Trojan in UI-pack

fogtoo · 01-15-13, 02:16 AM

Couldn't find anywhere to post this, but I found a trojan in this UI pack here:
http://www.wowinterface.com/download...-GanazaUI.html

http://www.f-secure.com/v-descs/trojan_w32_antiav.shtml

***Dolby*** · 01-15-13, 02:29 AM

Thanks for the report. On 1/12/13 the addon auctionator had a trojan (since we dont host that addon: http://www.curse.com/addons/wow/auctionator#c4438 and as you can see its now clean). This trojan required that you click on the folder auctionator.lnk which is highly unlikely any one would do. It looks like the author only removed the auctionator.lnk file but not the thumbs.db folder.

I have put it on hold until the offending files are removed and contacted the author. You need the auctionator.lnk file to execute the trojan which the author removed but just forgot the thumbs.db folder, so it is safe.

It looks like virus scanners are finally starting to pick this up.

Petrah · 01-15-13, 12:51 PM

Kaelten said a hacker got in there and uploaded the infected file. Did that happen here as well?

A hacker got access to two accounts and used one of them to upload the virus laden file. I've tracked down about five ip addressed and blocked them all, and as of right now it appears to be the only file he infected.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode