Go Back   WowAce Forums > General > Updaters
Updaters Updater Threads

Closed Thread
 
Thread Tools
Old 10-21-2008   #1
Xinhuan
Asian Sheep Lover
 
Xinhuan's Avatar
 
Join Date: Aug 2007
Location: Singapore
Posts: 4,033
Default Warning: New Trojan on wowui

In a new "addon" at wowui:

http://wowui.worldofwar.net/?p=mod&m=6654

Quote:
Back from the grave-WoWACE Updater!

Virus/spyware scanned on upload
Compatible with v2.4
Author: WoWACE
Download size: 754.19 kB
Dependencies: None
Updated 21/10/2008 (42 minutes ago)
54 total downloads / downloads this week: 54 / downloads today: 54
Contains DR/Spy.Ardamax.N.548 virus, according to Antiarc's antivirus. The zip file also triggered nevcairiel's Windows Defender.

[10/22 02:02:47] <@Shirik|AFK> It installs itself to the control panel
[10/22 02:02:49] <@Shirik|AFK> that's pretty awesome
[10/22 02:04:07] <Antiarc> Decompress that zip
[10/22 02:04:15] <Antiarc> And you get 3_0.2 Omen.exe and fraps.txt
[10/22 02:04:51] <@Shirik|AFK> it creates system files, registers itself with autorun
[10/22 02:05:10] <@Shirik|AFK> it's also partially encrypted so I can't really see what it does

Additional Information:
http://forums.worldofwarcraft.com/th...96588317&sid=1
__________________
Author/Maintainer of Postal, Omen3, GemHelper, BankItems, WoWEquip, GatherMate, Routes, HandyNotes and some others.
Xinhuan is offline  
Old 10-21-2008   #2
Nallebjoern
Junior Member
 
Join Date: Feb 2006
Location: Sweden
Posts: 98
Default Re: Warning: New Trojan on wowui

that shirik dude sounds really amazed by the trojan ;P
Nallebjoern is offline  
Old 10-21-2008   #3
Seerah
Legendary Member
 
Seerah's Avatar
 
Join Date: May 2006
Posts: 6,610
Default Re: Warning: New Trojan on wowui

He likes taking things apart and seeing how they work Besides - you're reading it out of context.
__________________
Seerah is offline  
Old 10-21-2008   #4
Tristanian
Senior Member
 
Tristanian's Avatar
 
Join Date: Dec 2006
Posts: 422
Default Re: Warning: New Trojan on wowui

Identified.

Dropped:Trojan.Keylog.Ardamax.NAI

http://www.ardamax.com/keylogger/

GG WoWUI. This is the second (or was it 3rd ?) time it has been hijacked and it starting to bug me having addons hosted there already.

DO NOT make any attempt to run that executable from the zip !
Tristanian is offline  
Old 10-21-2008   #5
flarecde
Amazing Member
 
flarecde's Avatar
 
Join Date: Sep 2008
Location: New York
Posts: 1,264
Send a message via ICQ to flarecde Send a message via AIM to flarecde Send a message via MSN to flarecde
Default Re: Warning: New Trojan on wowui

Why did they even allow an exe upload in the first place? ><
__________________
~ flarecde
Reality is nothing... perception is everything.
flarecde is offline  
Old 10-21-2008   #6
funkydude
Administrator
 
funkydude's Avatar
 
Join Date: Nov 2005
Location: Scotland, UK
Posts: 2,987
Default Re: Warning: New Trojan on wowui

http://www.virustotal.com/analisis/7...f0fbff035f9e8a
I submitted the file to all anti-viruses, although, expect some delay.

Quote:
Originally Posted by flarecde View Post
Why did they even allow an exe upload in the first place? ><
It's double zipped.
funkydude is offline  
Old 10-21-2008   #7
Pelf
Junior Member
 
Pelf's Avatar
 
Join Date: May 2006
Posts: 55
Default Re: Warning: New Trojan on wowui

Why would anyone ever launch an executable file from within an archive they expect to contain a WoW addon?
Pelf is offline  
Old 10-21-2008   #8
HunterZ
Legendary Member
 
HunterZ's Avatar
 
Join Date: Dec 2005
Location: Seattle
Posts: 3,368
Default Re: Warning: New Trojan on wowui

I stopped downloading all but 1 or 2 addons from that site a long time ago because of their frequent trojan episodes. I don't know why anyone would want to host anything there any more; it's slower and uglier than Curse and WoWInterface, and infested with trojan keyloggers.
HunterZ is offline  
Old 10-21-2008   #9
Tekkub
Wiki Master
 
Tekkub's Avatar
 
Join Date: Feb 2005
Posts: 5,086
Default Re: Warning: New Trojan on wowui

I LOL'd

Now how long till they delete the comments on the addon? :P

*edit* hrm... the comments have been deleted and replaced by others telling people to download it, nice.
Tekkub is offline  
Old 10-21-2008   #10
syrupk
Full Member
 
Join Date: Aug 2007
Posts: 220
Default Re: Warning: New Trojan on wowui

There is more than just that one. Someone took my metzremix, added the exe and is taking claim for it over there Getting harassed by this guy in the ui/macros forum. The files have been up there for over an hour already with tons of downloads. He deletes every comment we make.
syrupk is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:25 AM.