WoW malware beats authenticator

Trojan uses Adwords to gank your orc

Malicious hackers are spreading malware capable of beating World Of Warcraft's hardware-based authentication, according to players and insecurity experts.

The hackers are using spoofs of popular WoW sites, advertised through Google Adwords, to spread a Trojan program designed to intercept the one-time passwords generated by WoW authenticator tokens.

With high-powered WoW characters reportedly selling on the black market for four times the price of a compromised credit card, super-paranoid gamers can use a hardware token similar to those used in online banking to secure their logins.

The latest Trojan, which shows up on PCs as 'emcor.dll', executes a man-in-the-middle attack the next time the player logs in, intercepting the token-generated password and sending it off to the attacker.

While the player sees an error message, the attacker has a limited window of opportunity to use the correct password to log into the account and clean out its assets for resale on the grey market for virtual goods and gold.

The sites spreading the malware are copies of genuine WoW fan sites with subtly different URLs which show up as sponsored results in Google searches, according to a blog post from Chris Boyd of Sunbelt Software.