Frackin script kiddies!!

Fri Aug 6 14:27:53 EDT 2010

On Aug 6, 2010, at 12:46 PM, Derek Martin wrote:
> 
> It's still not a MITM, because even if you consider the game client
> the end point, then it's the endpoint itself that's been compromised.
> What you have is a trojan, plain and simple.

This is true for key logger attacks.  This new type of exploit inserts itself into the host system as a network proxy.  It listens to connection requests from the client and passes them either to the real Blizzard servers or fakes -- I'm not precisely sure which it does, or if it does both depending on some hidden switch somewhere.

To address Bill's point about frequency: it's that the black hats are using more and more sophisticated attacks.  Today it is Warcraft accounts -- which, silly as it may sound on the face of it, are worth a lot of real-world money.  Tomorrow it will be something more immediate, perhaps Citi or Bank of America.

--Rich P.