Frackin script kiddies!!
Bill Bogstad
bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Thu Aug 5 20:25:46 EDT 2010
On Thu, Aug 5, 2010 at 3:15 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On Aug 5, 2010, at 1:47 PM, Bill Bogstad wrote:
>>
>> This statement rather surprised me. From what I can tell from some
>> quick web searching, the "MitM" WoW attacks which are happening are
>> key loggers/trojans running on the end user system.
>
> Blizzard recently stepped up the Authenticator removal mechanism by requiring two consecutive Authenticator codes. In response, the account thieves are stepping up their game, too. The newest form that I'm aware of shims itself as a proxy between the Warcraft client and servers. It captures credentials and first authenticator code then returns a failed login code prompting the unwitting victim to enter credentials and code again. Bang, account compromised and stolen.
That still sounds like it is running on one of the end points
(client). In order to do that the end point has to have already been
compromised. That's very different from manipulating the
communications path between two secure end points.
Bill Bogstad
More information about the Discuss
mailing list