Warcraft Custom Map Virus - Important!
Warcraft Custom Map Virus, a Must Read! There's been a big fuss lately on Battle.net because a new exploit has been circulated amongst hackers. The exploits allows for a custom map to execute arbitrary code on a client and install trojans/viruses/keyloggers outside of the Warcraft III engine. In simple words, by just join an unknown person who host the Warcraft III virus map, your pc will be infected when the game started. And Dota is now become the largest target of this virus. This is not hoax or rumor, Dota-Allstars forums (and Battle.net forums) already stickied this topics. I really recommend that you read this article until finish for your own good.Hackers created fake Dota maps that use the same file extension/directory as DotA 6.59d. Therefore you will see the loading screen displayed in your custom game list and it is effectively impossible to take precautions against, as it has no discernible difference from joining a normal DotA game. It is highly recommend that you stop playing public dota games until blizzard can patch this exploit. They have already had it brought to their attention.'
For those who doubt how dangerous this is; by mimicing dota, anyone who has already downloaded the legitimate map will see the game displayed in the custom game screen with the proper loading image, and it finishes downloading before you switch to the game lobby screen, as it is a tiny file size. Once you enter the game, the virus will unpack itself and infect your computer, allowing malicious code to be executed at the whim of the hacker. This means a malicious user will be able to grab everyone's cd-keys in a game, plant a keylogger in your computer, any known virus etc.
Props go to Maged@Battle.net forums for bringing this to attention.
http://forums.battle.net/thread.html?topic...58&sid=3000
Don't join games of DotA hosted by people you don't know. This applies to public games, TDA, etc. The best precaution you can take at the moment if you want to continue to play DotA, is to keep your Warcraft III maps folder open, and see if any new files are downloaded when you join a game. If they are, immediately leave the game lobby, before the host can start the game (and infect you), and delete the new map file. If your computer has been infected, you should run the best antivirus software you can find, and Don't log into any accounts on your computer, Warcraft III, email, etc, as there is a high probability of getting your password keylogged. If you are certain your computer is infected, the only surefire way to eliminate it is to reformat your computer.
COMODO is the only known program at the moment to prevent Warcraft from running the malicious code as of now. Every other AV/firewall/anti-malware program other than that does not currently prevent this exploit from being used.This is what ChildLikEmperor, Dota-Allstars forums moderator, said on his thread. But if you have another AntiVirus that can detect it, feel free to share it here.
Blizzard has been notified about the issue. The safest thing to do at the moment is to not play DotA or any other custom map until Blizzard release new patch. OR, you can carefully choose your host when joining a game even though certain risk is still there. Honestly, i prefer the second choice, because it will be hard to stop playing Dota ~_~
Update:
Thanks for anonymous who give this information.
Name of virus: HackTool.Win32.Sniffer.WpePro.w
Contaminated sites are here:
C:\WINDOWS\TEMP\omfg_wtf.dll
Looks like the virus file is on :
Note: Warcraft Patch 1.23 is also vulnerable for this virus!
hey why only comodo??!! are they promoting comodo AV??!! it dont make any sense that they are stopping us from playing DotA on the net!!! an anti-virus software or whatever the brand maybe, it always detect a virus eventhough its not in the virus database yet..the game jaz crashes n u cant continue to play anymore..the 6.60 beta 44 is one example, maybe its a new virus or maybe not...so to the one u said that it was a virus, can u give me the name of your anti-virus so i can DL it then scan also the beta 44 6.60 map? tnx...
ReplyDeleteI'm gonna miss the days when you can just go out and play DotA with no worries. :(
ReplyDelete@raz44 - Comodo is the antivirus recommended by the Dota-Allstars Moderator because it
ReplyDeletes already proved to prevent this virus. I believe he didn't have commercial purpose. If you know other antivirus who can detect this virus, feel free to share it here :)
Thanks for the response.
You might think Dota is one of the #1 games in the world, but actually its also the number #1 hated by 50% of the people who does warcraft. Check hive workshop, almost all the people there hate dota. But I dont blame them nor accuse them. Im just stating facts :)
ReplyDeleteANyways, just to be sure. Always Download from: www.getdota.com
and if you joined a game, and its not recognized by your warcraft. QUIT ASAP.
Or Possible, don't play 6.59d or 6.57b versions for now.
Good day. Already got on this thing! Kaspersky quickly responded!
ReplyDeleteName of virus: HackTool.Win32.Sniffer.WpePro.w
Contaminated sites are here:
C:\WINDOWS\TEMP\omfg_wtf.dll
Be careful!!
