WoW Players Targeted By Windows Flaw Exploit

grimwell writes "The BBC is carrying the story that the ANI flaw is being used to target World of Warcraft players, as hackers search for account details. 'Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group ... Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.'" Doubtless, any compromised accounts would quickly see their equipment sold, and the resulting gold transferred to another account. This gold would then be sold for US currency to Real Money Traders like the company IGE.

A cold day in Hell..

World of Warcraft is considered a better target for theft than a credit card. What kind of nerds are running those crime syndicates these days? Maybe if Blizzard came down on more of these gold-selling, account-selling, and item-selling service providers, this kind of nonsense wouldn't even be an issue.

Re:A cold day in Hell..

What hole have you been hiding in? Anything that happens on Blizzard's servers is THEIR property. They can do whatever they like with it. By 'come down on' he means 'ban accounts'. If these 'gold-selling, account-selling, and item-selling service providers' lose more money than they make, they'll have to give up. It takes time and effort to amass stuff to sell, and there are companies -paying- people to amass it. If they have no way to do their thing, they'll have to stop.

Having said that, short of shutting down all the servers, there's no way to stop it. Even having to start from scratch constantly, they'll still make enough money to keep going and hopefully outlast Blizzard's fury. Blizzard can't afford to hire enough people to police this well enough to stop it.

Re:A cold day in Hell..

Ah, history is full of examples how making something illegal completely eliminates it. *rolls eyes* More laws make more criminals, and if Blizzard came down on this, they would only drive this arms-race to higher levels. *OR* they could cash in on this (first and foremost), and also improve the game so that IT ISN'T A FRICKEN SECOND JOB!

See, this is why I quit WoW - the fact that 90% of the time one has to "farm" or wait for a raid to assemble, or dully point their running character along some path across the map. I paid them money to escape the daily grind, and look what happened - I got into an even more boring grind. And, of course, there is no way to escape that grind either, because that's the only way to even get to the "fun" 10% of the game.

If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story.

Re:A cold day in Hell..

If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story.

Yep, and they'd lose a lot of paying customers shortly afterwards. Here's the rub with games like WoW: they're largely a pissing contest where people like to gloat about how much better stats they have, how much better their gear is, how high their tradeskills are, etc. (and this is coming from someone who actually does play the game quite regularly).

If they took out the grind, the coveted "status" that so many either love to maintain, or love to strive for, vanishes. Everybody is left with just the game for the game's sake, which while arguably the way it "should be" won't work for WoW because the game engine itself isn't the most interesting thing in the world.

That's mainly why all the gear in TBC was so overpowered compared to the original campaign. People were finally getting to the point where many realized they were NEVER gonna make it into BWL, much less Naxx, and starting to lose interest. They gave them some major gear upgrades so that they can feel like "wow, I'm a badass - this stuff blows away the gear I saw those raiding guys walking around with a few weeks ago". Then they get back on the treadmill to try and reach that status again. Stupid, but if you take away the treadmill a lot of them will see no point.

Awflly big brush you're tarring with...

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?

Re:Awflly big brush you're tarring with...

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?

Why, you could click on their web page [ige.com] and note the tagline "IGE, Buy WOW Gold, World of Warcraft Gold, FFXI Gil, Final Fantasy XI Gil, Lineage 2 Adena". These guys are assholes and proud of it. They don't deserve apologists.

Maybe I should also dig up the evidence that in the past they were involved in authoring trojans...

Warning for players upon startup

Is there some sort of big warning popup in WoW for players as they start the game up? (prior to entering a username/password)? I know that Guild Wars has special "news items" alongside the login form that you can read without having to actually log into your account. It would be cool if Blizzard (heck, and ArenaNet) had a giant warning that came up for the next few days informing people of this issue and of the upcoming fix from MS (or am I confusing my vulnerabilities/fixes here?...). That might help folks out perhaps.

Irony?

