Wednesday, March 10, 2010
   
Text Size
Login
image image image image image image image image image
Developer Chat on Twitter That's it for this Developer Chat. If any questions were answered twice, keep in mind we had two developers independently working to jump on as many questions as possible.
We'd like to thank both of our developers for coming, and thank you all for joining us!
Addon Review: OPie From time to time, we will take a look at one random addon that make our interfaces special. From bar mods to unit frames and beyond, if you use an addon, we'll cover it here.

This time we continue with the addon called OPie.
Getting to know SWC We are starting up a new project called 'Getting to know SWC' where we will interview various guilds all around our beloved server Steamwheedle Cartel.
The Heart and Souls of Icecrown Citadel With the final battle against the Lich King just on the horizon, Lead Content Designer Cory Stockton and Lead Systems Designer Greg Street discuss what awaits players inside Icecrown Citadel and offer a glimpse at the design process behind Wrath of the Lich King's ultimate raid and dungeon encounters.
Developer Q&A on Twitter Our first developer chat on Twitter is about to begin! Please be sure to include the hashtag #BlizzChat when submitting your questions on Twitter so that we can find it.
Addon Review: oRA3 Every week, hopefully, we will take a look at one random addon that make our interfaces special. From bar mods to unit frames and beyond, if you use an addon, we'll cover it here.

This week, we continue with the addon called oRA3.
Addon Review: WIM Every week (hopefully every monday), we will take a look at one random addon that make our interfaces special. From bar mods to unit frames and beyond, if you use an addon, we'll cover it here.

This week, we continue with the addon called WIM - WoW Instant Messenger.
Addon Review: Bagnon Every week (hopefully every monday), we will take a look at one random addon that make our interfaces special. From bar mods to unit frames and beyond, if you use an addon, we'll cover it here.

This week, we start our first review with Bagnon.
Class Q&A Series
Every Q&A gathered right here.

Recent In-Game Fixes

3/4

  • In the Lord Marrowgar encounters, the boss will no longer reset threat after a bone storm and will now wait a small amount of time before attacking at the end of a bone storm.
  • In the Deathbringer Saurfang encounters, the boss is now less likely to cast Blood Nova on targets affected by Mark of the Fallen Champion.
  • In both normal and heroic versions of the 10 player Rotface encounter, the mutated infection ability will not be cast as quickly while the fight progresses.
  • In the 10- and 25-player heroic Festergut encounters, the malleable goo ability should no longer target pets.
  • In the Valithria Dreamwalker encounters, the duration of Emerald Vigor and Twisted Nightmares were slightly increased.
  • In the Sindragosa encounters, the duration of the instability debuff was slightly reduced.
 

Icecrown Citadel Zone-Buff

The optional zone buff in the Icecrown Citadel is now available and will make the instance easier for those who wants to use it. The buff currently increases total health, healing done and damage dealt by 5% and this will increase by 5% every week or month., we dont know yet.

 

Authenticator Keylogger

Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers to access World of Warcraft accounts that have authenticators attached to them. Based on information around, the file may be found in /users/username/appdata/Temp. Since the file is fairly new I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.

A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code.

The filename EMCOR.DLL was first seen on Feb 25 2010:

  • Tunisia on Feb 25 2010
  • The United Kingdom on Feb 25 2010
  • Egypt on Feb 26 2010

To remind everyone, this doesn't make authenticators useless. It just shows that not everything is 100% fail-safe. Hopefully Blizzard can get a patch out soon to help with this.

Blizzard has confirmed this:

After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.

Some info about the emcor.fll file:

Firewall IP Block

You may be able to block the IP 205.209.181.111 to help prevent your information from reaching the hackers. This is of course something that may change after they find out they've been discovered, but it should offer some temporary help while you get rid of all the files.

The keylogger will send the data to:
Host: 205.209.181.111
Port: 1068

The keylogger data file can be found in /users/username/appdata/Temp along with the DLL
The keylogger sends the "current tick" to the server. Presumably so it can tell how long it has to use the code.

Keylogger Server Details

The keylogger is a standard windows based keylogger which uses SetWindowsHookEx hooking as a debug hook (WH_DEBUG) so it gets first dibbs on typed data (Although for some reason it does pass on the data to other hooks and not block them...)

The data is set to:
Host: 205.209.181.111
Port: 1068

OrgName: Managed Solutions Group, Inc. (Known spamming server)
OrgID: MSG-48
Address: 45535 Northport Loop East
City: Fremont
StateProv: CA
PostalCode: 94538
Country: US

The Source

The distribution server is hosted in Malyasia (server IP: 112.137.162.183).

It hosts 13 other fake sites, 3 of them below:

Cursea.com
Deadlybossmodss.com
Gamesacca.com

Do NOT visit the sites. Aslong you make sure you are visiting the correct websites/adresses and nothing dodgy you are safe.

One of the sources is a fake WoWMatrix website being advertised on Google at the top of search results for WoWMatrix as a "Sponsored Link". I've attached an image below, but DO NOT VISIT THE WEBSITE. Visiting this website -- which is an exact copy of the WoWMatrix site -- lets you download a fake version of the WoWMatrix AddOn Manager which allows emcor.dll to be installed on your system. Google has been alertet.

Once downloaded, this will install the trojan Malware.NSPack which can be detected by Malware Bytes.

 

Chinese World of Warcraft project chief resigns

Just when it seemed that NetEase had finally gotten things under control to operate World of Warcraft in China, it's hit another potential road bump. The company released an official statement to Chinese press announcing the resignation of project chief Li Riqiang, according to JLM Pacific Epoch, a research firm that focuses on China. The statement did not give a specific explanation for Riqian's departure nor did it name a possible replacement to fill the seemingly important vacancy.

Since taking over World of Warcraft operations in China from The9, NetEase has faced a series of difficulties. It seemed like the company had finally gotten back on track, however, as NetEase was recently approved to run World of Warcraft and the Burning Crusade expansion. It's as yet unclear how Riqian's absence might sour that good fortune.

 

Page 1 of 21

Login Form

Latest Posts

Posted by Ruyan - 08/03/2010 18:35
Posted by Camci - 08/03/2010 09:26
Posted by héaton - 08/03/2010 09:01
Posted by Tringuri - 08/03/2010 08:33

Latest Comments

Login Form