NOO!!!!!!!!!!
ReplyDeleteI'm shocked! Now I can't just sit down in front of my computer and play DotA with this virus.
OMG! I must be careful....
WE must be careful!!!!
AVIRA ANTIVIR
ReplyDelete(best free program for 2008)
one of the best antivirus
i have this program ... and when i started the map ... the antivirus DETECTED ...!!!
so... ;) and deleted the virus
This comment has been removed by the author.
ReplyDeleteBit defender can do it to.
ReplyDeleteWhen i play, the warning shown.
And deleted it.
But it seems the Virus shown again when i play DOTA, Help me...
Hi, my AV programm is NOD32.. it detected it also.
ReplyDeleteI caught this virus over a year and a half ago its not new only now it's spread.I got it only once and havent goten it again thats why i was surprised when in an faq blizzard said that custom maps maps couldn't be to cary the virus because they were not executables.
ReplyDeleteRead ppl COMODO isnt the only one to detect its the only one at the time of the mods post that could "prevent Warcraft from running the malicious code" meaning it doesnt infect u and u nvr need to detect it since it nvr gets installed.
ReplyDeleteI was the one who first wrote here and I detected the Virus with AVIRA Antivir Freeware. It was deleted completely after the map started.
ReplyDeleteit still doesnt make any sense coz this is not a .exe file..im wondering how this so-called virus works on every pc, its like noob-created virus anyway..it doesnt replicate, it only take passwords and other secured files on hard drives??? if detected, jaz delete it right away..and why on temp folder? maybe its a malware..
ReplyDeleteso bored 2 wait 4 6.60..heard that it will be released next year...
ReplyDeleteWTF!!
Anonymous said...
ReplyDeleteso bored 2 wait 4 6.60..heard that it will be released next year...
WTF!!
@Anonymous
Lol, it cant be released next year, its too long..Maybe it'll be released this or next month. but i think it will be released this month :P.
hey can i ask something i dont play at battle net but i do play at GARENA if the host has the virused dota map will i get infected...?? in GARENA of course
ReplyDeleteIf you join a Garena game, and your computer starts downloading the map (you'll see the number next to your name), then that's the virus being downloaded to your computer. If the game starts, the virus is run.
ReplyDeleteSo... if you see your computer downloading a map that you should already have, immediately leave the host.
WATCH THIS :
ReplyDeletehttp://warcraftpk.com/Warcraft-1.23b-Patch-Custom-Map-Virus-Important.html
DID YOU COPY HIM OR IS HE COPIES FROM YOU
ReplyDeleteLOL LINK IS IMBA MUST WATCH :D
ReplyDeleteOH SHIT THE MAP WAS ALSO IN GARENA MAN I SHOUD STOP PLAYING WC3 FOR A WHILE N PLAY OTHER ONLINE GAME
ReplyDeleteWell then not many people gonna play these days, but what happen if I HOST A GAME (DOTA)? It will be SAFE right? or there is any other way to be infected?
ReplyDeletehello... hapi blogging... have a nice day! just visiting here....
ReplyDeleteTO PREVENT THIS WITHOUT ANY HASSLES OF CHECKING YOUR MAPS DIRECTORY
ReplyDeleteDENY WRITE PERMISSIONS TO THE Warcraft III/maps folder
use google to find out how to do that
for me, i just won't play dota till its patched
ReplyDeletei play this to kill time
http://johnfgiggity.mybrute.com
its pretty fun
I think we can certainly prevent this virus by using a updated antivirus like Kaspersky.
ReplyDeleteWPE PRO?
ReplyDeleteSo a packet sniffing trojan. It is used to hack multiplayer games.
Never thought DotA can be hacked using this.
I think most of you haven't seen the news in the other thread. Beta 45 has been leaked, we're discussing it there.
ReplyDeletehttps://www.blogger.com/comment.g?postID=6135536141977004311&blogID=8207692519131131689&isPopup=true&page=2
i think that if i host a game there is no chance of beeing infected, is there?
ReplyDelete@above - yes, as long you are hosting original map, you are safe :)
ReplyDeleteargh, i hate that MKB true strike
ReplyDeleteearning butterfly means nothing
too powerful modification i think
perhaps it is more interesting to add elemental item like, ice guard that nullify any ice effect but weak against fire vice versa
@Suya Lynx
ReplyDeleteu'r on a wrong post man...
