April 20, from Kingsoft Internet "cloud security" center of news, recently, "Thieves of Warcraft," very active variant NV. The virus is a specialized stealing online game "World of Warcraft" game account of the Trojan virus. World of Warcraft players account the general security threat.
Recently, World of Warcraft game proxy storm to become the public's attention again. Therefore, some hackers have also began to stir. Li Tiejun Kingsoft Anti-virus experts said that with the previous "Thief of Warcraft" version similar to Warcraft Thieves "variant NV will be lurking in the infected computer system, the search process of the game, and create a message hook, records of users effective information such as account number and password, and will steal the information sent to the Trojan growers through the website.
According to reports, "Thieves of Warcraft" variant NV running, will ShellHook way into the computer system to run each process, after the successful Daohao, through the website to send passwords and account information to hp: / / game. . cn/img/vip14069/wd/lin. asp.
Kingsoft Anti-virus experts said Daohao Warcraft Trojan spreads generally in two ways, one through the cat ringworm downloader, downloader dead cattle, etc. BMW download popular downloader Trojan to the user computer; other One is to use known as "permanent free" World of Warcraft "plug" or so-called "cracked version of Warcraft plug-in."
Experts, Warcraft Daohao Trojans generally through the following steps to complete Daohao tasks:
1, trying to find the World of Warcraft's "family" address - executive search. Warcraft Daohao began after the Trojan into the system checks whether the white World of Warcraft. (The process by checking whether inside Warcraft wow.exe)
2, sneaked into the World of Warcraft "home" - home thief. After finding the process of Warcraft, "Thieves of Warcraft" will release Daohao NV variant module, sneaked into the World of Warcraft process. (Through remote injection method will have Daohao function module is written in the process of Warcraft)
3, anti-night anti-Japanese, anti-family plunder - home of the giant treasure stolen. Trojan horse in which to find a special memory of Warcraft code, that code is usually World of Warcraft user name password place to find the code after the Trojans to take over the user's password on the input (via keyboard or direct reading record access memory which the user password information) and then sent to the hacker a server pre-configured.
According to recent popular features of Warcraft Daohao Trojan attacks, Duba anti-virus experts suggest that the general WoW players:
1, free download Duba cleaning experts (www.duba.net), for their computer health monitoring;
2, Jinshan network installation shield, effectively prevent Trojan horse way through the web page linked to the attacks;
3, to develop good online habits, raise awareness of network security, do not give any opportunity virus.