Blizzard’s World of Warcraft (WoW) is the most popular MMORPG in the world when it comes to number of subscribers. Their press release boast of 12 million paid subscribers (Source: Blizzard.com October 2010). Given the upcoming launch of World of Warcraft Cataclysm this December 7, 2010 I am expecting that Activision-Blizzard will shatter PC Games sales record again (as they had done so during the The Burning Crusade and Wrath of the Lich King expansion releases).

I am always excited when Gaming and Tech and Security topics collide. So as promised in my earlier WoW post, I will be posting my personal thoughts to my malware blog article. So let’s get started!

First, I will introduce to you the most common World of Warcraft cheats: free wow mount and free wow gifts via in-game chat/whisper scam.

Quoting my malware blog article:

An unsuspecting player will receive an in-game chat/whisper from an unknown player offering free gifts (usually in-game pets, riding mounts, and vehicles) that they can avail of by registering at the website that is included in the chat message.

We will not run out of example of this free wow pet, free wow mount, and free wow gift scam.

For the basic free rare mount from Blizzard like this:

To a more detailed and tempting offer: Free Celestial Steed! Any takers here?

Or just some plain: You just got too lucky and claim your free gift

These chat whispers (and their accompanying phishing websites) are sprouting much faster than how infused mushroom respawn in Dalaran Sewers :)

But what is much interesting is the use of WoW postal system (more commonly known as the in-game mail system.) In this new trickery the phishing websites are sent via WoW in-game mail and is received by players in their in-game mailbox:

The scammy mail message is really full of surprises :)

subject:

Blizzard

Message:

Surprise!
You get a system test pet of Wings of Liberty of Deathy!
Please Visit:
hxxp://www.<blocked>-ctmtest.com

The message content is very enticing as it combines several elements from other Blizzard games:

  • Wings of Liberty refers the Starcraft 2 game that Blizzard launched last July 2010.
  • Deathy may refer to 2 things: the Black Dragon Aspect Deathwing, the major antagonist in the upcoming WoW Cataclysm expansion. Or maybe to Deathy, the murloc pet companion connected with Blizzcon 2010 event

The phishing website URL contains the strings worldofwarcraft and an abbreviated Cataclysm to add to its supposed credibility. This is a common technique in malicious websites that may be related to website typo-squatting.
The common strings that I have observed in this and other malicious WoW websites are Warcraft, WoW, World of Warcraft, Cataclysm, gift, free, mount and battle.net. Just do some misspelling and mixing and matching them together and Voila! A New _WoW_ scam website domain is born!

I will be discussing the “Posing as figures of authority” angle in the next wow post, as this will be a free wow cheats series just like my (free cafe world cheats series, my free social city cheats series and my free petville cheats series)

Some Free WoW advice though:

  1. Beware of this free wow cheats and free wow gifts offers as it may lead to online game account theft. This is a security risk for you and your precious WoW and Battle.net account.
  2. For any Free Wow Stuff offer with that you may encounter just: Think about this: TINSTAAFL: There Is No Such Thing As A Free Lunch. In my opinion this is applicable even in the World of Warcraft.
  3. WoW Cataclysm launch is getting near. The excitement level of WoW gamers are so high… and so are the risks. I am predicting that more WoW scams and more WoW phishing websites will surface as the final Cataclysm launch day draws near! So be extra careful!
  4. And last but not the least: Always stay on the safe side and do safe computing, safe web surfing and safe online gaming! Better safe than sorry OK?

That’s all for now!!!

Hope you like my World of Warcraft WoW blog post :)

Before I end this post, some disclosure:

I work at Trend Micro. The post I have here in menardconnect.com are my own personal views (and does not reflect the views/stand of my employer). To know more about me, kindly visit my about page. To know about this blog’s disclosure policy kindly visit my disclosure page.

Image credits:
Figures 1 and 2 -Trend Micro Malware Blog

WoW Cataclysm Box Image – Blizzard.com