Here's a hotfix guys:
ReplyDeletehttp://files.filefront.com/OverflowFixrar/;13717253;/fileinfo.html
Also you can play in a virutal console such as Sandboxie to stop it harming your PC :D
sorry for thw wrong comment post
ReplyDeletebut i am sure that i clicked the post comment link on dota 6.60 beta 45 post
why did it ended up here?
that day i post, 6.60 beta 45 is the newest post
hey alief, does the blog tricked me?
@suya lynx - Um, i'm not sure why. But it's never happen before, so perhaps you accidentally click the wrong link lol ^^ Anywat, i'm still appreciate your comment even though it went to different post, so take it easy :)
ReplyDeletei'll be sure to bookmark your blog
ReplyDeleteahahah!...
ReplyDeletejohnfgiggity is indeed funny!...
i'm ur student there!...
ahahah!...
ahahah!...
MyBrute rocks!...
Dota RULEZ!...
Virus sucks!...
Hi guys,
ReplyDeleteI know most of the DotA community is kinda nervous about this latest exploit. To allow you to play with peace of mind until Blizzard's 1.23b patch comes out (and a new DotA map comes out to support the changes), please try my utility, Sentinel. It is a lightweight program that basically monitors your Downloaded maps folder for any changes. If there is a change it plays a warning sound. Then you can leave the host before the game starts, so any malicious code isn't executed.
Please read the full thread at:
http://www.playdota.com/forums/showthread.php?t=6482
I have also posted the original source code, so you can be sure this is not a virus of its own.
Is it safe to play yet?
ReplyDeleteIt was extremely interesting for me to read this article. Thanx for it. I like such themes and anything connected to this matter. I would like to read more on that blog soon.
ReplyDeleteo hey geniuses its the exploit not a virus .. and there is no cure. its any game that was compiled with jass script compiler engine. alls u have to do is some string hops to convert it into the local machines os commands. from their whatever text files you have the power to shove in plai english can be put there. any virus from that point is possible. and no your antivirus cant do shit about it if the know how to use an obfuscator. the major point for this if it was usefull id say u could make a rat or an autohotkey exe download eand execute on their side. so that u could spoof to the game host creators name .. disable their anti cheat . logically this should be rated critical ++ on each and every antivirus site. DO YOU REALIZE HOW MANY GOVERMENT AGENTS PLAY WC3 BEHIND TOP SECUIRTY WALLS!
ReplyDeleteanyways. once i figure out the script kiddie method of how to convert to dos (or linux ) commands... ill be lord of the wc3 server im on...
would u like a ban cookie?
Opportunities for hackers to harvest money from gamers user account user ID and password by using the malicious map. It's perfect ground for robbery ;)
ReplyDeletezhengjx20160412
ReplyDeletenhl jerseys
insanity workout
nike air max uk
louis vuitton purses
tods outlet store
oakley sunglasses
louis vuitton bags
replica rolex watches
michael kors handbags
ray ban wayfarer
nike air max uk
oakley outlet
michael kors outlet
jordan shoes
michael kors outlet
hollister clothing
ugg outlet
coach outlet
michael kors outlet clearance
coach factory outlet
coach factory outlet
gucci handbags
oakley store
hollister clearance
ray ban eyeglasses
coach factory outlet
cheap oakley sunglasses
oakley sunglasses
louis vuitton outlet
pandora jewelry
kate spade outlet
tory burch boots
gucci belts
abercrombie and fitch
air jordan 8
cheap louis vuitton handbags
burberry handbags
jordan 3 retro
nike free 5.0
michael kors outlet
oakley canada
ReplyDeleterolex watches for sale
oakley sunglasses
versace sunglasses
chrome hearts outlet online
dior sunglasses
ferragamo outlet
burberry outlet online
bottega veneta outlet online
tory burch outlet online
discount michael kors handbags
ghd uk
ray ban sunglasses
swarovski crystal
ralph lauren outlet
reebok shoes
michael kors wholesale
adidas trainers
cartier watches for sale
ralph lauren uk
rolex watches,rolex watches,swiss watches,watches for men,watches for women,omega watches,replica watches,rolex watches for sale,rolex replica,rolex watch,cartier watches,rolex submariner,fake rolex,rolex replica watches,replica rolex
phone cases
christian louboutin outlet
coach outlet online
beats by dre
tiffany outlet
mulberry handbags
tiffany jewellery
tiffany jewellery
fitflops clearance
nike tn pas cher
coach outlet online
omega outlet
true religion outlet
kate spade uk outlet
20160420caihuali
nba jerseys
ReplyDeletemichael kors
rolex replica watches
coach outlet
true religion jeans
michael kors outlet
mont blanc pens
skechers outlet
coach outlet
nike trainers uk