." They're working at isolating it.

The issue is known, and all parties involved are tracking it down, so it should hopefully be resolved soon. In the meantime, if you're looking for a quick way to protect yourself, I would follow the recommendation of World of Raids, and try out the Firefox web browser and the No Script extension. As long as you keep the scripts blocked, it should prevent the banner in question from forcing itself on you. This should also provide you with some protection if you accidentally click on the wrong link elsewhere, such as on the WoW general forums.

Edit: Apparently, the virus in question is not an actual keylogger, but it still does a number on your system, which is reason enough to try to avoid it.

According to MVP Schwick on the EU forums, several different anti-virus scanners have started detecting the Blizzard background downloader and some patch files as malware. With as much trouble as you can get into with certain kinds of malware, this sort of alert would be bound to panic anyone. However, this one has been confirmed by Blizzard as a false alarm. For now, be sure to download the latest updates to your anti-virus scanner, and if it detects any of the following, it's likely a false positive:

• Trojan-PSW.Win32.WOW
• R/PSW.WOW.RG.3
• Trojan horse PSW.Generic4.TUV

However, if, after upgrading your anti-virus software, you're still getting virus messages? Report it on the tech support forums. As Blizzard EU rep Torzelyn says:

Updating the Virus Scanners is removing the Trojan alert, but if your particular scanner is still flagging it as a trojan, please don't patch the game just yet. I'm sorry but I'm just wanting to be cautious. Although it appears to be a false positive, as with Kaspersky, AntiVir etc.. updating the definitions is solving the problem, I don't want to just say 'use the files' because there could still be a problem somewhere.

[Via BlizzPlanet]

I saw this screen shot last night on the WoW LJ community, and I have to admit, it took me by surprise. This is the first time I've ever actually seen the World of Warcraft launcher/load screen come out and point-blank warn people about the presence of Trojans on their machines. As there are a lot of variants of this particular Trojan out in the wild, that specific name doesn't surprise me.

Considering the fact that two Blue accounts were recently compromised, it looks like it's a good time to once again make sure your systems are patched, your virus scanners are up to date, and that you've got some good lines of defense against these Trojans. (Personally, I'm a huge fan of FireFox and some of the browser extensions that have come out for it.) Or, as some of my friends have told me, I could just get a Mac, and not have to worry so much about these kinds of things either. I keep telling them I'll happily switch when they buy me one.

It's raid night. You've farmed your mats, topped off your repair fun and loaded up on pizza and cola. But for some reason you can't log on. You're sure you typed in the right password, but no go. You IM you guildie: "Are the servers down? I can't get in." His reply sends chills down your spine: "We just saw you at the bank. Why was your toon naked?"

Years of hard work gone. Someone else accessed your account and stripped your main of all his gold, bank items and tradable equipment. "But I don't give my password to anyone!" you wail. You don't have to, the keylogger program knows it anyway.

What's a keylogger? It's a small, virus-type program that can accidentally be installed on your computer. How might a keylogger be installed on your system?

• Visiting an untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.)
  
• Downloading addons (or other files) from an untrustworthy site. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source you trust!

Once a keylogger gets installed, it starts recording every keystroke you make. And when you type in your account name and password for your WoW account, it captures that, too. The next time you access the Internet, it sends your private information to the hackers who use it to log into WoW and strip all your characters of everything valuable leaving you with a penniless toon wearing nothing but his trousers.

This all sounds pretty scary, but don't worry -- there are ways to protect yourself from keylogging programs!

Microsoft has caught on to what many Warcraft players already realized - our characters and in-game items are valuable. And for some, the value of your account itself is higher than that of the credit card you use to play the game with, making account theft a lucrative target. And, while Blizzard can help restore stolen in-game goods, once your account has been compromised, it's a long and tedious process to get it back. So in all cases, it's better to protect your account before-hand - while most of it's common sense, Blizzard has some good advice on that front.

[Fan art by Sarah Jaffe]

A new trojan is out in the wild looking to steal your Warcraft login information.  Once infected, this virus will attempt to log all keystrokes sent between your computer and  the login servers (us.logon.worldofwarcraft.com or eu.logon.worldofwarcraft.com).  Any data it collects - which would include your username and password - will then be sent off to a remote attacker.  Symantec is currently reporting that the virus hasn't spread far yet, but it's time-consuming and difficult to recover a lost account, whereas it's fairly quick and painless to make sure your anti-virus definitions are up to date.

A new trojan out in the wild is attacking computers with the goal of stealing your World of Warcraft account information.   It may seem like a trivial target for virus writers, but there's definitely money to be made reselling in-game items - and, thus, money to made by stealing your password.  So be certain to keep your anti-virus up to date and if your account has been compromised, contact a GM or the billing department, but expect a lengthy process of investigation to have your items or account restored.