---

原始連結: http://us.battle.net/wow/en/forum/topic/11041384892

這次比較棘手的是這連用了驗證器的帳號也會中招
這個木馬似乎會及時攔截帳號資訊及驗證碼並且回傳

推文裡面有提到如何找到木馬.

BZ官方現在還不知道哪些防毒程式有能力處理這東西.

如果有中的話, 請將下列資訊傳給BZ
MSInfo
所使用的Addon(UI)
最近所安裝的程式以及其取得來源
任何防護程式跑出來的結果

-=-=

Hello,

We've been receiving reports regarding a dangerous Trojan that is being used
to compromise player's accounts even if they are using an authenticator for
protection. The Trojan acts in real time to do this by stealing both your
account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I'd recommend looking for the
Trojan. It can be identified by creating an MSInfo file and then looking in
the Startup Program section of that file for either "Disker" or "Disker64".
It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw
Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw
Name-PC\Name Startup

We are currently looking for more information on the Trojan. We have not been
able to locate any anti-virus programs that will remove it besides just
reformatting your system. If you have been recently compromised and find it
on your system please reply with the following pieces of information.

Your MSInfo.
A list of any addons you recently installed along with where you got them.
A list of any programs you recently installed along with where you got them.
Any security programs you have run and their results.

-=-=

追加資訊

While this is not conclusive, every occurence I've examined has been a new or
recently reformatted system that was hit shortly after downloading addons.
There have been no other hardware or software commonalities that can be seen
in an MSInfo. Due to these observations, something related to addons or the
aquiring of addons leads our suspect list. Again though, not conclusive.

Also, I just received a report that an updated Malwarebytes might have
removed the infection, but this is unconfirmed. We're trying to get removal
logs from the player to examine.

--
再追加資訊

哪些防毒可以掃到
http://us.battle.net/wow/en/forum/topic/11041384892?page=6

You can see all the antiviruses which detect it already here:

https://www.virustotal.com/en/file/85...dd79c0344/analysis/1388723212/

This includes Ad-aware, BitDefender, F-Secure, Ikarus, Mcafee, Panda,
Symantec/Norton, TrendMicro-HouseCall & VIPRE.

These don't pick it up yet, but I've submitted the trojan to them:
AVG, Avast, ClamAV, Comodo, DrWeb, ESET/NOD32, F-Pro, Kaspersky,
Malwarebytes, MSE, Norman, SuperAntiSpyware, Sophos, TrendMicro, nProtect.
--
這次的資訊比較嚴肅所以不塞簽名檔了...
--
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 71.131.178.96
※ deathson:轉錄至看板 C_Chat                                      01/03 12:11
※ 編輯: deathson        來自: 71.131.178.96        (01/03 12:34)
已修正 多謝
※ 編輯: deathson        來自: 71.131.178.96        (01/03 13:20)

--