I dont RTFA but im assuming u have to go to one of those "power lvl" sites for this to happen (or any other site). That means that people that buy gold and items (ilegal according to blizz) with real cash have big chances of getting hacked. If all this is true why should blizzard care? this is theire anti-power lvl system. RandomGM : WORKING AS INTENDED.

OMFG! What about my Slashdot Account?

I just hope no one ever figures out a way to do this with Slashdot accounts. If WoW accounts are more valuable than credit cards, then Slashdot accounts must be more valuable than, I guess, say Dilithium Crystals or Ewok slaves. I think I have finally going to have to upgrade to Windows98 from Windows95. It probably is mature enough at this point.

Preferred MS patch procedure

What Microsoft should have done, instead of investing significant amounts of its own resources into the security patch, was tether a huge, yellow exclamation point over the Redmond campus. Wayward WoW players would be inexorably drawn to it where they would find a Non-payroll Personnel Coordinator (NPC) who would relate to them the details of the bug and why it needs to be fixed. Harvesting the collective zeal of the WoW community in such a fashion, the solution to the issue would have been presented to Microsoft promptly and at little expense. Patch notes could even be copied and pasted directly from the resulting Wowwiki page.

Incidentally, I plan to use a similar process to reduce the amount of manual labor around the home.

WoW

Must suck having to worry about Windows exploits when you play WoW. One of my arena team members was complaining the other day that she needed another gigabyte of RAM to play WoW in Vista, too. I don't know if this is an issue in OSX since all my Apple machines came with 2gb.

There's been a recent surge in the number of gold farming and leveling service spammers in the game lately, too. Your only recourse with those is to disable the whisper channel, which you can do from the chat menu. Unfortunately then you can't get whispers. I'm pretty sure all these spams are coming from trial accounts. It'd be nice if Blizzard could include an option to ignore trial accounts. I suppose it'd also be possible to write a plugin to ignore whispers from people not on your friends list, but that's still a pain in the ass.

Simple Solution

There is a simple solution to this. Instead of banning accounts and ignoring the fact that no matter what they do, people are going to pay hard cash for in game items, Blizzard should follow Sony's lead.

If they would control the whole secondary market process, it would help them track stolen property and give them a lucrative second source of income. Instead, they would rather take a hard stance and deny this is even happening.

I for one am glad the WoW Care Bears guild

tends to use Mac Minis to play WoW on.

My female gnome mage giggles at the Windows ANI exploit!

MMO's being a "grind".

When will people realise this is basically the whole POINT of an MMO? You grind to gain better items. That is the underlying principle of an MMORPG.

Want a game where you can jump into the action on an equal playing field? FPS's are out there, as are RTS, etc.
If everyone started at 70 on WoW the game would become incredibly boring. PvP? Why? No rewards except pride.

Locking/unlocking items

Blizzard should implement the possiblity to unlock/lock items for disenchanting and selling.

Locking an item would be instant. Unlocking would take two or three days. They could also add a notice that one or more items have been marked to be unlocked when you login. This will alert you of anyone trying to get to your gear.

This would not solve the problem but it will make sure you dont lose your gear when your account is hacked.

Re:Soulbind Gold?

That would render the wow economy useless... You would only be able to buy from npc's and not from other players.

Re:Soulbind Gold?

Right, so money and goods that are yours permanently and don't give you a way to trade with other people... Yeah, great idea. I don't play WoW, but soulbinding (as you describe it) would only be good for a small handful of your goods that you -KNOW- you will never part with.

And you do realize that money is useless if you can't use it, right?

Re:Soulbind Gold?

Well, if you could un-soulbind it, then that would probably be a good idea. Also, if you wanted to get rid of some sole binded gold, you could just buy an item, and then sell the item to another character.

Great, so now only someone who has access to my account can steal my gold and items! That solves everything!

Re:Soulbind Gold?

Most gear is soulbound upon equipping it, but 99% of the stuff you own can still be sold at a vendor for gold. The amount you get depends on the quality of the stuff you're selling. Gold isn't bound to your character. If it was, you wouldn't be able to spend any of it.

