Get an Epic Experience with Premium

Keylogger Warning: Authenticators Now Vulnerable

By 18 Comments 4595 Views

Tags

Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers access to World of Warcraft accounts that have authenticators attached to them. It's also possible there are other variations of these suspicious files, so if anyone has additional information please respond in the comments.

Based on this thread, the file may be found in /users/username/appdata/Temp. Since the file is fairly new (first mentions of it are only a few days ago), and the common source is unknown, I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.

A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code. Thanks to Cameron for posting about this on the World of Raids forums, too.

Related Articles

Comments

First Previous Page 1 of 2 Next Last
  • Posted 2/27/2010 7:17:59 PM #1
    Megamanx266
    Megamanx266's avatar
    • Posts: 308
    For some reason I find this skeptical, I mean they'd have roughly 30secs to use the number and get into your account. So you'd have to actually WATCH and then time it right to log in. At least from what I understand.

    Of course once they get in the damage is done. Too bad they can't actually REMOVE the authenticator :P
  • Posted 2/27/2010 7:51:51 PM #2
    Kody
    Kody's avatar
    • Posts: 1209
    The code lasts longer than 30 seconds. It's around 2 minutes or so.

    But I mean, this isn't some random person stealing accounts. These are companies that make money off of doing it, so there is bound to be someone watching 24/7.
  • Posted 2/27/2010 9:43:54 PM #3
    Xdoctor
    Xdoctor's avatar
    • Posts: 1
    actually they can remove the authenticator if they log in to your battle.net account correct?
  • Posted 2/27/2010 11:32:46 PM #4
    Megamanx266
    Megamanx266's avatar
    • Posts: 308
    @lucifersatan

    No they cannot, my girlfriend had to fill out a form and either email or fax it off to Blizzard in order for it to get removed. Now I can see why.
  • Posted 2/28/2010 12:45:11 AM #5
    dragmen4
    dragmen4's avatar
    • Posts: 4
    @ Kody... the authenticator code lasts for 1 min b4 changing to the next...

    @Lucifersatan... i never had to fill out a form to remove it... to remove an authenticator u must first log in... then go the the authenticator page on battle.net after that you must give Blizz 2 consecutive codes to remove it.
  • Posted 2/28/2010 12:47:59 AM #6
    Bloodflood
    Bloodflood's avatar
    • Posts: 29
    Kody, don't dare elevate these degenerates by making claim their circle jerk of failures is a "company". Its just a herd of Dragonball Z nerds fueled by permanent virginity screwing over regular players in between marathon 2inchstiffy hentai spanking. If that's a company then every homeless bum turning in coke cans for the change are fortune 500 CEO's.
  • Posted 2/28/2010 2:11:59 AM #7
    Wall
    Wall's avatar
    • Posts: 139
    glad i dont play wow anymore :)
  • Posted 2/28/2010 3:13:44 AM #8
    Hegarol
    Hegarol's avatar
    • Posts: 1246
    Glad I am not using Windows :)
  • Posted 2/28/2010 4:10:48 AM #9
    Wikkus
    Wikkus's avatar
    • Posts: 1
    Please change the title: Authenticator != vulnerable; Morons = vulnerable.

    Seriously, it's not the authenticator being hacked...
  • Posted 2/28/2010 7:02:31 AM #10
    Heydan
    Heydan's avatar
    • Posts: 40
    hahaha how can people still pay for such things?:))) "Here's an authentificatorz for making Le Stuff secure ow snap it it's been hacked:)" Maybe queue down Le Porn sites and you won't need to throw away money.
  • Posted 2/28/2010 8:50:14 AM #11
    angelrock
    angelrock's avatar
    • Posts: 982
    The authenticator is not the problem. Not having good anti-virus/spy ware is. Active virus programs that update each time you log on will keep this off your computer. This is just a keylogger that stops WoW from logging in at your end and then tells the site you got keylogged from what you just did. No real person need be at that site to use this info. Just a bot that auto loots your account.

    BTW Heydan, you are a moron. It is still the best investment you can make.
  • Posted 2/28/2010 8:59:33 AM #12
    angelrock
    angelrock's avatar
    • Posts: 982
    I want people to realize that this keylogger will steal your account even if you do not own an authenticator. It just has added lines of code that keylog the keyboard strokes you do to input the numbers then stop World of Warcraft from completing the log in. The big difference is that this one is very fast at getting into your account. It does not sit on the info for months like most keyloggers do.
  • Posted 2/28/2010 10:15:56 AM #14
    angelrock
    angelrock's avatar
    • Posts: 982
    You are totally right Wowza.

    This one is new and searching for EMCOR.DLL is the best defense right now. Looks like my anti virus is at Feb 21st for new threats so figure a few more days of "OMG my account was hacked" in vent. I suggest guild leaders lock down their guild banks a bit for the next few days.
  • Posted 2/28/2010 11:07:46 AM #15
    Alucaurd
    Alucaurd's avatar
    • Posts: 1
    Just letting you know, there is possibly another one out there. I just logged in and don't have that file, but my Anti-Rootkit is showing a file like this
    C:\Windows\xhunter1.sys Hidden Driver
    C:\Windows\vtany.sys Hidden Driver
    C:\Windows\xhunter1.sys Hidden Driver
    C:\Windows\vtany.sys Hidden Driver
    We may want to be more careful with what we do. This is actually getting me worried about my account..again.
  • Posted 2/28/2010 11:29:01 PM #16
    Phil_McCaffrey
    Phil_McCaffrey's avatar
    • Posts: 3
    Hi guys, quick question will using the on screen keyboard be a temporary soloution until blizzard fix this completely? Because i'm thinking if this thing logs keystrokes then using the on screen keyboard it can't log. Sure it takes about a minute or less longer but if it keeps us safe for a while longer it may be a good soloution
  • To post a comment, please login or register a new account.
First Previous Page 1 of 2 Next Last

Popular News

Login to Curse

Don't have an account? Create One.

Get an epic experience with Curse Premium
  • Faster addon downloads
  • Premium-Only Beta Giveaways
  • Ad-Free Curse experience
  • Premium Curse Client
  • and many More Features
  • Learn More »

Maingear

ENTER NOW