Reply
 
Thread Tools Display Modes
Unread 01-15-13, 03:16 AM   #1
fogtoo
A Kobold Labourer
Join Date: Sep 2007
Posts: 1
Trojan in UI-pack

Couldn't find anywhere to post this, but I found a trojan in this UI pack here:
http://www.wowinterface.com/download...-GanazaUI.html

http://www.f-secure.com/v-descs/trojan_w32_antiav.shtml
fogtoo is offline   Reply With Quote
Unread 01-15-13, 03:29 AM   #2
Dolby
Every day I'm shuffling
 
Dolby's Avatar
Premium Member
WoWInterface Admin
Join Date: Feb 2004
Posts: 1,925
Thanks for the report. On 1/12/13 the addon auctionator had a trojan (since we dont host that addon: http://www.curse.com/addons/wow/auctionator#c4438 and as you can see its now clean). This trojan required that you click on the folder auctionator.lnk which is highly unlikely any one would do. It looks like the author only removed the auctionator.lnk file but not the thumbs.db folder.

I have put it on hold until the offending files are removed and contacted the author. You need the auctionator.lnk file to execute the trojan which the author removed but just forgot the thumbs.db folder, so it is safe.

It looks like virus scanners are finally starting to pick this up.

Last edited by Dolby : 01-15-13 at 01:53 PM.
Dolby is online now   Reply With Quote
Unread 01-15-13, 01:51 PM   #3
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,865
Kaelten said a hacker got in there and uploaded the infected file. Did that happen here as well?

A hacker got access to two accounts and used one of them to upload the virus laden file. I've tracked down about five ip addressed and blocked them all, and as of right now it appears to be the only file he infected.
__________________
♪~ ( ) I My Sonos!
Petrah is offline   Reply With Quote
Reply

Go BackWoWInterface » Site Forums » Site help, bugs, suggestions/questions » Trojan in UI-pack

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off