Re:Soulbind Gold?

Soulbinding isn't a choice--it's something that happens to some items (most often quest rewards) that prevents the reward from being transferred/used by other players. Gold cannot be soulbound--as others have pointed out, that would render it somewhat useless. Soulbound items can be sold to NPCs, however they can never be bought back. This does mean that soulbound items would still have value to a hacker who was trying to make real-world money.

Re:Soulbind Gold?

Almost all equipment in WoW becomes soulbound when equipped. Some items become soulbound when you pick them up. I would imagine that account hackers just sell these items to NPC vendors.

Re:Soulbind Gold?

Gold can't be 'soulbound', but a lot of valuable items are. Also, the player can't really control wether it should be soulbound, it happens automatically. For example, some items 'bind' on pick up when you loot it from the corpse of something you just killed (BoP), some do so after equipping them (BoE). Therefore the chances of finding an unbound item on a player that would sell for a lot of gold on the Auction House isn't too big (unless he crafts them with the intent of selling).

All items (including bound ones) can be sold to NPC vendors however which will yield a relatively small amount of gold. I imagine that these people hacking WoW accounts will just 'vendor' everything anyway to get as much gold as possible.

Re:Soulbind Gold?

Equipment, yes.
Gold, no.
Trade skill items, no.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

WINE strives for "bug-for-bug" compatibility with Windows. Are you really safe?

Re:Soulbind Gold?

Some items can be soulbound, either when they are first obtained ("Bind on Pickup") or when they are first worn / wielded ("Bind on Equip"). However, even soulbound items can be sold to NPC merchants. Also, there is no way to soulbind gold, or any item not already marked as bindable.

Re:Soulbind Gold?

Don't WoW players have the option of "soulbinding" their gold and other items, so that only their own character can use them? This would seem to be the easiest fix for the problem of account hacking.

Soulbinding is for items only, which can still be (rare cases, not withstanding) sold to the vendor for gold. Gold cannot be soulbound. Which is why, on hacked accounts, the person is left naked and pennyless. Everything in liquidated into gold and the gold is transferred to another.

However, that is really a interesting idea. How would a game economy handle the idea of no inter -player trade? I would find that an interesting concept to test out. The game would have to be designed where 'all players are equal' in a sort. Everyone could craft any item (or require that you can only get crafted items from NPC vendors). Killing a monster and looting would give full value of money and items to everyone. (A monster drops 10 gold and all 5 players who killed it get 10 gold each. as well as a copy of the weapon or armour it dropped). Heck, a monster would no longer even NEED to drop items. They can just drop money and (as WoW is turning too) special tokens which can be exchanged for items at the high-end.

It would remove an 'economy', for whatever a virtual economy is worth (as technically, everything is limitless). Though I know a lot of people like the idea of 'trade' (I'm one of them), the real question is, does a 'game' really need it? I guess this is close to how Guild Wars works when you only play with NPCs. All items dropped are given to you and gold is reduced by the number of NPC party members. While some items can be dropped from monsters that you use, often find that armour is crafted for you by NPCs who require crafting materials you salvage from item drops and some gold. In essence, it's kind of like only getting gold from monsters.

Do so, does take something away from the 'feel' of the game, but it also can add to the 'work' of the game and I often find this adds to my own 'burning out'. Tough choice, but I like the idea and would like to see how people reacted to a game once they've played it fully.

Cheers,
Fozzy

Re:Soulbind Gold?

Unfortunately no. "Soulbound" items, aka BoP (Bind on Pick-up), can be sold to NPC vendors, but can't be traded to other players or put up for in-game auctions. As I'm finally starting to get to a decent level, some of those items can hit hundreds of gold. If someone were to hack a lvl 70, between the gold on them and the items, we're talking a good chunk of change. But there's no way to make an item or currency bound to a single player.