Monday, June 7, 2010

Patch Your Flash!

Blizzard has released an advisory warning all players to update their Adobe Flash Player.  Adobe Flash Player 10.0.45.2 has a vulnerability that may allow an attacker to take control of your machine.

LUCYTR: A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x, and could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at http://labs.adobe.com/technologies/flashplayer10/), does not appear to contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either. 
Adobe reports that it has seen evidence of this vulnerability already being exploited.

Although the technical details are still sketchy, it is likely to require a specially crafted flash or PDF file to trigger the vulnerability.  We have seen this type of attack on Adobe flash before - where you can be infected by a keylogger/trojan by simply visiting a legitimate web page that renders this malicious code or redirects to a malicious site containing the code.

Unfortunately, Adobe don't seem to have this fix on their auto-update system so be sure to visit Adobe's Security Page and patch your machine with v10.1 today.

Thursday, June 3, 2010

Phishers Ramp Up Their WoW Assault

Phishers have begun targeting the remote auction house and cataclysm betas in the latest wave of WoW account phishing spam.

In the first example, unsuspecting users receive an email promoting the features and benefits of the remote auction house and invite them to participate in the beta by clicking on a download now link. The link takes them to a fake battle.net login site where their game details are captured.

A sample email is shown below:

























A second type of phishing email is targeting the Cataclysm beta opt-in. Users are sent an email reminding them to update their system specifications to be eligible for a beta invite by logging into battle.net. Naturally, the battle.net link is a fake site designed to collect your account credentials:






















Be wary of any email that pretends to come from Blizzard and check the URL of any linked site before entering your account credentials. Visit our anatomy of a phishing site post for information on how to spot phishing emails and better protect your game account.

Let us know if you have received emails scams like these.