Warcraft Custom Map Virus Issues

MagisDing · May 3, 2009, 12:27pm

Original thread: http://dota-allstars-blog.blogspot.com/2009/04/warcraft-custom-map-virus-important.html

The demonstrations in one paragraph attract me:

COMODO is the only known program at the moment to prevent Warcraft from running the malicious code as of now. Every other AV/firewall/anti-malware program other than that does not currently prevent this exploit from being used.

I was wondering which component intercept this malware, AV or Defense+? what does the popup look like?

Now Kaspersky has caught a sample:

Name of virus: HackTool.Win32.Sniffer.WpePro.w Contaminated sites are here: C:\WINDOWS\TEMP\omfg_wtf.dll

So that's one of the main behaviors: add files into Temporary Folders?

_{Edit by EricJH: made the url clickable}

Citizen_K · May 4, 2009, 1:08am

It is hard to tell without extra knowledge. May be the forum moderator has posted his finding on the forum. I would be curious to know.

If it was Defense Plus then I guess you may have had one or more warnings about the following: writing to system area, protected registry keys (to make it start up), driver install, service install, direct disk access…